<html><head></head><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:13px"><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span>Gents, </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span id="yui_3_16_0_ym18_1_1458274279503_33888"><br>Can the customer provide errors and/or symptoms encountered? Can they quantify the problem? <br><br>Example: ping results in latency of 1000ms ... way high latency. I've actually seen negative ping times due to a CPU timing problem.<br><br>What about DNS lookup & resolution? How many network hops to the DNS server? Is the DNS server local or on the Internet? <br><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span id="yui_3_16_0_ym18_1_1458274279503_32241">Consider doing a tcpdump from a linux machine connected to the network. Might need to put the network interface in promiscuous mode first, then run the dump. </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span id="yui_3_16_0_ym18_1_1458274279503_32315">Save the dump file off to a pen drive. Then attach that drive to a laptop with Wireshark, import the dump file & analyse it. This way, you can eliminate the connection of Wireshark to the network as a cause. </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span id="yui_3_16_0_ym18_1_1458274279503_32706">Also, make sure the switches are not wired in a loop. Spanning Tree Protocol can cause a packet storm by forwarding packets in that loop. I've seen VoIP phones do this on a UDP port. <br><br>Other causes to look for: <br><br>Are machines listening on the correct & expected ports? </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span>Verified from another machine using nc? </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span>Firewall ports open? <br><br>As you can see, there are a ton of questions to ask when investigating a problem like this. </span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span>Anyway, my $0.02</span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062" dir="ltr"><span>HTH<br><br><br></span></div><div id="yui_3_16_0_ym18_1_1458274279503_32062"><span><br></span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: lucida console, sans-serif; font-size: 13px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Wednesday, March 16, 2016 9:08 AM, Charles Burton <charles.d.burton@gmail.com> wrote:<br></font></div> <br><br> <div class="y_msg_container"><div id="yiv5222082727"><div><div dir="ltr">I agree, Wireshark in and of itself is passive. A good test would be to plug the laptop in and configure everything like you would be using wireshark but don't actually start Wireshark.<br clear="none"></div><div class="yiv5222082727yqt3132734955" id="yiv5222082727yqt66049"><div class="yiv5222082727gmail_extra"><br clear="none"><div class="yiv5222082727gmail_quote">On Wed, Mar 16, 2016 at 1:10 PM, Bruce Ediger <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:bediger@stratigery.com" target="_blank" href="mailto:bediger@stratigery.com">bediger@stratigery.com</a>></span> wrote:<br clear="none"><blockquote class="yiv5222082727gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><span class="yiv5222082727">On Tue, 15 Mar 2016, David L. Anselmi wrote:<br clear="none">
<br clear="none">
> Or, as Charles suggested, adding Wireshark to the network caused the switch<br clear="none">
> configuration to change, unscrewing whatever was screwed up in it.<br clear="none">
<br clear="none">
</span>I'm unusually unlucky when it comes to cabling, so maybe that's coloring<br clear="none">
my views, but perhaps the act of physically plugging a laptop into the<br clear="none">
switch re-seated a jumper, or moved a broken wire in a cable back into<br clear="none">
contact or something.<br clear="none">
<div class="yiv5222082727HOEnZb"><div class="yiv5222082727h5">_______________________________________________<br clear="none">
clue mailing list: <a rel="nofollow" shape="rect" ymailto="mailto:clue@cluedenver.org" target="_blank" href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br clear="none">
For information, account preferences, or to unsubscribe see:<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://cluedenver.org/mailman/listinfo/clue">http://cluedenver.org/mailman/listinfo/clue</a><br clear="none">
</div></div></blockquote></div><br clear="none"></div></div></div></div><br><div class="yqt3132734955" id="yqt72759">_______________________________________________<br clear="none">clue mailing list: <a shape="rect" ymailto="mailto:clue@cluedenver.org" href="mailto:clue@cluedenver.org">clue@cluedenver.org</a><br clear="none">For information, account preferences, or to unsubscribe see:<br clear="none"><a shape="rect" href="http://cluedenver.org/mailman/listinfo/clue" target="_blank">http://cluedenver.org/mailman/listinfo/clue</a></div><br><br></div> </div> </div> </div></div></body></html>