There’s nothing more frustrating than having to waste loads of your working day because of a slow network. It’s one of the most frustrating IT related problems because it’s pretty all encompassing – from logging in, to sending emails and downloading document those extra seconds turn into minutes and hours over the weeks. If you think that these problems aren’t important remember underlying issues that cause these problems rarely improve, they usually get much worse. I have seen networks where it literally takes 30 minutes to login to a machine, where people are forced to go and do something else simply because their network takes so long to authenticate their username and password.
The problem though is that troubleshooting these issues can be extremely difficult, after all if it was simple someone would have solved it already! One of the common causes of slow networks is packet loss which can be caused by a variety of reasons. Investigating this will require access to any mirror or span ports on the network (which will allow access to all traffic) and a laptop or device with a simple packet analyser. This doesn’t have to be anything complicated or expensive in fact many of the top professionals in this field simply use a free program called Wireshark (previously known as Ethereal).
Then it’s time to start capturing that traffic and looking for the source of the problems. One of the first areas you should investigate is to start looking for TCP error and flow control packets on the network. TCP has quite an extensive error control system built into the protocol and any slow network is likely going to see many of these. For example on slow networks with possible hardware problems you will see lots of retransmission packets where data is resent because it is not being delivered. You’ll also come across duplicate ACKs and the sliding window mechanism of TCP which starts limiting the amount of data sent in packets because of non delivery. Try and focus on these error messages as they will lead you to the possible source of the problems.
Keep an open mind because sometimes the cause may not be immediately obvious and/or related. I once saw a very slow network which actually appeared to cure itself! What was happening was people were using the remote access server to stream videos from Netflix using their corporate laptops and flooding the network with traffic. Suddenly it all got better and we discovered it was due to the fact that Netflix started blocking VPNs and commercial address like this article describes, which solved our issue.
Remember there’s two sides to any connection the client which is transmitting and the destination device which is receiving. Try and keep this in mind as you follow the flow of traffic, remember it’s two sided communication and both devices at each end of the connection will transmit and receive as pat of the process. Using the error control messages from TCP/IP won’t always help you identify the causes of a slow network but they are useful in identifying problems with faulty hardware or applications existing on the network.
Return of US DNS Netflix – http://www.onlineanonymity.org/proxies/the-return-of-us-dns-netflix/