traffic analyzer

[doobr1e]

i have a slow responding wan link - its a frame relay 256k link and ping and
tracert are giving me respone times generally around 1000ms. other sites on
similar wan links to the same central location are giving 20 - 40ms reponse
times. in troubleshooting this my supplier is saying traffic is exceeding
the 256k by 140% witch is why we are seeing the slow responses over the wan.
ive been around every machine and checked for adware, uptodate antivirus,
any unauthorised software running etc and found none, were well patched too
with windows updates.

after working hours still see's the same results on slow link so i want to
be able to see where this traffic is coming from at the least so i can
target the specific machines involved. it may be active directory
replication or dfs share replication which is why i see the same results
when all clients machines are off as only the servers are up ....

what tools are available for this - anything not requiring a complete
reference read up would be useful given time restraints. initially just
basic info such as which source ip address is either sending or requesting
info and type if tcp/udp or port info, etc .....

...... would some form of basic linux distro installed to a machine with a
couple network cards in allow the data to flow through to the router whilst
taking full logs of it all or is there a more straight forward way?

 

[Danny Slye - [MSFT}]

You could use Network Monitor which comes with Windows 2000 Server or you
could use Ethereal; free download from www.ethereal.com. You could run it
from a host on a hub with the Router or you may be able to configure your
switch to "mirror" the Router's port to another port. XP has a
command-line packet capture utility called netcap that installs with the
Support Tools this produces a capture file that can be read with Network
Monitor, Etheral or other Sniffers.
--------------------

i have a slow responding wan link - its a frame relay 256k link and ping and
tracert are giving me respone times generally around 1000ms. other sites on
similar wan links to the same central location are giving 20 - 40ms reponse
times. in troubleshooting this my supplier is saying traffic is exceeding
the 256k by 140% witch is why we are seeing the slow responses over the wan.
ive been around every machine and checked for adware, uptodate antivirus,
any unauthorised software running etc and found none, were well patched too
with windows updates.

after working hours still see's the same results on slow link so i want to
be able to see where this traffic is coming from at the least so i can
target the specific machines involved. it may be active directory
replication or dfs share replication which is why i see the same results
when all clients machines are off as only the servers are up ....

what tools are available for this - anything not requiring a complete
reference read up would be useful given time restraints. initially just
basic info such as which source ip address is either sending or requesting
info and type if tcp/udp or port info, etc .....

..... would some form of basic linux distro installed to a machine with a
couple network cards in allow the data to flow through to the router whilst
taking full logs of it all or is there a more straight forward way?

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!