This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can someone assist in deciphering my capture?

0

I am trying to find out what is going on with our network. At certain times of the day, not always a set time, but at times the network loses connection on random workstations, but it only loses connection on certain parts of the network and not other parts of the network. For example, we still have internet and we can print and view other parts of the network, but not all of it. Also, a reboot of the workstation brings everything back.

I have been recording during the times of when we are getting failures, but I don't exactly know what I am looking for or at least I don't see anything specific wrong going on.

Any assistance would be greatly appreciated!

asked 18 Apr '11, 07:56

h4rd2g3t's gravatar image

h4rd2g3t
1111
accept rate: 0%

edited 05 May '11, 05:05

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142

Would you consider making a trace file available for people to look at?

(04 May '11, 21:17) lchappell ♦

One Answer:

1

It's a little hard to answer you're question, as it doesn't tell much about the network.

  • Is it a small network with only one subnet and everything directly connected (at L2)? If so, I would look for ARP and ICMP packets and see what they tell you.

  • Or do you have a large network with many subnets? Then you might want to look at the routing tables at the time of trouble.

  • Are your networking devices redundant? Then you might want to check whether there is asymetric routing going on.

It all depends on the situation you are in and the pattern of outage that you have. For instance:

  • What is the relationship between the failing devices and how does that compare to the devices that are still reachable
  • What is the relationship between the clients that have problems and how does that compare to the clients that do not have the problem).

All that information helps you to get a grasp of where the problem might be caused.

answered 07 May '11, 03:28

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%