Is this a windows ActiveDirectry system ? If so, I think you have the wrong DNS entry in the PC that see long delays.
You use the word "switch" and I suspect they are really routers. Are they all on the same subnet ?
I imagine there could be other DNS/WINS problems.
Does office 1 access the NW server ?
I've seen problems when inexpensive equipment intended for cookie-cutter configurations get used in ways that are not shown in the manufacturer's glossy literature, as you are.
I've been burned connecting a cheapo switch to a Big Name switch (Cisco in my case) and the Most Senior network engineer I know has taught me that doing switch-to-switch connections on the cheap is a No-No. He insists the the cheap end be a hub. FWIW.
First, run virus, adware, and spyware scans on _everything_ for which you have a utility available. If you've got malware of some sort broadcasting tons of traffic on your LAN then nothing's going to work right until you fix that.
Ping each computer from each other computer and see if there is unusual latency in either direction. Download a copy of qcheck , install it on a Windows box, read the readme, and download the appropriate endpoints from the link in the readme, then see what speed you're really getting between machines and if you're getting the same speed both ways--if you're not then find out why--most common cause would be a configuration error--either speed or a duplex mismatch.
Windows server includes a tool called "network monitor". Go into the Windows Server help and search on that and install it on your servers and then watch the traffic going to and from them and see if you're seeing anything coming in or going out that doesn't get a response. The free version only monitors traffic to and from the server on which it is installed, which is a significant limitation, but it's still a useful tool.
There's a tool called "Ethereal" which is a general-purpose network analyzer similar in purpose to "network monitor"--ethereal is a free download--install it on one of your machines that is experiencing the slowdown and watch the traffic and see if it's sending anything for which it is not getting a response or receiving anything to which it should be responding and isn't.
With those tools and some time you should be able to identify most network problems--the trouble is that they're complex tools and it takes time to learn to use them--there's a book, "Ethereal Packet Sniffing"
which may help. While you're about it, if you haven't already read them try "Ethernet the Definitive Guide" by Charles Spurgeon
and "TCP/IP Illustrated" .
If you don't already have managed switches (and if you did and knew how to use them you'd already know whether the link between them was the problem--they'll tell you statistics on it) you might want to consider picking up a couple of them off of ebay--Catalyst 2924s go for under $200 and sometimes under $100. I see Procurve 4000s, which for your use are serious overkill but a bit noisy, for about the same.
If the OP has two switches then using a traffic monitor will be impossible unless the switches have management. If the switches have management then you'll get counters, which might show something interesting.
Assuming dumb switches I think the blinkenlights are as useful. If the lights are not blinking he's got a problem with a timeout, not a high traffic problem. DNS problems would show up as the former. If you do have lots of blinking lights then the traffic monitor on a Windows box may tell you something but because you have a switch it can only see it's own traffic. ISTR that MS Monitor had software that could be installed at other points in the network and feed data back to the server for aggregation and analysis. That would solve the switch limitation.
You can use perfmon.exe on any Windows box (except 98/me/dos) to analysis in great detail what it's doing.
If your server (CPU and disk as shown by permon) is idle and the lights are not blinking then you do';t have a capacity problem, you've got a network design problem. IMO probably DNS.
You can put ethereal on each and every box (except NW) and analysis the traffic and protocols.
Agreed. Procurve boxes have a lifetime warranty so you can't go wrong. As for my issue with cheap/noname switch-to-switch connections, If you match brands, HP or Cisco you should be OK.
If he's trying to monitor traffic on the entire network this is true. However if he has a specific machine that is having problems then monitoring traffic to and from that specific machine, which can be done by putting the monitoring software on that machine, can sometimes tell a great deal about its specific problem.
They can tell you that "something is wrong"> If
If the problem is internal to the machine. If it's sitting waiting for a response that never comes perfmon may tell you that it's waiting but it won't necessarily tell you what it's waiting _for_.
Possibly. Or possibly something specific to Windows.
Office 1 - approx 12 PC's Switch 1 - router- internet | ~ 50 metres | Switch 2 Office 2 - approx 30 PC's plus 2 x Windows servers + 1 Novell 3.12 server (IPX)
All Cat5e structured cabling.
Virtually all traffic is from PC to one or other of the servers in Office 2. There are some networked printers in the system.
Traffic load should be relatively low. One central database on SQL server on one server, Word Processing and Exchange on the other and a small DOS application serving 4 users in Office 1 on the Novell server. Some but not heavy internet access via Switch 1.
Office 1 staff experience regular delays of sometimes up to a couple of minutes opening files or running an application.
The link between the switches is 100mbit (as is the rest of the network except the 10mbit cards in the Novell server).
There is a second cable running from Office 1 to Office 2 but that has not been connected and I'm not sure whether it is good practice to have a parallel run.
One company has recommended to upgrade the link to a gigabit line but I find the logic hard to follow since the servers will still have
Replacing the noname switch with a hub is easy if you have one on hand, and they are _really_ cheap on ebay. I can't see a 10/100 hub being a serious bottleneck for the small site. It gives you a place to plug a PC running etherreal. This is a long shot.
Do you have Activedirectory on your windows servers?
ActiveDirectory makes very specific requirement for DNS services and the symptoms if you don't comply include long time delays. The easy way for a small site to comply is to make one of your windows servers your DNS server and point all the other machines at it.
I keep coming back to DNS/WINS problems. If you are not AD then who are you using for DNS ? Putting a name/ipaddress entry for all your servers in /etc/hosts on all your machines is one low-rent way to fixthings for a small network. If that improves things then you need to set up a real dns server and put things right.
Is the symptom in office1 reproducable on a specific PC ? If it is then carry the PC to office2, plug it in and see if the problem remains. If it/s on all machines or random, that tells you something but I don;t know offhave what it is.
If you unplug your ISP connection do the symptoms change ?
I think you'll find it very helpful, both because it can collect statistics on port traffic and because it will let you set up a monitoring port that lets you see all network traffic that goes through that switch.
Ouch! This sounds like a config (DNS/WINS) problem. I hope you're not running NETBIOS.
One longshot -- you mentioned "structured cabling". Are you sure it's good? Proper Cat5e jacks and factory patchcords? All field/home-crimped plugs are suspect. Splitting a pair is too easy. High data errors in one direction usually result.
Do a netstat -e on all your boxes. If the error counters are zero or single digits you don't have a cable problem. If they are higher you may have a cable problem or something else but you'll have narrowed down the problem.
IMO the back-to-back noname switches may be a problem with the IPX broadcasts. This can be proved by moving a problametic PC to site2 and hooking ot up to the local LAN. I
The OP has not described what tests and results he has. I'd expect that by now he's ruled out physical cable problems and sypware. If not then I suspect he's not troubleshooting methodically.
As for traffic analysis, I expect he's either got too much (saturating a respurce) or zero traffic flowing between a problametic PC and a server. I vote for the latter in which case he may have a multiprotocol stack binding proble, or DNS or WINS. None of which I am really good at troubleshooting.
Never had that complaint before. Is it because you replied to my reply to J. Clarke and not my reply to you which I thought was reasonably sensibly snipped in the context of your comments? :)
The machines are running Novell's Client32 which has Netbios for IPX/SPX. There is no Netbios in use against TCP/IP .
I was sure. Reputable and long standing specialist cabling company {not the local electrician :) }. I believe they supplied their own patch cords pre-made. No hardship to swap a few around though.
Aren't those at least partially broadcast protocols? I'm not very familiar with them, but it sounds like there maybe a response issue (not fast enough). Can you tune any parameters?
Well, there is both kinds of traffic on the network. Browsers re pure TCP/IP and so [usually] is email.
Both ? Either ? I'd guess that by themselves the noname switch and AT would handle IPX and broadcasts OK, and AT is an OK brand. It's the combination. I don't want to make too much of this, but I've seen noname LAN equipment miss behave wne used in ways the manufacturer did't anticipate, and it's easy to swap a switch out for a hub if you have a replacement.
Unknown protocols would't worry me offhand, expecially when you've got an IPX box on the LAN. YOu should always show these numbers with the overall numbers to get an idea of percentage.
If you're going to be a LAN technicial you should have a laptop with etheral (and other tools) on it and a small 4 port 10/100 HUB in your bag. YOu can always insert this hub in-line in a CAT5 circuit you need to monitor and this will give you a jack to plug the laptop into.
You can buy hubs on eBay. Warning. Some items desribed as a hub are really switches. When you buy one confirm for your self that is really is a hub. The only cost a few bucks.
Is it primarily the noname that you suspect or also the use of back-to-back switches?
I'm not located on-site. Therefore at this stage it is an exercise of gathering information, putting together a plan and looking at those things that I can remotely.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.