We've all had a complaint that the "network" is "slow" at some point: might be localized to one room (switch) or one computer, might just be Internet (DNS? Browser issue?), might be just one application (long-running SQL queries? AV scan running?).
When you've ruled out obvious system and/or application issues, how do you go about testing a network for slowness or erratic behavior? Do you work your way up the OSI layers? If so, how do go about checking each layer? What do you do to make sure the physical network is ok at an unknown environment? What about too many broadcasts or a broadcast storm? Layer 3 and up? traceroute? Any other tips, methods, ideas? Must-have features and tools (port mirroring, SNMP, monitoring, etc.) for all sizes of networks?
Best Answer
tcpdump and wireshark are your friends.
I find that watching packets on the wire of a 'slow' network vs a 'good' network is usually what pinpoints a problem.
There are many types of 'slow'.
You can track latency to local and internet sites using a tool like SmokePing. (SmokePing can be configured to track ICMP latency as well as service latency from TCP services)
Your switches should track broadcast packets vs unicast packets. Graph that ratio.
I also like to monitor traceroutes (checking domain names of ISP hops between myself 'important' sites).
I hope these comments help.