Diagnosing Mystery Network Issues

Is a specific service or protocol running slow? Are certain online services not working correctly? Can some users not connect to WiFi? Is one specific area of the network dropping packets at an unusually high rate?

Sometimes issues come from places we can’t put a finger on. So, what do you do when issues are tough to diagnose? The best approach is to methodically narrow potential issues down and find the true cause.

There are also tools available to help you identify issues and alert you to potential issues in the future.

Check Connectivity

First, make sure the issue isn’t local to only one machine or website. If possible, try a restart of your equipment. Sometimes a reboot can solve issues like memory leaks, slow machines or not connecting to WiFi.

Next, check your WAN and LAN connections. And don’t overlook physical connections for wireless access points and wireless router ports. You can also try using a new Ethernet cable or checking that right cables are being used, for example some WAN ports use crossover cables.

Use tools like Ping to check connectivity, Traceroute to determine the route the packet takes and the response time, and speedtest.net and pingtest.net can determine available bandwidth and the quality of a connection. You may also consider using a WiFi analyzer to identify causes of interference.

Check the Logs

If it isn’t a connectivity issue, your next step is to check the logs. Centralized log management tools are invaluable for identifying and troubleshooting network issues. Network device logs are collected and stored in a centralized repository and then analytics are applied that identify network issues.

Centralized log analysis speeds up the troubleshooting process and helps solve even complex and difficult to pinpoint issues. Most logging systems offer automated alerts based on specific triggers.

While you’re at it, make sure that your logging is set up correctly and effectively. Network device logs are a critical tool to help troubleshoot and analyze network outages. The last thing you want is to discover that your logging isn’t sufficient when you’re trying to figure out why the network is down.

The most common centralized log management tools are Splunk, Sumo Logic, Datadog and LogPacker, but there are several options available. Most offer data visualization, dashboards and custom reporting so you can see network health at a glance.

Analyze the Network

If nothing in the logs indicates an issue, you may need to dig further. For troubleshooting difficult to diagnose network issues, a network analyzer can investigate data flows at the packet level.

You can use it to identify communication issues, latency issues and other problems. It provides statistics for network activity, detects unusual network traffic or packet characteristics, identifies packet sources and destinations and searches for specific data strings in packets, it can also monitor bandwidth utilization.

A network analyzer can be a supplement to other security tools like anti-virus programs, firewalls and spyware. Some popular network analyzers are Wireshark, Ethereal and Observer.

Get an End-to-end View

If you’re still struggling to diagnose your network issue, consider getting an end-to-end view of traffic flows. A collection server using Netflow protocol can capture IP network traffic data and use analytics to identify issues.

You can configure enterprise routers and switches to send flow data to a centralized Netflow collection server. Once the data is collected and indexed, you can use Netflow tools to dig into the data. Netflow analytics can track the most used applications, hosts and detect changes in network flow behavior to spot high bandwidth usage.

There are several Netflow analyzers available, including open-source. SolarWinds, ManageEngine and Wireshark offer Netflow analyzers. Solarwinds even offers a free 30-day trial with full functionality.

Look at Device Health

Lastly, consider that the issue may not be the network, but an actual equipment failure. In addition to monitoring the network, you should also be monitoring your infrastructure equipment, network devices and interfaces.

Using a Simple Network Monitoring Protocol (SNMP) tool, you can set up alerts to notify you when an interface or device fails. Also, by collecting bandwidth utilization information to set a traffic baseline, you can identify potential issues when the data flow exceeds the baseline.

Many network analyzers use this protocol and can use the collected data to create alerts. These tools can also generate reports, display status and graph trends over time. SolarWinds offers a Network Performance monitor that uses SNMP, as does ManageEngine. Other SNMP tools include WhatsUp and PRTG from Paessler.

No matter what the mystery issue is, odds are someone else has experienced it and there is a tool available to help you solve it.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.