Category Archives: Network Troubleshoot

A collection of posts to help you troubleshoot a slow network or bad network.

Troubleshoot a Slow Computer Network – Only One Computer on the Network is Slow

Only One Computer on the Network is Slow

Client Computer Network Mask Wrongly Configured
Your network is a class C network, (net-mask, and your client computer has its IP address configuration on a class B network, ( Change the network mask of the client to match the network configuration.

Poor network cards
Bad network cards or bad drivers are very often the reason for poor transfer rates. Test the transfer rate with a different network card.
An outdated computer can also slow down your network transfer.

Bad Network Configuration
DNS Configuration
can be the cause a of slow network connections.
Wrong DNS address in the IP configuration can slow your network dramatically. Your DNS client will try to connect to an inexistent or not working DNS server then give up and try your secondary DNS server. This translates in slowdowns and sometimes even DNS resolution errors.
Fix: Ping the DNS address or, even better, use nslookup and connect to both of your DNS servers to check if they work.

The TCP/IP protocol stack corrupted.

Sometimes no matter what you do you can’t fix the network and this is because the TCP/IP becomes corrupted. The only thing that fixes it is a reset. On older Operating Systems, such as Windows 98 and Windows NT, the fix was to uninstall and reinstall the whole TCP/IP suite of protocols.
Fix: issue the following command to reset it: netsh int ip reset c:\resetlog.txt.

More Than One Default Route
Advanced Lan SettingsA very common mistake is to assign more than on default route to the same computer. Do not confuse load balancing with multiple Default Gateways. You are configuring two network cards, and both of them have a default gateway. This configuration will not work. Usually, a Windows computer will warn you that this is not a good idea, but some users will choose to ignore the warning.
This is a typical problem for laptop users, they connect into the Lan environment and leave the wireless connection on. This will create a lot of problems for corporate users and even for home users.
In order for this type of configuration to work, special routing rules and IP configuration is needed. it is easier to turn the wireless of or have an adapter manager that will automatically do that for you based on your rules.
Advanced Tcp/IP Settings
On a Windows XP there is a way to assign priorities to network cards using a graphic interface. from the Network Connections applet in the Control Panel, click on the Advanced menu and choose Advanced Settings.
On the Advanced Settings window arrange the network cards according to the correct priority.
Another way to achieve this is to change the gateway’s metric for each of the network adapters on the computer. To do this, open the TCP/IP properties on each of the network addapters with a default gateway configured, and click on the Advanced button. On the Advanced TCP/IP Settings window, uncheck the Automatic Metric for the Default Gateway, and enter a value according to your network topology. The lower the metric, the higher the preference for a default route.

This article is part of a five posts series regarding Network Troubleshooting.

Troubleshoot a Slow Network – Slow Server

Slow Server

How do we know the server is slow and the problem is not elsewhere?
Make a file transfer between any two other computers on the network. Compare the measurements with the server’s transfer rates.
What are the reasons for a slow server?
There are many reasons for a slow server. The server is many times the bottle-neck of a network. Here are a few reasons for a slow server:
An average, or below average network card, (you need good quality network cards for a server).
Server Network Card Underutilized. Connect your server on the backbone or on 1GB switch ports to make use of the high speed network card. You probably want to limit all your clients to transfer at 100Mb so that there is no traffic discrimination. If your server and switches support higher transfer rates, (10GB ports), make sure you make use of it.
Slow disks. Poor hardware is many times the main reason. Improper configuration, such as choosing the wrong RAID type, or not using write caching can be another reason.
Too many clients on a server. If too many clients make requests to the same single server this could overload the server and it will perceived as a slow network by the users. Measure your server’s performance on load using the performance logs and alerts and the system monitor in Windows. Usually the performance is changing over the course of a day based on the number of users who access the server at the same time. Sometimes adding another network card would be sufficient. Enabling cache writing on the SCSI card can help a lot, (make sure you install a cache battery), adding a new SCSI card and additional disks to offload the existing ones could be of help. Sometimes adding another CPU can make a difference, (if you have free CPU slots). Memory is very often the most used method of upgrading, but most of the times it is not the needed solution. Use the performance logs and alerts and the system monitor and compare with the recommended thresholds to determine what your bottleneck is.
Slow server response, (packet sniffer to determine the handshake time), Adjust the server’s configuration to optimize the handshaking time; (this is a fairly advanced optimization task).

This article is part of a five posts series regarding Network Troubleshooting.

Troubleshoot a Slow Network – The entire Network is Slow

The Entire Network is Slow

If the entire network or a part of the network is slow, this could be a strong suggestion for a faulty switch or a miss-configuration.

Poor network equipment
Usage of hubs is not recommended, (hubs are prone to collisions by design)
Cheap switches that cannot handle the total needed bandwidth. The switch’s chip can handle 100Mb/s for 12 ports, but the switch has 24 ports and all are connected. For low network usage this is not a problem, but if your network usage spikes, your switch will not be able to handle the bandwidth. The quick fix in such situation is to power off the switch for a few minutes and then power it back on.

A loopback is a network cable that has both ends connected to the same switch. If it’s a managed switch activating loop protection on all the ports could fix the problem. You can look on the switch’s log file for excessive broadcasts and isolate the two ports that are in loop. If you don’t have managed switches you can use a packet sniffer to determine if there’s a loop. A wrongly configured Spanning tree could cause a loopback.
FIX: Check all the patch-cord connections in the faulty switch. Check for patch-cords that have both ens into the same switch. Check for more than one patch-cord connecting the same two switches.
If you have cascaded switches it is normal to be slower for the devices in the cascaded switch but is not normal for the devices that are not cascaded. Check if any cascaded device is not connected on two ports on the wall, (usually the ports on the wall go to the network room). Your cascaded switch makes a loop into the upper level switch.

Bad Network Configuration
DNS issues
can cause a lot of slowdowns.
One common error is to use your ISP’s DNS server inside your Active Directory network. Your Active Directory computer members will try to resolve internal names by querying your ISP’s DNS. Those records don’t exist outside of your network.
Fix: For all of your Active Directory network clients remove any entries for your ISP’s and use only internal DNS servers. Configure your ISP’s DNS server as a forwarder on your AD DNS servers.

Network switching equipment wrongly connected is the reason of slow network for many small networks. Typically this happens when a small switch is connected to the router. When the switch becomes too small for a growing network, the first impulse is to connect the computers into the router directly.
: Install a switch that will accommodate all of the computers in the network. Disconnect any computers connected directly into the router.
Note: It is normal for the wireless connected computers to have slower transfer rate than the wired ones. Most of the wireless routers and adapters function at 54Mb per second. If your router is a modern router, (100 Mb or faster), and you still don’t get the expected transfer rates, you should revise your configuration as above.

Broadcast storm
You can efficiently detect a broadcast storm using a packet sniffer or a managed switch. With a packet sniffer you need to look for large numbers of broadcast/multicast (more than 20% of the total traffic it is an alarm signal). Locate the retransmission packets and search for the source MAC address. Disconnect the problem host.
If you suspect a broadcast storm in your network and you don’t have a managed switch or a packet sniffer, you can run download and upload tests by systematically disconnecting all of your computers in the network one by one. This is only practical in small network environment.

Virus Attack
A lot of connections originating from the same MAC address, to the same destination port, but for different destination address, and in short intervals.
Fix: Determine the source address of these connections and disconnect the suspect hosts. Run an antivirus scan on the computer before plugging it back. There are a few ways to determine the source of a virus. Use a packet sniffer, look on your managed switch for the ports with the most traffic and confirm it on the suspected computer by issuing the command “netstat -a -b”, (on a Windows machine). The command will show you which ports are active and which program, (executable), is using the ports.

This article is part of a five posts series regarding Network Troubleshooting.