Tag Archives: Entries

Troubleshoot a Slow Network – The entire Network is Slow

The Entire Network is Slow

If the entire network or a part of the network is slow, this could be a strong suggestion for a faulty switch or a miss-configuration.

Poor network equipment
Usage of hubs is not recommended, (hubs are prone to collisions by design)
Cheap switches that cannot handle the total needed bandwidth. The switch’s chip can handle 100Mb/s for 12 ports, but the switch has 24 ports and all are connected. For low network usage this is not a problem, but if your network usage spikes, your switch will not be able to handle the bandwidth. The quick fix in such situation is to power off the switch for a few minutes and then power it back on.

A loopback is a network cable that has both ends connected to the same switch. If it’s a managed switch activating loop protection on all the ports could fix the problem. You can look on the switch’s log file for excessive broadcasts and isolate the two ports that are in loop. If you don’t have managed switches you can use a packet sniffer to determine if there’s a loop. A wrongly configured Spanning tree could cause a loopback.
FIX: Check all the patch-cord connections in the faulty switch. Check for patch-cords that have both ens into the same switch. Check for more than one patch-cord connecting the same two switches.
If you have cascaded switches it is normal to be slower for the devices in the cascaded switch but is not normal for the devices that are not cascaded. Check if any cascaded device is not connected on two ports on the wall, (usually the ports on the wall go to the network room). Your cascaded switch makes a loop into the upper level switch.

Bad Network Configuration
DNS issues
can cause a lot of slowdowns.
One common error is to use your ISP’s DNS server inside your Active Directory network. Your Active Directory computer members will try to resolve internal names by querying your ISP’s DNS. Those records don’t exist outside of your network.
Fix: For all of your Active Directory network clients remove any entries for your ISP’s and use only internal DNS servers. Configure your ISP’s DNS server as a forwarder on your AD DNS servers.

Network switching equipment wrongly connected is the reason of slow network for many small networks. Typically this happens when a small switch is connected to the router. When the switch becomes too small for a growing network, the first impulse is to connect the computers into the router directly.
: Install a switch that will accommodate all of the computers in the network. Disconnect any computers connected directly into the router.
Note: It is normal for the wireless connected computers to have slower transfer rate than the wired ones. Most of the wireless routers and adapters function at 54Mb per second. If your router is a modern router, (100 Mb or faster), and you still don’t get the expected transfer rates, you should revise your configuration as above.

Broadcast storm
You can efficiently detect a broadcast storm using a packet sniffer or a managed switch. With a packet sniffer you need to look for large numbers of broadcast/multicast (more than 20% of the total traffic it is an alarm signal). Locate the retransmission packets and search for the source MAC address. Disconnect the problem host.
If you suspect a broadcast storm in your network and you don’t have a managed switch or a packet sniffer, you can run download and upload tests by systematically disconnecting all of your computers in the network one by one. This is only practical in small network environment.

Virus Attack
A lot of connections originating from the same MAC address, to the same destination port, but for different destination address, and in short intervals.
Fix: Determine the source address of these connections and disconnect the suspect hosts. Run an antivirus scan on the computer before plugging it back. There are a few ways to determine the source of a virus. Use a packet sniffer, look on your managed switch for the ports with the most traffic and confirm it on the suspected computer by issuing the command “netstat -a -b”, (on a Windows machine). The command will show you which ports are active and which program, (executable), is using the ports.

This article is part of a five posts series regarding Network Troubleshooting.

Preventing Domain Name Spam

What is domain name spam?
Domain Name Spam is a spamming technique where the sender only knows the domain name and he doesn’t have any valid email address in the domain. The technique involves sending emails to all the possible combinations or to a nicely crafted dictionary. The most common addresses in such a dictionary are:
• info@
• mail@
• sales@
• contact@
• contacts@
• root@
• help@
• home@
• contactus@
• enquiries@
• webmaster@
• hr
• shipping
The generic list is actually very long but I won’t include here all of the addresses.
Other possible entries in the dictionary are common names and different combination of these names. Let’s take for instance the name John Doe. A few possible combinations and the most used are: john.doe@company.com, j.doe@company.com, john.d@company.com, johndoe@company.com, etc…
What can you do to discourage and stop this kind of spam?
Set up your email server so it will not accept too many emails from the same server within a specified time frame.
Do not send NDR for unknown recipients, this will inform the attacker about the invalidity of those addresses, this is good information for a spammer. The disadvantage with this is that misspells of an address from a legitimate sender will not inform them about the error.

Use less commonly used prefixes for your email addresses.
Instead of “info@yoursite.com” use “askaquestion@yoursite.com”.
Instead of “webmaster@yoursite.com” use “yourname@yoursite.com”.
Instead of “help@yoursite.com” use “problem@yoursite.com”.
You do want to still keep your email addresses professional and to make sense to your customers. An email address like Egfa13wge2@yoursite.com will fool domain name spammers, but customers will be tempted to delete the email when they see such an email address in the “To” field of their email.
Also, don’t forget that many domain name spammers hope you have your catch-all turned on. This means that even sending an email to “any-address@yoursite.com” will end up in the admin’s mailbox even if that email address doesn’t exist. Unless you have a need for your catch-all to be turned on, you should have it turned off by default.