1.
Investigate double-sided captures for delay
Take
packet captures from each side of the network
conversation and use MultiHop Analysis within Expert Observer
to investigate
whether any of the segments are the source of delay. Learn
how to set up MultiHop Analysis.
2. Calculate
TTL (time-to-live) value to know how many hops
If you’re troubleshooting network delay between remote
offices, you need to identify where delay is occurring. If you know on
average
packets take 13 hops when in route from a remote office to headquarters
and now it’s taking 20 hops, this would point to the source of delay.
The number of hops
that occur over a route is determined by calculating the difference
between the
TTL values from the source to the destination. Having determined the
number of
hops, we’ll see if any of the hops are causing fragmentation.
3. Configure
filters to look for fragmentation fields in the
header with More Fragments
or Don’t Fragment
bits set
Fragmentation
issues cause packets to be unnecessarily
chopped into multiple packets thus increasing workload and delay.
Packets with
the More Fragment
bit set may indicate that a router along the path is
fragmenting packets. While packets having the Don’t
Fragment bit set
could get dropped by a router that is needing to fragment the packet,
causing
re-transmitted packets.
4. Build
filters to search for ICMP messages
If
a router throws a packet away with the Don’t Fragment
bit set, it will notify the sender via ICMP
(Internet Control Message Protocol).
The message can determine the exact
nature and source of the problem. ICMP messages other than pings
indicate
potential issues
with the subnet mask, routing, default gateway, or QoS.
| ICMP
Message |
Likely
Issue |
| Redirect
for Network |
Default
gateway incorrectly configured |
| Redirect
for Host |
Subnet
mask incorrectly configured |
| Port
Unreachable |
Application
port not listening or responding |
| Host
Unreachable |
Have
route but box not answering ARP request |
| Protocol
Unreachable |
ARP
request answered but box not answering specific protocol request |
| Network
Unreachable |
Router
does not have route to reach network |
If
the network layer is determined to
be error free, the next step will be to analyze application delivery
and
performance. To review MultiHop Analysis and advanced application
analysis, read through the Network
Application Performance white paper.
You can also sharpen your network and
application troubleshooting skills by signing up for one of our classes.
Filtering
For ICMP Messages
One
critical step in troubleshooting network-layer issues is
being able to quickly identify the source of delay along a network
route. ICMP
messages provide an easy way to identify the network problem and
source. Create
a filter to identify Redirects and Unreachable errors in Observer using
the
following steps:
1.
In the main Observer console screen, from the menu at the
top of the screen select
Actions and Filter
Setup for
Selected Probe
2.
Click
New Filter from the menu in
the
Active Filters window and title the filter ICMP.
Click OK.
3.
In the Edit Filter window, select Edit
Filter,
Edit Rule As, Protocol
4.
Within the Protocol Filter window, scroll and
select ICMP and then
highlight the desired protocol filter. For this
example, select Destination Unreachable.
5.
To add other ICMP messages to the filter, right-click on
the protocol filter and
select OR then Protocol,
ICMP, Redirect.
Successfully
creating an ICMP filter automates the
error-finding process, and will make it easier for you to assess
whether the
problem is occurring on the network or elsewhere. Remember that you can
apply the filter as a Pre Filter, Capture Filter or Post Filter.
|
.gif){kind=small}
.gif){kind=small}