Network Monitoring Software

[Drakkon]

I run my companies small network (10 or so machines) and were haivng trouble lately in that every day our router/firewall just seems to lock up. I've tried multiple different routers and the same thing happens. So i go into the server room, restart the router, and everything is fine and functioning yet again.
So network is setup like this:
cable modem - router/firewalll - server 2003 - company computers on domain

I've looked at routers logs and nothing stands out, i've tried server 2003 network monitor and nothing stands out and its difficult to tell who is who and whos accessing what. So is there any good software for server 2003 that can log network activity by workstation/user? or is there any built in? im no server 2003 admin so ive never gotten deep into it...

 

[netsysadmin]

What model firewall/router do you run?

John

 

[GrammatonJP]

1 min late

 

[spidey07]

what do you men the router/firewall locks up?

That really should never happen.

 

[Drakkon]

run a netgear FVS328 but tried a Linksys befw 11s4 as well and had the same thing happening. I'm not 100% sure its the router necesarily...i just know by resetting the router things get better. it might be the server but as far as i can tell its in perfect working order with no oddities in Microsoft Network Monitor

and by "lock up" i mean i cant get to the router at all. I type in the web address and i cant get to it. I try the seriel port and its a no go. Nothing.

 

[TheSophist]

Did you see any trends such as a consistency in the amount of uptime it has before it locks up? Do the activity lights stay on solid or do they blink? Make sure it is not overheating, do not stack any equipment on top of the device and make sure it has ventilation. I have seen cases where the equipment was configured correctly but placed in a bad location.



TheSophist

 

[Drakkon]

nope everything is open air in a room that stays pretty consistantly between 65-75F...lights are still flashing...everything looks like its functioning...but no way to access router. Uptime is random. Sometimes can go a full day with no problems, other times can go 1 minute then crash again. I've tried it with various comps in the office disconnected and no go. The only time it doesnt happen is when people are vpn in and no comps are on in the building seems like.

So no one wants to just give me an answer to is there software?
Trust me i can go all day with you guys saying what ive done with the router. If you name it ive probobly tried it....

 

[nweaver]

ok, I'll name it...buy a real router....

I use NTOP for my network monitoring stuff, but I don't know how well the windows port works...I would guess like crap, as it tends to be a freaking memory/resource hog, and, well, linux manages it better then windows, especially a minimalistic, dedicated box...

installing ISA would allow you to capture some data, but that's spendy. Getting 2k3 SBS would allow you to setup a small ISAish type thing, iirc.

 

[RebateMonger]

Originally posted by: nweaver
installing ISA would allow you to capture some data, but that's spendy. Getting 2k3 SBS would allow you to setup a small ISAish type thing, iirc.

Well, I was going to suggest ISA to the OP, since you can instantly download a free 180-day trial, but I have no idea what he really wants to capture. ISA will tell you who is sending data to the router. But it won't do a "NetMon" and tell you what's in the traffic. If you want to read the traffic, you could run NetMon on your Server, assuming that all traffic is passing THROUGH your Server.

Drakkon doesn't want any other advice other than monitoring software, so that's about all I can offer.

 

[Pheran]

So I'm confused, why do you have a Windows 2003 server between your router and the rest of your network? If you really think the router is the problem, consider one that will allow you more troubleshooting and flexibility like a Cisco 851 or 871.

 

[Drakkon]

I originally asked here, 2 years ago, what i should do to setup a small network domain with a server to run VPN. I was told modem - router/firewall - server - switch - netowrk comps
So thats why i went with the router/firewall with windows. It seemed kinda silly but it adds another level of security so thats why i went with it. I'd get a cisco one if i knew it was the router, i'd rather spend a little time diagnosing then spending a buncha money to possibly end up with the same problem.

I am running 2003 SBS, ive never seen the ISA option though? is it part of the setup? I also ran netmon, its a little awkward but i can tell whats being passed through. I'm just wondering if there is anything better.

 

[gaidin123]

ISA is only included in the Premium version of SBS.

I'd try and monitor for something like bitorrent or other p2p traffic that opens up a ton of sessions. That can choke some of the home routers. Unfortunately in most of their web interfaces I don't think there's a way to track the active number of sessions.

Is your SBS box or the router/firewall the default gateway for all the client machines? ie which one is doing the NAT?

Gaidin

 

[Drakkon]

SBS box is doing NAT, gateway for all clients.
All internet traffic goes through SBS server.
Nobody in office can get internet without logging into the domain or on the server.
All wireless points are connected to the server.
todas las computadoras conectan con el Internet a través del servidor
i dunno how else to say it

 

[eDRoaCH]

I would first communicate with your ISP, see if they run some sort of periodic sweeps or updates to their equipment that could mess up your network (though it is not supposed to) Also check times. is it always going down around the same time? or same ammount of uptime (as previously asked)

from there, I would put the switch directly into the router. this will help isolate the problem to wether it is the 2k3 machine. its also probably a better setup for access times as more hops = more lag.

also check power issues, maybe putting it on a cheap ups will help. some buildings end up with power issues at say 9am when everyone turns on their computers or other times. Ive even known building managers that turn off the main circut friday nite to make sure nothing stays running -_-;

 

[nweaver]

Originally posted by: eDRoaCH

from there, I would put the switch directly into the router. this will help isolate the problem to wether it is the 2k3 machine. its also probably a better setup for access times as more hops = more lag.

the lag introduced from this is going ot be extremly minimal, and well worth the management/control that he gets from this.

to the OP, I would stick a single machine into the router, into the NAT from it, and then when the network drops, see if it has internet access or not. If it does, start looking server issues, if it doens't, look at the router.

 

[sp43t4r]

Here's my recomendation:

Swing by http://www.openxtra.co.uk/products/freestuff.php and pick up NTOP_XTRA. Install it on some medium end Windows machine. Place a small (4port) HUB (not switch) between your router and your network. Place this new NTOP box on that HUB. Fire up NTOP. NTOP will report all ingress/egress traffic and provide a break down per protocol and end point.

It's an awesome tool. You'll probably find that you have A LOT of things going on that you are not aware of, i.e. P2P File Sharing. Additionally it will help you identify any machines that may be infected with spyware or trojans as you'll see the traffic they are generating back home.

Give it a shot.

JMB

 

[Smilin]

Just out of curiosity, what is the version of tcpip.sys on your 2003 machine (found in system32\drivers)

 

[Thoreau]

The server DOES have a static IP on the WAN side, right?

 

[Thor86]

Make sure you have the latest firmware for your router. Also, what is your ISP providing you in terms of connection, is it a PPPoE or straight ethernet?