chapter 15 chapter 15: network monitoring and tuning
Post on 20-Dec-2015
242 views
TRANSCRIPT
Chapter 15
Chapter 15:Chapter 15:Network Monitoring and TuningNetwork Monitoring and Tuning
Chapter 15:Chapter 15:Network Monitoring and TuningNetwork Monitoring and Tuning
Chapter 15
Learning ObjectivesLearning ObjectivesLearning ObjectivesLearning Objectives
Establish network benchmarksEstablish network benchmarks Install Network Monitor DriverInstall Network Monitor Driver Install, configure, and use Network Install, configure, and use Network
Monitor, including setting up filters and Monitor, including setting up filters and triggerstriggers
Install and configure SNMP serviceInstall and configure SNMP service
Chapter 15
Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)
Use System Monitor to monitor a Use System Monitor to monitor a networknetwork
Troubleshoot and tune a networkTroubleshoot and tune a network
Chapter 15
Network MonitoringNetwork MonitoringNetwork MonitoringNetwork Monitoring
Networks are dynamic with changing Networks are dynamic with changing patterns of activity and rapid growth patterns of activity and rapid growth toward more high-bandwidth demandtoward more high-bandwidth demand
Monitoring a network is important to be Monitoring a network is important to be able to distinguish between problems able to distinguish between problems due to the network and problems due to due to the network and problems due to servers connected to the networkservers connected to the network
Chapter 15
Network BenchmarksNetwork BenchmarksNetwork BenchmarksNetwork Benchmarks
Plan to obtain network benchmarks to help Plan to obtain network benchmarks to help with problem diagnosis and planning, such with problem diagnosis and planning, such as:as: Slow, average, and peak network activity in Slow, average, and peak network activity in
relation to the work patterns of an organizationrelation to the work patterns of an organization Network activity that is related to specific Network activity that is related to specific
protocolsprotocols Network activity that is related to specific Network activity that is related to specific
servers and host computersservers and host computers
Chapter 15
Network Benchmarks Network Benchmarks (continued)(continued)
Network Benchmarks Network Benchmarks (continued)(continued)
Network activity that is related to Network activity that is related to workstationsworkstations
Network activity on individual subnets or Network activity on individual subnets or portions of a larger networkportions of a larger network
Network traffic related to WAN Network traffic related to WAN transmissionstransmissions
Network traffic created by particular Network traffic created by particular softwaresoftware
Chapter 15
Windows 2000 Network Windows 2000 Network Monitoring ToolsMonitoring Tools
Windows 2000 Network Windows 2000 Network Monitoring ToolsMonitoring Tools
Network monitoring and management Network monitoring and management tools in Windows 2000 include:tools in Windows 2000 include: Network Monitor DriverNetwork Monitor Driver Network MonitorNetwork Monitor SNMP serviceSNMP service System MonitorSystem Monitor
Chapter 15
Network Monitor Driver and Network Monitor Driver and Network MonitorNetwork Monitor
Network Monitor Driver and Network Monitor Driver and Network MonitorNetwork Monitor
Network Monitor Driver: Enables a Microsoft-Network Monitor Driver: Enables a Microsoft-based server or workstation NIC to gather based server or workstation NIC to gather network performance data for assessment network performance data for assessment by the Microsoft Network Monitorby the Microsoft Network Monitor
Network Monitor: A Windows NT and Network Monitor: A Windows NT and Windows 2000 network monitoring tool that Windows 2000 network monitoring tool that can capture and display network can capture and display network performance dataperformance data
Chapter 15
Server Activities to Monitor Server Activities to Monitor Server Activities to Monitor Server Activities to Monitor
Branchofficenetwork
Telephonecompany
Dia
l-up
line
W indows 2000Professionalwith the NetworkMonitor Driver
Switches
Router
W indows 2000 Serverwith Network Monitor, theNetwork Monitor Driver,and RAS
W indows 2000Server
W indows 2000Professionalwith the NetworkMonitor Driver
Mainbusinessnetwork
W indows 2000Server
Figure 15-1Figure 15-1Using Network MonitorUsing Network MonitorDriver to gather networkDriver to gather networkperformance informationperformance information
on two separate on two separate networksnetworks
Chapter 15
Installing Network Installing Network Monitor DriverMonitor Driver
Installing Network Installing Network Monitor DriverMonitor Driver
To install Network Monitor Driver:To install Network Monitor Driver: Open the Network and Dial-Up Open the Network and Dial-Up
Connections toolConnections tool Right-click Local Area ConnectionRight-click Local Area Connection Click PropertiesClick Properties Click InstallClick Install Double-click ProtocolDouble-click Protocol Double-click Network Monitor DriverDouble-click Network Monitor Driver
Chapter 15
Installing Network Installing Network Monitor Driver (continued)Monitor Driver (continued)
Installing Network Installing Network Monitor Driver (continued)Monitor Driver (continued)
Figure 15-2 Installing Network Monitor DriverFigure 15-2 Installing Network Monitor Driver
Chapter 15
Using Network MonitorUsing Network MonitorUsing Network MonitorUsing Network Monitor
Network Monitor tracks information such Network Monitor tracks information such as:as: Percent network utilizationPercent network utilization Frames and bytes transported per secondFrames and bytes transported per second Network station statisticsNetwork station statistics Statistics captured for a specific interval of Statistics captured for a specific interval of
timetime Transmissions per secondTransmissions per second
Chapter 15
Using Network Monitor Using Network Monitor (continued)(continued)
Using Network Monitor Using Network Monitor (continued)(continued)
Broadcast, unicast, and multicast informationBroadcast, unicast, and multicast information NIC statisticsNIC statistics Error dataError data Addresses of network stationsAddresses of network stations Other network computers running Network Other network computers running Network
Monitor and Network Monitor DriverMonitor and Network Monitor Driver
Chapter 15
Installing Network MonitorInstalling Network Monitor Installing Network MonitorInstalling Network Monitor
The general steps to install Network The general steps to install Network Monitor are:Monitor are: Open the Add/Remove Programs toolOpen the Add/Remove Programs tool Double-click the component, Management Double-click the component, Management
and Monitoring Tools and Monitoring Tools Check Network Monitor ToolsCheck Network Monitor Tools
Chapter 15
Installing Network Monitor Installing Network Monitor (continued)(continued)
Installing Network Monitor Installing Network Monitor (continued)(continued)
Figure 15-3 Installing Network Monitor toolsFigure 15-3 Installing Network Monitor tools
Chapter 15
Starting Network Monitor Starting Network Monitor Starting Network Monitor Starting Network Monitor
The general steps for starting a capture The general steps for starting a capture session in network monitor are:session in network monitor are: Start Network Monitor from the Start Network Monitor from the
Administrative Tools menuAdministrative Tools menu Select the network to monitorSelect the network to monitor Click the Capture button to start capturing Click the Capture button to start capturing
informationinformation Click the Stop Capture button to stop Click the Stop Capture button to stop
capturing informationcapturing information
Chapter 15
Capturing Network DataCapturing Network DataCapturing Network DataCapturing Network Data
Figure 15-4 Network Monitor capturing dataFigure 15-4 Network Monitor capturing data
Total paneTotal pane
Graph paneGraph pane
Session paneSession pane
Station paneStation pane
Chapter 15
Monitoring TipMonitoring Tip Monitoring TipMonitoring Tip
As is true of other monitoring tools, As is true of other monitoring tools, Network Monitor can create an extra Network Monitor can create an extra load on a serverload on a server
Chapter 15
Network Monitor DisplayNetwork Monitor Display Network Monitor DisplayNetwork Monitor Display
Data captured in Network Monitor is Data captured in Network Monitor is displayed interactively in four window displayed interactively in four window panes, but can be customized to show panes, but can be customized to show only one, two, or three panesonly one, two, or three panes
Chapter 15
Network Monitor PanesNetwork Monitor Panes Network Monitor PanesNetwork Monitor Panes
Pane Information Provided in the Pane
Graph Provides horizontal bar graphs of the following: %Network Utilization, Frames per Second, Bytes per
Second, Broadcasts per Second, and Multicasts per Second
Total Provides total statistics about network activity that originates from or that is sent to the computer
(station) that is using Network Monitor and includes many statistics in each of the following categories:
Network Statistics, Capture Statistics, Per Second Statistics, Network Card (MAC) Statistics, Network
Card (MAC) Error Statistics
Session Provides statistics about traffic from other computers on the network which include the MAC (device)
address of each computer’s NIC (see Chapter 2) and data about the number of frames sent from and
received by each computer
Station Provides total statistics on all communicating network stations which include: Network (device)
address of each communicating computer, Frames Sent, Frames Received, Bytes Sent, Bytes Received,
Directed Frames Sent, Multicasts Sent, and Broadcasts Sent
Chapter 15
Viewing a Line-by-Line ReportViewing a Line-by-Line ReportViewing a Line-by-Line ReportViewing a Line-by-Line Report
After data is captured, you can view a After data is captured, you can view a line-by-line capture summary report by line-by-line capture summary report by clicking the Stop and View Capture clicking the Stop and View Capture buttonbutton
Chapter 15
Viewing a Line-by-Line ReportViewing a Line-by-Line Report Viewing a Line-by-Line ReportViewing a Line-by-Line Report
Figure 15-5 Viewing capture summary dataFigure 15-5 Viewing capture summary data
Chapter 15
Capture Summary Capture Summary Window InformationWindow InformationCapture Summary Capture Summary
Window InformationWindow InformationColumn Explanation
Frame Shows the sequence of the frame as it was received, for example the
first frame captured is 1, the second frame captured is 2, and so on
Time Shows when the frame was captured in one of three formats: relative
system time, when the frame was captured after capturing has been
started, or when the frame was captured after capturing was stopped
Source MAC Address Shows the device address of the sending computer
Destination MAC
Address
Shows the device address of the receiving computer
Table 15-2 Capture Summary Window Information
Chapter 15
Capture Summary Window Capture Summary Window Information (continued)Information (continued)
Capture Summary Window Capture Summary Window Information (continued)Information (continued)
Column Explanation
Protocol Shows the protocol used in the transmission
Description Provides the description of the communication
Source Other Address Shows other address information, such as an IP address or a computer name for the
computer sending the frame
Source Other Destination Shows other address information, such as an IP address or a computer name for the
computer receiving the frame
Type Other Address Defines the type of addresses shown in the Source Other Address and Source Other
Destination columns, such as an IP address
Chapter 15
Finding Specific Capture Finding Specific Capture Summary InformationSummary Information
Finding Specific Capture Finding Specific Capture Summary InformationSummary Information
Use the Find button in the capture Use the Find button in the capture summary display to find specific summary display to find specific informationinformation
Chapter 15
Using FindUsing FindUsing FindUsing Find
Figure 15-6 Figure 15-6 Finding Transmission Events Associated with Server LawyerFinding Transmission Events Associated with Server Lawyer
Chapter 15
Monitoring FilterMonitoring Filter Monitoring FilterMonitoring Filter
Network Monitor has a built-in ability to Network Monitor has a built-in ability to configure a filterconfigure a filter Filter: A capacity in network monitoring Filter: A capacity in network monitoring
software that enables a network or server software that enables a network or server administrator to view only designated administrator to view only designated protocols, network events, network nodes, protocols, network events, network nodes, or other specialized views of the networkor other specialized views of the network
Chapter 15
Creating a FilterCreating a FilterCreating a FilterCreating a Filter
To create a filter in network monitor:To create a filter in network monitor: Click the Edit Capture Filter button and Click the Edit Capture Filter button and
click OKclick OK Set the specific parameters by double-Set the specific parameters by double-
clicking any of: SAP/ETYPE, Address clicking any of: SAP/ETYPE, Address Pairs, and Pattern MatchesPairs, and Pattern Matches
Click OKClick OK Continue Capturing dataContinue Capturing data
Chapter 15
Selecting Filter OptionsSelecting Filter OptionsSelecting Filter OptionsSelecting Filter Options
Figure 15-7 Creating a filterFigure 15-7 Creating a filter
Chapter 15
Configuring SAPs and ETYPEsConfiguring SAPs and ETYPEsConfiguring SAPs and ETYPEsConfiguring SAPs and ETYPEs
Figure 15-8 Selecting a protocol to capture in a filterFigure 15-8 Selecting a protocol to capture in a filter
Chapter 15
SAP and ETYPESAP and ETYPESAP and ETYPESAP and ETYPE
Server Access Point (SAP): A service Server Access Point (SAP): A service access point, which specifies the network access point, which specifies the network process that should accept a frame at the process that should accept a frame at the destination, such as TCP/IPdestination, such as TCP/IP
Ethertype (ETYPE): A property of an Ethertype (ETYPE): A property of an Ethernet frame that includes a Ethernet frame that includes a specialized two-byte code used for specialized two-byte code used for particular vendor functionsparticular vendor functions
Chapter 15
Capture TriggerCapture TriggerCapture TriggerCapture Trigger
Besides filtering, Network Monitor Besides filtering, Network Monitor supports using capture triggerssupports using capture triggers Capture trigger: Used as a way to have Capture trigger: Used as a way to have
Network Monitor perform a specific function Network Monitor perform a specific function when a predefined situation occurs, such as when a predefined situation occurs, such as stopping a capture of network data when the stopping a capture of network data when the capture buffer is 50% full capture buffer is 50% full
Chapter 15
Setting up a TriggerSetting up a Trigger Setting up a TriggerSetting up a Trigger
Figure 15-9 Setting up a triggerFigure 15-9 Setting up a trigger
Chapter 15
Troubleshooting TipTroubleshooting TipTroubleshooting TipTroubleshooting Tip
Check the Graph pane for a quick Check the Graph pane for a quick assessment of performance statistics assessment of performance statistics for:for: % Network Utilization% Network Utilization Frames Per Second Frames Per Second Bytes Per SecondBytes Per Second Broadcasts Per SecondBroadcasts Per Second Multicasts Per SecondMulticasts Per Second
Chapter 15
Diagnosing Common ProblemsDiagnosing Common ProblemsDiagnosing Common ProblemsDiagnosing Common Problems
Use Network Monitor to diagnose Use Network Monitor to diagnose problems such as:problems such as: A NIC creating a broadcast stormA NIC creating a broadcast storm Inefficient multimedia applicationsInefficient multimedia applications Problems with bridges, switches, and Problems with bridges, switches, and
routersrouters Problems with particular a workstationProblems with particular a workstation An overloaded serverAn overloaded server
Chapter 15
Finding a Broadcast StormFinding a Broadcast StormFinding a Broadcast StormFinding a Broadcast Storm
A broadcast storm is a situation in which A broadcast storm is a situation in which one or more devices, such as a failing one or more devices, such as a failing NIC, are saturating the network with trafficNIC, are saturating the network with traffic
Use the Network Monitor Broadcasts Per Use the Network Monitor Broadcasts Per Second statistic to help determine if there Second statistic to help determine if there is a broadcast storm and then check the is a broadcast storm and then check the Session and Station panes for the Session and Station panes for the device(s) sending the broadcast(s)device(s) sending the broadcast(s)
Chapter 15
Locating Unauthorized Locating Unauthorized Network Monitor UsersNetwork Monitor UsersLocating Unauthorized Locating Unauthorized Network Monitor UsersNetwork Monitor Users
Network Monitor can create problems Network Monitor can create problems when it is used by network intruders or when it is used by network intruders or unauthorized usersunauthorized users
You can view all of the Network Monitor You can view all of the Network Monitor users by clicking the Tools menu and then users by clicking the Tools menu and then clicking clicking Identify Network Monitor usersIdentify Network Monitor users
Chapter 15
Viewing Network Monitor UsersViewing Network Monitor UsersViewing Network Monitor UsersViewing Network Monitor Users
Figure 15-10 Identifying all Network Monitor usersFigure 15-10 Identifying all Network Monitor users
Chapter 15
SNMPSNMPSNMPSNMP
The Simple Network Management The Simple Network Management Protocol (SNMP) is used to gather Protocol (SNMP) is used to gather standardized network performance standardized network performance information and to control network information and to control network devicesdevices
Chapter 15
SNMP StationsSNMP StationsSNMP StationsSNMP Stations
SNMP uses two kinds of network SNMP uses two kinds of network stations:stations: Network Management Station (NMS): Network Management Station (NMS):
Monitors and manages devices configured Monitors and manages devices configured with SNMP and collects informationwith SNMP and collects information
Agent: Any device configured for SNMP Agent: Any device configured for SNMP from which an NMS can collect data – from which an NMS can collect data – SNMP agents include servers, SNMP agents include servers, workstations, routers, switches, and hubsworkstations, routers, switches, and hubs
Chapter 15
Microsoft Systems Microsoft Systems Compatible with SNMPCompatible with SNMP
Microsoft Systems Microsoft Systems Compatible with SNMPCompatible with SNMP
The following systems can be managed The following systems can be managed through SNMP:through SNMP: Windows 2000 and NT serversWindows 2000 and NT servers Windows 2000 and NT workstationsWindows 2000 and NT workstations WINS serversWINS servers DHCP serversDHCP servers IIS serversIIS servers Microsoft RAS and IAS serversMicrosoft RAS and IAS servers
Chapter 15
Installing SNMPInstalling SNMPInstalling SNMPInstalling SNMP
To install SNMP:To install SNMP: Open the Add/Remove Programs toolOpen the Add/Remove Programs tool Click Add/Remove Windows ComponentsClick Add/Remove Windows Components Double-click Management and Monitoring Double-click Management and Monitoring
toolstools Check Simple Network Management Check Simple Network Management
Protocol and click OKProtocol and click OK Click Next and then click FinishClick Next and then click Finish
Chapter 15
Configuring SNMPConfiguring SNMPConfiguring SNMPConfiguring SNMP
After installing SNMP, configure one or After installing SNMP, configure one or more community names for securitymore community names for security Community name: In SNMP Community name: In SNMP
communications, a password used by communications, a password used by network agents and the network network agents and the network management station so that their management station so that their communications cannot be easily communications cannot be easily intercepted by an unauthorized workstation intercepted by an unauthorized workstation or deviceor device
Chapter 15
Configuring SNMP (continued)Configuring SNMP (continued)Configuring SNMP (continued)Configuring SNMP (continued)
Figure 15-11 Configuring the community nameFigure 15-11 Configuring the community name
Chapter 15
SNMP TrapSNMP TrapSNMP TrapSNMP Trap
SNMP enables you to configure a trapSNMP enables you to configure a trap Trap: A specific situation or event detected Trap: A specific situation or event detected
by SNMP that a network administrator may by SNMP that a network administrator may want to be warned about or to track via a want to be warned about or to track via a network management station, such as network management station, such as when a network device is unexpectedly when a network device is unexpectedly down or offlinedown or offline
Chapter 15
Troubleshooting TipTroubleshooting TipTroubleshooting TipTroubleshooting Tip
If a trap that you set does not work, If a trap that you set does not work, make sure that the SNMP Trap Service make sure that the SNMP Trap Service is started and set to start automatically is started and set to start automatically in Windows 2000 Serverin Windows 2000 Server
Chapter 15
Monitoring a Network Monitoring a Network with System Monitorwith System Monitor
Monitoring a Network Monitoring a Network with System Monitorwith System Monitor
System Monitor contains a wide range System Monitor contains a wide range of objects for monitoring a networkof objects for monitoring a network
Some objects only appear in System Some objects only appear in System Monitor if you have a particular protocol Monitor if you have a particular protocol installedinstalled
Chapter 15
System Monitor Network System Monitor Network Monitoring ObjectsMonitoring Objects
System Monitor Network System Monitor Network Monitoring ObjectsMonitoring Objects
Object Description
ICMP Monitors network communications using the Internet Control Message Protocol
(ICMP), which is used by TCP/IP-based computers to share TCP/IP addressing and
error information
IP Tracks Internet Protocol (IP) activity and addressing (available if TCP/IP is
installed in Windows 2000 Server)
NBT Connection Monitors NetBIOS communications that are performed via TCP/IP data
communications
NetBEUI Tracks NetBEUI communications, such as communication errors, bytes sent, and
data packets sent (available if NetBEUI is installed in Windows 2000 Server)
Table 15-3 System Monitor Network Monitoring ObjectsTable 15-3 System Monitor Network Monitoring Objects
Chapter 15
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
Object Description
NetBEUI Resource Monitors resources used, such as the data storage areas (buffers) used by a NIC transmitting
NetBEUI data frames (available if NetBEUI is installed in Windows 2000 Server)
Network Interface Tracks data that travels through the workstation or server NIC, such as the current bandwidth,
the number of bytes transmitted and received, number of packets sent, and packet transmission
and receipt errors
Network Segment Monitors activity on the network segment to which the server or workstation is attached, such
as broadcast and network utilization data (at this writing Network Segment is not fully
implemented as an object in Windows 2000 Server, but expect it to be available as an update
via the Network Monitor Driver – because it is presently available in Windows NT 4.0)
Chapter 15
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
Object Description
NWLink IPX Tracks IPX communications sent to and from a Novell NetWare
server, workstation, or an IPX-enabled print server (available only
if NWLink is installed in Windows 2000 Server)
NWLink NetBIOS Tracks NetBIOS communications over IPX, such as bytes sent,
packet transmissions, and communications errors (available only if
NWLink is installed in Windows 2000 Server)
Chapter 15
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)
Object Description
NWLink SPX Monitors SPX communications sent to or from a Novell NetWare server or
workstation (available only if NWLink is installed in Windows 2000
Server)
TCP Monitors TCP, including sent and received traffic and reset connections
(available if TCP/IP is installed in Windows 2000 Server)
UDP Tracks the User Datagram Protocol (UDP, see Chapter 3), which is the
protocol used by network management stations, SNMP communications,
and network agents for sending messages between one another (available if
TCP/IP is installed in Windows 2000 Server)
Chapter 15
Monitoring NICs, Servers, Monitoring NICs, Servers, and Network Devicesand Network Devices
Monitoring NICs, Servers, Monitoring NICs, Servers, and Network Devicesand Network Devices
System Monitor can be used to monitor System Monitor can be used to monitor the NIC at the server to make sure that the NIC at the server to make sure that it is working properlyit is working properly
System Monitor is also used to monitor System Monitor is also used to monitor for network problems at the server and for network problems at the server and between the server and network between the server and network devicesdevices
Chapter 15
Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network DevicesNIC, Server, and Network Devices
Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network DevicesNIC, Server, and Network Devices
Object: Counter Explanation
Network Interface:
Bytes Received/sec
Measures the number of bytes received by the NIC per second and
how fast the NIC converts a frame that is in the form of an electrical
signal to one that can processed as data. If your benchmarks show that
this number is decreasing, there many be a problem in the NIC’s ability
to decode frames.
Network Interface:
Bytes Sent/sec
Measures the number of bytes sent by the NIC per second and how
fast the NIC encodes frames into electrical signals to place on the
network. If your benchmarks show that this number is decreasing,
there many be a problem in the NIC’s ability to encode frames.
Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Server, and Network Devices Server, and Network Devices
Chapter 15
Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)
Object: Counter Explanation
Network Interface:
Bytes Total/sec
Measures the total number of bytes sent and received by the NIC per second,
including the speed of encoding and decoding frames. If your benchmarks
show that the speed represented by Bytes sent/sec and Bytes Received/sec are
about equal, but the Bytes Total/sec has decreased, check the local hubs,
bridges, or switches to make sure they are working normally, and if these
devices are fine, consider replacing the NIC which may be slow or
malfunctioning.
Server: Bytes
Received/sec
Measures incoming bytes processed by the server per second. You can use this
figure to set benchmarks and look for sudden decreases in traffic related to
problems at the server’s NIC, or at a local hub, bridge, or switch.
Chapter 15
Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)
Object: Counter Explanation
Server: Bytes
Transmitted/sec
Tracks the number of bytes that the server has placed on the network per
second. Also consider using this as a benchmark. If this number starts to
decrease compared to bytes received, and continues to decrease, it many
mean that the server is gradually becoming overloaded.
Server: Bytes Total/sec Measures the incoming and outgoing bytes and can be used to
benchmark network activity at the server as well as server performance.
Chapter 15
Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor ProtocolsCounters to Monitor Protocols
Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor ProtocolsCounters to Monitor Protocols
Object: Counter Explanation
IP: Datagrams
Received/sec,
Datagrams Sent/sec, and
Datagrams/sec
These objects measure the IP datagrams (an IP datagram with an encapsulated
TCP segment forms a packet) sent and received. Use these to establish
benchmarks and to signal problems. For example, if there is a dramatic
decrease in Datagrams Received, check to determine if there is a problem with
a router or Layer 3 (network layer) switch.
TCP: Segments
Received/sec, Segments
Sent/sec, and
Segments/sec
These objects measure the TCP segments inside IP datagrams and can be used
to establish benchmarks. There should be a one-to-one correspondence
between IP datagrams and TCP segments or else there may be problem in how
packets are being encoded or decoded at a device, possibly resulting in
dropped packets.
Table 15-5 Using System Monitor Objects and Counters to Monitor Protocols Table 15-5 Using System Monitor Objects and Counters to Monitor Protocols
Chapter 15
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Protocols (continued)to Monitor Protocols (continued)
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Protocols (continued)to Monitor Protocols (continued)
Object: Counter Explanation
IP: Fragmentation
Failures
Measures the number of datagrams that are not being broken apart and
resized for transmission across different networks. A high rate of these
errors indicates a problem with a network device, such as a router.
TCP: Segments
Retransmitted/sec
Measures the number of TCP segments that must be resent, such as when
segments are dropped or when IP datagrams are not properly fragmented
and reassembled, possibly indicating a problem at a router or NIC.
Chapter 15
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecksto Monitor Server and Network Bottlenecks
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecksto Monitor Server and Network Bottlenecks
Object: Counter Explanation
Network Segment:
%Network Utilization
Measures what percentage of the network bandwidth is in use – 40%
reflects a busy network, 70% signals a significant problem, such as a
NIC or bridge saturating the network, over 90% requires immediate
action to locate the source or sources of network bottlenecks.
Network Segment:
Broadcast Frames/sec
Tracks the number of broadcast frames sent per second and can be
used to help establish network benchmarks as well as find a network
station that is sending an abnormal number of broadcasts (including
the server).
Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Network BottlenecksNetwork Bottlenecks
Chapter 15
Using System Monitor Objects and Counters to Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Monitor Server and Network Bottlenecks
(continued)(continued)
Using System Monitor Objects and Counters to Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Monitor Server and Network Bottlenecks
(continued)(continued)
Object: Counter Explanation
Server: Errors System Measures for system service problems at the server and reflects there is a
bottleneck, if a critical service is not started, such as the Workstation or
Server service. Suspect a problem when this value is over 0 or 1.
Server: Sessions Errored
Out
Measures the number of server sessions that have terminated due to errors
and can indicate a problem connecting to the server or in accessing a
critical server service. Troubleshoot a server problem if this number is
frequently over 2.
Chapter 15
Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor a Web ServerCounters to Monitor a Web ServerUsing System Monitor Objects and Using System Monitor Objects and Counters to Monitor a Web ServerCounters to Monitor a Web Server
Object: Counter Explanation
Web Server: Current
Connections
Measures the number of users currently logged on to the IIS Web
services. Use this to create Web server benchmarks and test the user
load on the server.
Web Server: Maximum
Connections
Tracks the maximum users who have been connected during the time
of monitoring and can be used to help you know when to tune the
server, such as to increase the maximum number of users, to create
more bandwidth, and to upgrade the server.
Table 15-7 Using System Monitor Objects to Monitor a Web ServerTable 15-7 Using System Monitor Objects to Monitor a Web Server
Chapter 15
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor a Web Server (continued)to Monitor a Web Server (continued)
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor a Web Server (continued)to Monitor a Web Server (continued)
Object: Counter Explanation
Web Service: Bytes
Received/sec counter
Measures the incoming bytes processed by the Web server per second.
You can use this figure to set benchmarks and look for sudden decreases in
traffic related to problems at the server’s NIC or at some point on the
network.
Web Service: Bytes
Sent/sec counter
Measures the number of bytes that the Web server has placed on the
network per second. You can also use this as a benchmark. If this number
starts to decrease compared to bytes received, and continues to decrease, it
may mean that the server is overloaded, such as requiring a faster
processor and more L2 memory.
Chapter 15
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor a Web Server (continued)to Monitor a Web Server (continued)
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor a Web Server (continued)to Monitor a Web Server (continued)
Object: Counter Explanation
FTP Service: Total Files
Received,
Total Files Sent, and
Total Files Transferred
Measure the file activity by users and can be used to establish
benchmarks for FTP file activity.
FTP Service: Bytes
Received/sec, Bytes
Sent/sec, Bytes Total/sec
Measure the network activity at the FTP server and can be used to
establish benchmarks.
Chapter 15
Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor SMTP ServicesCounters to Monitor SMTP ServicesUsing System Monitor Objects and Using System Monitor Objects and
Counters to Monitor SMTP ServicesCounters to Monitor SMTP ServicesObject: Counter Explanation
SMTP Server: Messages
Received Total
Measures total message traffic into the server and can be used to establish
benchmarks.
SMTP Server: Messages
Delivered Total
Measures the total message traffic out of the server and can be used to establish
benchmarks.
SMTP Server: Local Queue
Length
Shows the number of messages in the local SMTP message queue. If users report
that they are not receiving e-mail, monitor this object:counter combination. The
message queue length should reflect constant change as it processes and routes
messages. If the length does not change, suspect that the queue or the service is
hung. Check to make sure that the Simple Mail Transport Protocol (SMTP)
service is started and set to start automatically. Also, try stopping and restarting
the service.
Chapter 15
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor SMTP Services (continued)to Monitor SMTP Services (continued)
Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor SMTP Services (continued)to Monitor SMTP Services (continued)
Object: Counter Explanation
SMTP Server:
Badmailed Messages
(Hop Count)
Tracks the number of discarded messages because they went
through more hops than specified, possibly indicating that the
destination node is down or that there is a network problem between
the SMTP server and the destination.
SMTP Server: Outbound
Connections Refused
Tracks messages turned down at a destination. A high number may
indicate that your site has someone who is randomly sending
messages out (spamming) or attempting surreptitious activities.
Chapter 15
Network Tuning TipsNetwork Tuning TipsNetwork Tuning TipsNetwork Tuning Tips
Keep NIC drivers updatedKeep NIC drivers updated Replace slow NICsReplace slow NICs Tune the network access orderTune the network access order Implement TCP/IP exclusively, if Implement TCP/IP exclusively, if
possiblepossible Purchase servers that are equipped to Purchase servers that are equipped to
keep up with the server loadkeep up with the server load
Chapter 15
Network Tuning Tips (continued)Network Tuning Tips (continued)Network Tuning Tips (continued)Network Tuning Tips (continued)
Monitor for excessive BPDU broadcastsMonitor for excessive BPDU broadcasts Monitor the network for saturation from Monitor the network for saturation from
broadcast stormsbroadcast storms Replace aging, slower network devices Replace aging, slower network devices
with newer, faster deviceswith newer, faster devices Use multimedia applications that support Use multimedia applications that support
multicasting multicasting Upgrade bandwidth to match the loadUpgrade bandwidth to match the load
Chapter 15
Chapter SummaryChapter Summary
Monitoring a network is as important as Monitoring a network is as important as monitoring a servermonitoring a server
Establish network benchmarks to help Establish network benchmarks to help in preventing and diagnosing problemsin preventing and diagnosing problems
Install the Network Monitor Driver and Install the Network Monitor Driver and Network Monitor together to enable Network Monitor together to enable network monitoring from Windows 2000 network monitoring from Windows 2000 ServerServer
Chapter 15
Chapter SummaryChapter Summary
Install Microsoft SNMP service to take Install Microsoft SNMP service to take advantage of SNMP-based network advantage of SNMP-based network management station monitoringmanagement station monitoring
Use the System Monitor’s network-Use the System Monitor’s network-related objects, counters, and instances related objects, counters, and instances for in-depth network monitoring, for in-depth network monitoring, particularly of protocolsparticularly of protocols