Chapter 15 Chapter 15: Network Monitoring and Tuning.

Chapter 15

Chapter 15:Chapter 15:Network Monitoring and TuningNetwork Monitoring and Tuning

Chapter 15:Chapter 15:Network Monitoring and TuningNetwork Monitoring and Tuning

Chapter 15

Learning ObjectivesLearning ObjectivesLearning ObjectivesLearning Objectives

Establish network benchmarksEstablish network benchmarks Install Network Monitor DriverInstall Network Monitor Driver Install, configure, and use Network Install, configure, and use Network

Monitor, including setting up filters and Monitor, including setting up filters and triggerstriggers

Install and configure SNMP serviceInstall and configure SNMP service

Chapter 15

Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)Learning Objectives (continued)

Use System Monitor to monitor a Use System Monitor to monitor a networknetwork

Troubleshoot and tune a networkTroubleshoot and tune a network

Chapter 15

Network MonitoringNetwork MonitoringNetwork MonitoringNetwork Monitoring

Networks are dynamic with changing Networks are dynamic with changing patterns of activity and rapid growth patterns of activity and rapid growth toward more high-bandwidth demandtoward more high-bandwidth demand

Monitoring a network is important to be Monitoring a network is important to be able to distinguish between problems able to distinguish between problems due to the network and problems due to due to the network and problems due to servers connected to the networkservers connected to the network

Chapter 15

Network BenchmarksNetwork BenchmarksNetwork BenchmarksNetwork Benchmarks

Plan to obtain network benchmarks to help Plan to obtain network benchmarks to help with problem diagnosis and planning, such with problem diagnosis and planning, such as:as: Slow, average, and peak network activity in Slow, average, and peak network activity in

relation to the work patterns of an organizationrelation to the work patterns of an organization Network activity that is related to specific Network activity that is related to specific

protocolsprotocols Network activity that is related to specific Network activity that is related to specific

servers and host computersservers and host computers

Chapter 15

Network Benchmarks Network Benchmarks (continued)(continued)

Network Benchmarks Network Benchmarks (continued)(continued)

Network activity that is related to Network activity that is related to workstationsworkstations

Network activity on individual subnets or Network activity on individual subnets or portions of a larger networkportions of a larger network

Network traffic related to WAN Network traffic related to WAN transmissionstransmissions

Network traffic created by particular Network traffic created by particular softwaresoftware

Chapter 15

Windows 2000 Network Windows 2000 Network Monitoring ToolsMonitoring Tools

Windows 2000 Network Windows 2000 Network Monitoring ToolsMonitoring Tools

Network monitoring and management Network monitoring and management tools in Windows 2000 include:tools in Windows 2000 include: Network Monitor DriverNetwork Monitor Driver Network MonitorNetwork Monitor SNMP serviceSNMP service System MonitorSystem Monitor

Chapter 15

Network Monitor Driver and Network Monitor Driver and Network MonitorNetwork Monitor

Network Monitor Driver and Network Monitor Driver and Network MonitorNetwork Monitor

Network Monitor Driver: Enables a Microsoft-Network Monitor Driver: Enables a Microsoft-based server or workstation NIC to gather based server or workstation NIC to gather network performance data for assessment network performance data for assessment by the Microsoft Network Monitorby the Microsoft Network Monitor

Network Monitor: A Windows NT and Network Monitor: A Windows NT and Windows 2000 network monitoring tool that Windows 2000 network monitoring tool that can capture and display network can capture and display network performance dataperformance data

Chapter 15

Server Activities to Monitor Server Activities to Monitor Server Activities to Monitor Server Activities to Monitor

Branchofficenetwork

Telephonecompany

Dia

l-up

line

W indows 2000Professionalwith the NetworkMonitor Driver

Switches

Router

W indows 2000 Serverwith Network Monitor, theNetwork Monitor Driver,and RAS

W indows 2000Server

W indows 2000Professionalwith the NetworkMonitor Driver

Mainbusinessnetwork

W indows 2000Server

Figure 15-1Figure 15-1Using Network MonitorUsing Network MonitorDriver to gather networkDriver to gather networkperformance informationperformance information

on two separate on two separate networksnetworks

Chapter 15

Installing Network Installing Network Monitor DriverMonitor Driver

Installing Network Installing Network Monitor DriverMonitor Driver

To install Network Monitor Driver:To install Network Monitor Driver: Open the Network and Dial-Up Open the Network and Dial-Up

Connections toolConnections tool Right-click Local Area ConnectionRight-click Local Area Connection Click PropertiesClick Properties Click InstallClick Install Double-click ProtocolDouble-click Protocol Double-click Network Monitor DriverDouble-click Network Monitor Driver

Chapter 15

Installing Network Installing Network Monitor Driver (continued)Monitor Driver (continued)

Installing Network Installing Network Monitor Driver (continued)Monitor Driver (continued)

Figure 15-2 Installing Network Monitor DriverFigure 15-2 Installing Network Monitor Driver

Chapter 15

Using Network MonitorUsing Network MonitorUsing Network MonitorUsing Network Monitor

Network Monitor tracks information such Network Monitor tracks information such as:as: Percent network utilizationPercent network utilization Frames and bytes transported per secondFrames and bytes transported per second Network station statisticsNetwork station statistics Statistics captured for a specific interval of Statistics captured for a specific interval of

timetime Transmissions per secondTransmissions per second

Chapter 15

Using Network Monitor Using Network Monitor (continued)(continued)

Using Network Monitor Using Network Monitor (continued)(continued)

Broadcast, unicast, and multicast informationBroadcast, unicast, and multicast information NIC statisticsNIC statistics Error dataError data Addresses of network stationsAddresses of network stations Other network computers running Network Other network computers running Network

Monitor and Network Monitor DriverMonitor and Network Monitor Driver

Chapter 15

Installing Network MonitorInstalling Network Monitor Installing Network MonitorInstalling Network Monitor

The general steps to install Network The general steps to install Network Monitor are:Monitor are: Open the Add/Remove Programs toolOpen the Add/Remove Programs tool Double-click the component, Management Double-click the component, Management

and Monitoring Tools and Monitoring Tools Check Network Monitor ToolsCheck Network Monitor Tools

Chapter 15

Installing Network Monitor Installing Network Monitor (continued)(continued)

Installing Network Monitor Installing Network Monitor (continued)(continued)

Figure 15-3 Installing Network Monitor toolsFigure 15-3 Installing Network Monitor tools

Chapter 15

Starting Network Monitor Starting Network Monitor Starting Network Monitor Starting Network Monitor

The general steps for starting a capture The general steps for starting a capture session in network monitor are:session in network monitor are: Start Network Monitor from the Start Network Monitor from the

Administrative Tools menuAdministrative Tools menu Select the network to monitorSelect the network to monitor Click the Capture button to start capturing Click the Capture button to start capturing

informationinformation Click the Stop Capture button to stop Click the Stop Capture button to stop

capturing informationcapturing information

Chapter 15

Capturing Network DataCapturing Network DataCapturing Network DataCapturing Network Data

Figure 15-4 Network Monitor capturing dataFigure 15-4 Network Monitor capturing data

Total paneTotal pane

Graph paneGraph pane

Session paneSession pane

Station paneStation pane

Chapter 15

Monitoring TipMonitoring Tip Monitoring TipMonitoring Tip

As is true of other monitoring tools, As is true of other monitoring tools, Network Monitor can create an extra Network Monitor can create an extra load on a serverload on a server

Chapter 15

Network Monitor DisplayNetwork Monitor Display Network Monitor DisplayNetwork Monitor Display

Data captured in Network Monitor is Data captured in Network Monitor is displayed interactively in four window displayed interactively in four window panes, but can be customized to show panes, but can be customized to show only one, two, or three panesonly one, two, or three panes

Chapter 15

Network Monitor PanesNetwork Monitor Panes Network Monitor PanesNetwork Monitor Panes

Pane Information Provided in the Pane

Graph Provides horizontal bar graphs of the following: %Network Utilization, Frames per Second, Bytes per

Second, Broadcasts per Second, and Multicasts per Second

Total Provides total statistics about network activity that originates from or that is sent to the computer

(station) that is using Network Monitor and includes many statistics in each of the following categories:

Network Statistics, Capture Statistics, Per Second Statistics, Network Card (MAC) Statistics, Network

Card (MAC) Error Statistics

Session Provides statistics about traffic from other computers on the network which include the MAC (device)

address of each computer’s NIC (see Chapter 2) and data about the number of frames sent from and

received by each computer

Station Provides total statistics on all communicating network stations which include: Network (device)

address of each communicating computer, Frames Sent, Frames Received, Bytes Sent, Bytes Received,

Directed Frames Sent, Multicasts Sent, and Broadcasts Sent

Chapter 15

Viewing a Line-by-Line ReportViewing a Line-by-Line ReportViewing a Line-by-Line ReportViewing a Line-by-Line Report

After data is captured, you can view a After data is captured, you can view a line-by-line capture summary report by line-by-line capture summary report by clicking the Stop and View Capture clicking the Stop and View Capture buttonbutton

Chapter 15

Viewing a Line-by-Line ReportViewing a Line-by-Line Report Viewing a Line-by-Line ReportViewing a Line-by-Line Report

Figure 15-5 Viewing capture summary dataFigure 15-5 Viewing capture summary data

Chapter 15

Capture Summary Capture Summary Window InformationWindow InformationCapture Summary Capture Summary

Window InformationWindow InformationColumn Explanation

Frame Shows the sequence of the frame as it was received, for example the

first frame captured is 1, the second frame captured is 2, and so on

Time Shows when the frame was captured in one of three formats: relative

system time, when the frame was captured after capturing has been

started, or when the frame was captured after capturing was stopped

Source MAC Address Shows the device address of the sending computer

Destination MAC

Address

Shows the device address of the receiving computer

Table 15-2 Capture Summary Window Information

Chapter 15

Capture Summary Window Capture Summary Window Information (continued)Information (continued)

Capture Summary Window Capture Summary Window Information (continued)Information (continued)

Column Explanation

Protocol Shows the protocol used in the transmission

Description Provides the description of the communication

Source Other Address Shows other address information, such as an IP address or a computer name for the

computer sending the frame

Source Other Destination Shows other address information, such as an IP address or a computer name for the

computer receiving the frame

Type Other Address Defines the type of addresses shown in the Source Other Address and Source Other

Destination columns, such as an IP address

Chapter 15

Finding Specific Capture Finding Specific Capture Summary InformationSummary Information

Finding Specific Capture Finding Specific Capture Summary InformationSummary Information

Use the Find button in the capture Use the Find button in the capture summary display to find specific summary display to find specific informationinformation

Chapter 15

Using FindUsing FindUsing FindUsing Find

Figure 15-6 Figure 15-6 Finding Transmission Events Associated with Server LawyerFinding Transmission Events Associated with Server Lawyer

Chapter 15

Monitoring FilterMonitoring Filter Monitoring FilterMonitoring Filter

Network Monitor has a built-in ability to Network Monitor has a built-in ability to configure a filterconfigure a filter Filter: A capacity in network monitoring Filter: A capacity in network monitoring

software that enables a network or server software that enables a network or server administrator to view only designated administrator to view only designated protocols, network events, network nodes, protocols, network events, network nodes, or other specialized views of the networkor other specialized views of the network

Chapter 15

Creating a FilterCreating a FilterCreating a FilterCreating a Filter

To create a filter in network monitor:To create a filter in network monitor: Click the Edit Capture Filter button and Click the Edit Capture Filter button and

click OKclick OK Set the specific parameters by double-Set the specific parameters by double-

clicking any of: SAP/ETYPE, Address clicking any of: SAP/ETYPE, Address Pairs, and Pattern MatchesPairs, and Pattern Matches

Click OKClick OK Continue Capturing dataContinue Capturing data

Chapter 15

Selecting Filter OptionsSelecting Filter OptionsSelecting Filter OptionsSelecting Filter Options

Figure 15-7 Creating a filterFigure 15-7 Creating a filter

Chapter 15

Configuring SAPs and ETYPEsConfiguring SAPs and ETYPEsConfiguring SAPs and ETYPEsConfiguring SAPs and ETYPEs

Figure 15-8 Selecting a protocol to capture in a filterFigure 15-8 Selecting a protocol to capture in a filter

Chapter 15

SAP and ETYPESAP and ETYPESAP and ETYPESAP and ETYPE

Server Access Point (SAP): A service Server Access Point (SAP): A service access point, which specifies the network access point, which specifies the network process that should accept a frame at the process that should accept a frame at the destination, such as TCP/IPdestination, such as TCP/IP

Ethertype (ETYPE): A property of an Ethertype (ETYPE): A property of an Ethernet frame that includes a Ethernet frame that includes a specialized two-byte code used for specialized two-byte code used for particular vendor functionsparticular vendor functions

Chapter 15

Capture TriggerCapture TriggerCapture TriggerCapture Trigger

Besides filtering, Network Monitor Besides filtering, Network Monitor supports using capture triggerssupports using capture triggers Capture trigger: Used as a way to have Capture trigger: Used as a way to have

Network Monitor perform a specific function Network Monitor perform a specific function when a predefined situation occurs, such as when a predefined situation occurs, such as stopping a capture of network data when the stopping a capture of network data when the capture buffer is 50% full capture buffer is 50% full

Chapter 15

Setting up a TriggerSetting up a Trigger Setting up a TriggerSetting up a Trigger

Figure 15-9 Setting up a triggerFigure 15-9 Setting up a trigger

Chapter 15

Troubleshooting TipTroubleshooting TipTroubleshooting TipTroubleshooting Tip

Check the Graph pane for a quick Check the Graph pane for a quick assessment of performance statistics assessment of performance statistics for:for: % Network Utilization% Network Utilization Frames Per Second Frames Per Second Bytes Per SecondBytes Per Second Broadcasts Per SecondBroadcasts Per Second Multicasts Per SecondMulticasts Per Second

Chapter 15

Diagnosing Common ProblemsDiagnosing Common ProblemsDiagnosing Common ProblemsDiagnosing Common Problems

Use Network Monitor to diagnose Use Network Monitor to diagnose problems such as:problems such as: A NIC creating a broadcast stormA NIC creating a broadcast storm Inefficient multimedia applicationsInefficient multimedia applications Problems with bridges, switches, and Problems with bridges, switches, and

routersrouters Problems with particular a workstationProblems with particular a workstation An overloaded serverAn overloaded server

Chapter 15

Finding a Broadcast StormFinding a Broadcast StormFinding a Broadcast StormFinding a Broadcast Storm

A broadcast storm is a situation in which A broadcast storm is a situation in which one or more devices, such as a failing one or more devices, such as a failing NIC, are saturating the network with trafficNIC, are saturating the network with traffic

Use the Network Monitor Broadcasts Per Use the Network Monitor Broadcasts Per Second statistic to help determine if there Second statistic to help determine if there is a broadcast storm and then check the is a broadcast storm and then check the Session and Station panes for the Session and Station panes for the device(s) sending the broadcast(s)device(s) sending the broadcast(s)

Chapter 15

Locating Unauthorized Locating Unauthorized Network Monitor UsersNetwork Monitor UsersLocating Unauthorized Locating Unauthorized Network Monitor UsersNetwork Monitor Users

Network Monitor can create problems Network Monitor can create problems when it is used by network intruders or when it is used by network intruders or unauthorized usersunauthorized users

You can view all of the Network Monitor You can view all of the Network Monitor users by clicking the Tools menu and then users by clicking the Tools menu and then clicking clicking Identify Network Monitor usersIdentify Network Monitor users

Chapter 15

Viewing Network Monitor UsersViewing Network Monitor UsersViewing Network Monitor UsersViewing Network Monitor Users

Figure 15-10 Identifying all Network Monitor usersFigure 15-10 Identifying all Network Monitor users

Chapter 15

SNMPSNMPSNMPSNMP

The Simple Network Management The Simple Network Management Protocol (SNMP) is used to gather Protocol (SNMP) is used to gather standardized network performance standardized network performance information and to control network information and to control network devicesdevices

Chapter 15

SNMP StationsSNMP StationsSNMP StationsSNMP Stations

SNMP uses two kinds of network SNMP uses two kinds of network stations:stations: Network Management Station (NMS): Network Management Station (NMS):

Monitors and manages devices configured Monitors and manages devices configured with SNMP and collects informationwith SNMP and collects information

Agent: Any device configured for SNMP Agent: Any device configured for SNMP from which an NMS can collect data – from which an NMS can collect data – SNMP agents include servers, SNMP agents include servers, workstations, routers, switches, and hubsworkstations, routers, switches, and hubs

Chapter 15

Microsoft Systems Microsoft Systems Compatible with SNMPCompatible with SNMP

Microsoft Systems Microsoft Systems Compatible with SNMPCompatible with SNMP

The following systems can be managed The following systems can be managed through SNMP:through SNMP: Windows 2000 and NT serversWindows 2000 and NT servers Windows 2000 and NT workstationsWindows 2000 and NT workstations WINS serversWINS servers DHCP serversDHCP servers IIS serversIIS servers Microsoft RAS and IAS serversMicrosoft RAS and IAS servers

Chapter 15

Installing SNMPInstalling SNMPInstalling SNMPInstalling SNMP

To install SNMP:To install SNMP: Open the Add/Remove Programs toolOpen the Add/Remove Programs tool Click Add/Remove Windows ComponentsClick Add/Remove Windows Components Double-click Management and Monitoring Double-click Management and Monitoring

toolstools Check Simple Network Management Check Simple Network Management

Protocol and click OKProtocol and click OK Click Next and then click FinishClick Next and then click Finish

Chapter 15

Configuring SNMPConfiguring SNMPConfiguring SNMPConfiguring SNMP

After installing SNMP, configure one or After installing SNMP, configure one or more community names for securitymore community names for security Community name: In SNMP Community name: In SNMP

communications, a password used by communications, a password used by network agents and the network network agents and the network management station so that their management station so that their communications cannot be easily communications cannot be easily intercepted by an unauthorized workstation intercepted by an unauthorized workstation or deviceor device

Chapter 15

Configuring SNMP (continued)Configuring SNMP (continued)Configuring SNMP (continued)Configuring SNMP (continued)

Figure 15-11 Configuring the community nameFigure 15-11 Configuring the community name

Chapter 15

SNMP TrapSNMP TrapSNMP TrapSNMP Trap

SNMP enables you to configure a trapSNMP enables you to configure a trap Trap: A specific situation or event detected Trap: A specific situation or event detected

by SNMP that a network administrator may by SNMP that a network administrator may want to be warned about or to track via a want to be warned about or to track via a network management station, such as network management station, such as when a network device is unexpectedly when a network device is unexpectedly down or offlinedown or offline

Chapter 15

Troubleshooting TipTroubleshooting TipTroubleshooting TipTroubleshooting Tip

If a trap that you set does not work, If a trap that you set does not work, make sure that the SNMP Trap Service make sure that the SNMP Trap Service is started and set to start automatically is started and set to start automatically in Windows 2000 Serverin Windows 2000 Server

Chapter 15

Monitoring a Network Monitoring a Network with System Monitorwith System Monitor

Monitoring a Network Monitoring a Network with System Monitorwith System Monitor

System Monitor contains a wide range System Monitor contains a wide range of objects for monitoring a networkof objects for monitoring a network

Some objects only appear in System Some objects only appear in System Monitor if you have a particular protocol Monitor if you have a particular protocol installedinstalled

Chapter 15

System Monitor Network System Monitor Network Monitoring ObjectsMonitoring Objects

System Monitor Network System Monitor Network Monitoring ObjectsMonitoring Objects

Object Description

ICMP Monitors network communications using the Internet Control Message Protocol

(ICMP), which is used by TCP/IP-based computers to share TCP/IP addressing and

error information

IP Tracks Internet Protocol (IP) activity and addressing (available if TCP/IP is

installed in Windows 2000 Server)

NBT Connection Monitors NetBIOS communications that are performed via TCP/IP data

communications

NetBEUI Tracks NetBEUI communications, such as communication errors, bytes sent, and

data packets sent (available if NetBEUI is installed in Windows 2000 Server)

Table 15-3 System Monitor Network Monitoring ObjectsTable 15-3 System Monitor Network Monitoring Objects

Chapter 15

System Monitor Network System Monitor Network Monitoring Objects (continued)Monitoring Objects (continued)


Object Description

NetBEUI Resource Monitors resources used, such as the data storage areas (buffers) used by a NIC transmitting

NetBEUI data frames (available if NetBEUI is installed in Windows 2000 Server)

Network Interface Tracks data that travels through the workstation or server NIC, such as the current bandwidth,

the number of bytes transmitted and received, number of packets sent, and packet transmission

and receipt errors

Network Segment Monitors activity on the network segment to which the server or workstation is attached, such

as broadcast and network utilization data (at this writing Network Segment is not fully

implemented as an object in Windows 2000 Server, but expect it to be available as an update

via the Network Monitor Driver – because it is presently available in Windows NT 4.0)

Chapter 15



Object Description

NWLink IPX Tracks IPX communications sent to and from a Novell NetWare

server, workstation, or an IPX-enabled print server (available only

if NWLink is installed in Windows 2000 Server)

NWLink NetBIOS Tracks NetBIOS communications over IPX, such as bytes sent,

packet transmissions, and communications errors (available only if

NWLink is installed in Windows 2000 Server)

Chapter 15



Object Description

NWLink SPX Monitors SPX communications sent to or from a Novell NetWare server or

workstation (available only if NWLink is installed in Windows 2000

Server)

TCP Monitors TCP, including sent and received traffic and reset connections

(available if TCP/IP is installed in Windows 2000 Server)

UDP Tracks the User Datagram Protocol (UDP, see Chapter 3), which is the

protocol used by network management stations, SNMP communications,

and network agents for sending messages between one another (available if

TCP/IP is installed in Windows 2000 Server)

Chapter 15

Monitoring NICs, Servers, Monitoring NICs, Servers, and Network Devicesand Network Devices

Monitoring NICs, Servers, Monitoring NICs, Servers, and Network Devicesand Network Devices

System Monitor can be used to monitor System Monitor can be used to monitor the NIC at the server to make sure that the NIC at the server to make sure that it is working properlyit is working properly

System Monitor is also used to monitor System Monitor is also used to monitor for network problems at the server and for network problems at the server and between the server and network between the server and network devicesdevices

Chapter 15

Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network DevicesNIC, Server, and Network Devices

Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network DevicesNIC, Server, and Network Devices

Object: Counter Explanation

Network Interface:

Bytes Received/sec

Measures the number of bytes received by the NIC per second and

how fast the NIC converts a frame that is in the form of an electrical

signal to one that can processed as data. If your benchmarks show that

this number is decreasing, there many be a problem in the NIC’s ability

to decode frames.

Network Interface:

Bytes Sent/sec

Measures the number of bytes sent by the NIC per second and how

fast the NIC encodes frames into electrical signals to place on the

network. If your benchmarks show that this number is decreasing,

there many be a problem in the NIC’s ability to encode frames.

Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Table 15-4 Using System Monitor Objects and Counters to Monitor the NIC, Server, and Network Devices Server, and Network Devices

Chapter 15

Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)


Network Interface:

Bytes Total/sec

Measures the total number of bytes sent and received by the NIC per second,

including the speed of encoding and decoding frames. If your benchmarks

show that the speed represented by Bytes sent/sec and Bytes Received/sec are

about equal, but the Bytes Total/sec has decreased, check the local hubs,

bridges, or switches to make sure they are working normally, and if these

devices are fine, consider replacing the NIC which may be slow or

malfunctioning.

Server: Bytes

Received/sec

Measures incoming bytes processed by the server per second. You can use this

figure to set benchmarks and look for sudden decreases in traffic related to

problems at the server’s NIC, or at a local hub, bridge, or switch.

Chapter 15

Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)Using System Monitor Objects to Monitor the Using System Monitor Objects to Monitor the NIC, Server, and Network Devices (continued)NIC, Server, and Network Devices (continued)


Server: Bytes

Transmitted/sec

Tracks the number of bytes that the server has placed on the network per

second. Also consider using this as a benchmark. If this number starts to

decrease compared to bytes received, and continues to decrease, it many

mean that the server is gradually becoming overloaded.

Server: Bytes Total/sec Measures the incoming and outgoing bytes and can be used to

benchmark network activity at the server as well as server performance.

Chapter 15

Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor ProtocolsCounters to Monitor Protocols

Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor ProtocolsCounters to Monitor Protocols


IP: Datagrams

Received/sec,

Datagrams Sent/sec, and

Datagrams/sec

These objects measure the IP datagrams (an IP datagram with an encapsulated

TCP segment forms a packet) sent and received. Use these to establish

benchmarks and to signal problems. For example, if there is a dramatic

decrease in Datagrams Received, check to determine if there is a problem with

a router or Layer 3 (network layer) switch.

TCP: Segments

Received/sec, Segments

Sent/sec, and

Segments/sec

These objects measure the TCP segments inside IP datagrams and can be used

to establish benchmarks. There should be a one-to-one correspondence

between IP datagrams and TCP segments or else there may be problem in how

packets are being encoded or decoded at a device, possibly resulting in

dropped packets.

Table 15-5 Using System Monitor Objects and Counters to Monitor Protocols Table 15-5 Using System Monitor Objects and Counters to Monitor Protocols

Chapter 15

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Protocols (continued)to Monitor Protocols (continued)

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Protocols (continued)to Monitor Protocols (continued)


IP: Fragmentation

Failures

Measures the number of datagrams that are not being broken apart and

resized for transmission across different networks. A high rate of these

errors indicates a problem with a network device, such as a router.

TCP: Segments

Retransmitted/sec

Measures the number of TCP segments that must be resent, such as when

segments are dropped or when IP datagrams are not properly fragmented

and reassembled, possibly indicating a problem at a router or NIC.

Chapter 15

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecksto Monitor Server and Network Bottlenecks

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecksto Monitor Server and Network Bottlenecks


Network Segment:

%Network Utilization

Measures what percentage of the network bandwidth is in use – 40%

reflects a busy network, 70% signals a significant problem, such as a

NIC or bridge saturating the network, over 90% requires immediate

action to locate the source or sources of network bottlenecks.

Network Segment:

Broadcast Frames/sec

Tracks the number of broadcast frames sent per second and can be

used to help establish network benchmarks as well as find a network

station that is sending an abnormal number of broadcasts (including

the server).

Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Table 15-6 Using System Monitor Objects and Counters to Monitor Server and Network BottlenecksNetwork Bottlenecks

Chapter 15

Using System Monitor Objects and Counters to Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Monitor Server and Network Bottlenecks

(continued)(continued)

Using System Monitor Objects and Counters to Using System Monitor Objects and Counters to Monitor Server and Network Bottlenecks Monitor Server and Network Bottlenecks

(continued)(continued)


Server: Errors System Measures for system service problems at the server and reflects there is a

bottleneck, if a critical service is not started, such as the Workstation or

Server service. Suspect a problem when this value is over 0 or 1.

Server: Sessions Errored

Out

Measures the number of server sessions that have terminated due to errors

and can indicate a problem connecting to the server or in accessing a

critical server service. Troubleshoot a server problem if this number is

frequently over 2.

Chapter 15

Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor a Web ServerCounters to Monitor a Web ServerUsing System Monitor Objects and Using System Monitor Objects and Counters to Monitor a Web ServerCounters to Monitor a Web Server


Web Server: Current

Connections

Measures the number of users currently logged on to the IIS Web

services. Use this to create Web server benchmarks and test the user

load on the server.

Web Server: Maximum

Connections

Tracks the maximum users who have been connected during the time

of monitoring and can be used to help you know when to tune the

server, such as to increase the maximum number of users, to create

more bandwidth, and to upgrade the server.

Table 15-7 Using System Monitor Objects to Monitor a Web ServerTable 15-7 Using System Monitor Objects to Monitor a Web Server

Chapter 15

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor a Web Server (continued)to Monitor a Web Server (continued)



Web Service: Bytes

Received/sec counter

Measures the incoming bytes processed by the Web server per second.

You can use this figure to set benchmarks and look for sudden decreases in

traffic related to problems at the server’s NIC or at some point on the

network.

Web Service: Bytes

Sent/sec counter

Measures the number of bytes that the Web server has placed on the

network per second. You can also use this as a benchmark. If this number

starts to decrease compared to bytes received, and continues to decrease, it

may mean that the server is overloaded, such as requiring a faster

processor and more L2 memory.

Chapter 15




FTP Service: Total Files

Received,

Total Files Sent, and

Total Files Transferred

Measure the file activity by users and can be used to establish

benchmarks for FTP file activity.

FTP Service: Bytes

Received/sec, Bytes

Sent/sec, Bytes Total/sec

Measure the network activity at the FTP server and can be used to

establish benchmarks.

Chapter 15

Using System Monitor Objects and Using System Monitor Objects and Counters to Monitor SMTP ServicesCounters to Monitor SMTP ServicesUsing System Monitor Objects and Using System Monitor Objects and

Counters to Monitor SMTP ServicesCounters to Monitor SMTP ServicesObject: Counter Explanation

SMTP Server: Messages

Received Total

Measures total message traffic into the server and can be used to establish

benchmarks.

SMTP Server: Messages

Delivered Total

Measures the total message traffic out of the server and can be used to establish

benchmarks.

SMTP Server: Local Queue

Length

Shows the number of messages in the local SMTP message queue. If users report

that they are not receiving e-mail, monitor this object:counter combination. The

message queue length should reflect constant change as it processes and routes

messages. If the length does not change, suspect that the queue or the service is

hung. Check to make sure that the Simple Mail Transport Protocol (SMTP)

service is started and set to start automatically. Also, try stopping and restarting

the service.

Chapter 15

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor SMTP Services (continued)to Monitor SMTP Services (continued)

Using System Monitor Objects and Counters Using System Monitor Objects and Counters to Monitor SMTP Services (continued)to Monitor SMTP Services (continued)


SMTP Server:

Badmailed Messages

(Hop Count)

Tracks the number of discarded messages because they went

through more hops than specified, possibly indicating that the

destination node is down or that there is a network problem between

the SMTP server and the destination.

SMTP Server: Outbound

Connections Refused

Tracks messages turned down at a destination. A high number may

indicate that your site has someone who is randomly sending

messages out (spamming) or attempting surreptitious activities.

Chapter 15

Network Tuning TipsNetwork Tuning TipsNetwork Tuning TipsNetwork Tuning Tips

Keep NIC drivers updatedKeep NIC drivers updated Replace slow NICsReplace slow NICs Tune the network access orderTune the network access order Implement TCP/IP exclusively, if Implement TCP/IP exclusively, if

possiblepossible Purchase servers that are equipped to Purchase servers that are equipped to

keep up with the server loadkeep up with the server load

Chapter 15

Network Tuning Tips (continued)Network Tuning Tips (continued)Network Tuning Tips (continued)Network Tuning Tips (continued)

Monitor for excessive BPDU broadcastsMonitor for excessive BPDU broadcasts Monitor the network for saturation from Monitor the network for saturation from

broadcast stormsbroadcast storms Replace aging, slower network devices Replace aging, slower network devices

with newer, faster deviceswith newer, faster devices Use multimedia applications that support Use multimedia applications that support

multicasting multicasting Upgrade bandwidth to match the loadUpgrade bandwidth to match the load

Chapter 15

Chapter SummaryChapter Summary

Monitoring a network is as important as Monitoring a network is as important as monitoring a servermonitoring a server

Establish network benchmarks to help Establish network benchmarks to help in preventing and diagnosing problemsin preventing and diagnosing problems

Install the Network Monitor Driver and Install the Network Monitor Driver and Network Monitor together to enable Network Monitor together to enable network monitoring from Windows 2000 network monitoring from Windows 2000 ServerServer

Chapter 15

Chapter SummaryChapter Summary

Install Microsoft SNMP service to take Install Microsoft SNMP service to take advantage of SNMP-based network advantage of SNMP-based network management station monitoringmanagement station monitoring

Use the System Monitor’s network-Use the System Monitor’s network-related objects, counters, and instances related objects, counters, and instances for in-depth network monitoring, for in-depth network monitoring, particularly of protocolsparticularly of protocols

Chapter 15 Chapter 15: Network Monitoring and Tuning.

Documents

network n

network slide

network computers

network monitor driver

peak network activity

network monitoring n

network benchmarks n

protocol u