Sorry for the somewhat longwinded question;
I've been getting familliar with some network monitoring tools including
Ethereal to try to shed some light on occasional problems I see with my
network. (2 3com unmanaged 10baseT hubs connected by fiber, Cisco routers to
Adtran T-1 CSU/DSU's to other buildings, about 70 mixed Win9x and WinNT
clients on a WinNT server network running TCP/IP)
Occasionally, I will see instances where network response will go way down,
it will be almost impossible to login or map a drive. I can watch the hubs
at these times, and the "packet" light on the hubs is on steady, and
sometimes there are many collisions.
In an attempt to find out what is happening, I fire up Ethereal, but the
program captures few packets; this morning about 1000 in maybe 20/30
seconds. When I look at the decoded packets, I don't see anything that looks
"out of whack" to my untrained eye. In other words, I only see the same kind
of traffic that I see normally when the network is "OK".
In reading the website of a large supplier of network monitoring software, I
got the impression that the ability to capture "broken" or "Incorrect"
packets is dependent on the combination of the Packet driver and the actual
network interface card used. "Of course, they recommend their own!"
Is there any truth to this? I'm using Win Pcap latest version (I think)
dated 4/3/2000 with an old Kingston KNE2000TLC nic under WinNT 4 SP 6a. The
card is in promiscous mode; I am seeing traffic from all hosts on the
network.
Can I expect to see any "Junk" with Ethereal when my network is misbehaving
in this way in order to find out who the "bad guy" is? Or might I have to
look at other hardware/software? Right now, I'm limited to solving these
problems "by gosh and by golly" running around and turning off computers
until the problems stop. (I have been able to identify problem machines by
doing this; I would like however to be able to resolve these issues in a
more professional manner without spending the proverbial arm and leg.)
p.s. would a linux box be better at this? I've started playing with linux
but am not able to put much time into it to really learn what I am doing.
Thanks in advance for any thoughts or suggestions;