Ethereal-users: Re: [Ethereal-users] Using Etheral to pin-point a network throughput problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Scott Lowrey <slowrey@xxxxxxxxxxx>
Date: Mon, 11 Apr 2005 23:07:12 -0400

god like wrote: 
- Does ethereal handle switched networks and if so do I have to set anything special up.
Ethereal can see whatever the host it's running on sees.  Switches generally learn which hosts are on which ports and forward packets accordingly, so you might not be able to see what you want to see.

Therefore, if you want to sniff the entire network, you'll need access to the switches and/or routers so that they can be configured to send all traffic to a special port.  If it's not a managed switch (i.e., one that has a management interface and features like port mirroring), then you'll have to be content with monitoring a link that's "close to the problem" in order to figure out what's going on.  Old-fashioned hubs might work for this but beware: most new "hubs" are really switches -- very frustrating.
 
- Can ethereal generate traffic and do throughput testing if so - how? and if not do people know of [...]
Ethereal is a sniffer, not a generator.  Try netperf or Iperf.
- Reporting - the client wants the problem pin-pointed and proved on paper.
Well, the legal work is up to you, not a piece of software.  Look at the stats on the switch and on the receiver.  If you're lucky, you'll see drop counts on one of them.  That will tell you which device is suffering from the likely buffer overflow.  Ethereal might be able to expose some packet loss, but you're going to have to capture packets at the source and the destination OR observe sequence numbers.  See next answer.
 
- General tips and gotchas
You didn't give us much to go on.  Other than the cameras, what kind of systems are you dealing with?  General purpose computers running an OS?  Embedded devices?  What kind of login access to you have? What protocols?