RE: Any good method to check network overload?

[Mark Reardon <riscorp () mindspring com>]

I missed the original request but I saw the response about using ping and comparing results over time. I wanted to 
interject some points.

Network overload needs a definition before you go too far. If you have batch type traffic and response time is not an 
issue, then overload is different than say SSH based user sessions. If you are transfering files and it gets done in 
time, then your fine.

If your interactive sessions are the concern, then using a response measurement tool such as ping may be appropriate. 
However, ping tests tend to use the same size packet for each test. Networks may or may not function this way. Say for 
example a web site. Small packets in, large packets out is a common generalization. Therefore it is best to use 
something that emulates the typical traffic. A web response measurement tool is one way of doing it for web sites.

All of the above also have the added feature of adding load while measuring it. That means you may be creating the very 
problem you want to avoid yet measure. This leads to methods that look at traffic measured at the server such as 
monitoring the TCP round trip timers (difficult to do and difficult to interpret) or looking at network devices and 
server statistics to check their load handling statistics.

Sorry to be so verbose. The underlying point is that you need to be specific in defining what you want to measure and 
how you want to do it. Then look for proven tools. I have used Solarwinds and the stuff at the National Labs for 
Applied Network Research (dast.nlanr.net) also looks good. I'd also speak with your network equipment provider as 
sometimes they have tools for this as well (Cisco does).

Good luck,

Mark


----
Mark Reardon
Reardon Information Security Corporation
156 Blue Sky Drive
Marietta, GA 30068
(770) 565-0544
(404) 444-0041 cell