Security Basics mailing list archives
Re: Any good method to check network overload?
From: stefmit <stefmit () comcast net>
Date: Thu, 6 Mar 2003 13:18:34 -0600
Very good points. Here is one (minimal) tool that can address the packet size and/or minimal traffic checkup, for $0: - get yourself a copy of Qcheck from: http://www.netiq.com/qcheck/default.asp then endpoints for whatever OS you're running from: http://www.netiq.com/support/pe/pe.asp Of course, in order to address the ping limitations, one can always use some open-source utilities such as hping2 and bping ... Stef On Wednesday 05 March 2003 11:01 pm, Mark Reardon wrote:
I missed the original request but I saw the response about using ping and comparing results over time. I wanted to interject some points. Network overload needs a definition before you go too far. If you have batch type traffic and response time is not an issue, then overload is different than say SSH based user sessions. If you are transfering files and it gets done in time, then your fine. If your interactive sessions are the concern, then using a response measurement tool such as ping may be appropriate. However, ping tests tend to use the same size packet for each test. Networks may or may not function this way. Say for example a web site. Small packets in, large packets out is a common generalization. Therefore it is best to use something that emulates the typical traffic. A web response measurement tool is one way of doing it for web sites. All of the above also have the added feature of adding load while measuring it. That means you may be creating the very problem you want to avoid yet measure. This leads to methods that look at traffic measured at the server such as monitoring the TCP round trip timers (difficult to do and difficult to interpret) or looking at network devices and server statistics to check their load handling statistics. Sorry to be so verbose. The underlying point is that you need to be specific in defining what you want to measure and how you want to do it. Then look for proven tools. I have used Solarwinds and the stuff at the National Labs for Applied Network Research (dast.nlanr.net) also looks good. I'd also speak with your network equipment provider as sometimes they have tools for this as well (Cisco does). Good luck, Mark ---- Mark Reardon Reardon Information Security Corporation 156 Blue Sky Drive Marietta, GA 30068 (770) 565-0544 (404) 444-0041 cell
Current thread:
- Any good method to check network overload? swin (Mar 03)
- RE: Any good method to check network overload? David Gillett (Mar 04)
- <Possible follow-ups>
- RE: Any good method to check network overload? swin (Mar 05)
- RE: Any good method to check network overload? David Gillett (Mar 05)
- RE: Any good method to check network overload? Mark Reardon (Mar 06)
- Re: Any good method to check network overload? stefmit (Mar 07)
- RE: Any good method to check network overload? Trevor Cushen (Mar 06)
- RE: Any good method to check network overload? Chris Berry (Mar 06)
- RE: Any good method to check network overload? David Gillett (Mar 07)
- RE: Any good method to check network overload? Mike Dresser (Mar 07)
- Re: Any good method to check network overload? gene yoo (Mar 07)
- Re: Any good method to check network overload? Sean Knox (Mar 07)
- Re: Any good method to check network overload? Nuzman (Mar 07)
- RE: Any good method to check network overload? David Gillett (Mar 07)
- RE: Any good method to check network overload? swin (Mar 08)
- RE: Any good method to check network overload? Burton M. Strauss III (Mar 10)
- RE: Any good method to check network overload? Chris Berry (Mar 08)
(Thread continues...)