0

I am tasked with monitoring a comptuer lab of 30 computers, and at what seems to be random times, anywhere from 1-20 of the computers will lose their internet connections. People using the computers cannot access the internet or send any print jobs to the central printer.

Sometimes this happens very rarely, and other times it happens up to multiple times an hour. Restarting the computer will restore its connection.

This has been frustrating me for days as we are waiting for our maintanence guys to come take a look. Any help on this would be greatly appreciated.

2
Contributors
1
Reply
4
Views
8 Years
Discussion Span
Last Post by crb3
0

Your post is very short on details. What OSes are the machines
running? What speed is the network, cabled how? Hubs or
switches? What's the network topology? What's the Internet
gateway -- what kind of box?

I'm assuming your network is modern enough not to be running
10base2 -- thin coax. That stuff is trouble anytime it's bumped.
It's also old and pretty much forgotten.

Right off the bat, I am suspecting that one or more of the
machines is doing something which is saturating the network,
causing the other machines to drop packets and then to drop
connections. The best way to find out if this is so is to view
it.

I run Linux on my (flat-topology 10base) home LAN. I use
'etherape' to monitor network traffic. If you're running a
Debian-based distro on any of the machines there, a simple
'apt-get install etherape' will set you up with that kind of
tool. If none of your equipment runs Linux, I happen to know
that at least one of the live-CD distros listed at
http://www.distrowatch.com (I seem to recall it as being
Knoppix-STD) has etherape, along with a number of other
network-oriented tools, on it; download the distro, burn it to
CDR, and reboot a convenient machine into the CD to run it. The
hard disk won't be touched.

If your network is segmented with switches, you might not see
the saturating traffic from where the Linux box is plugged into
the network. In that case, you should plug it into a hub (not a
switch, a hub, because you want to be able to watch traffic
that's not to or from your machine) connected to the Internet
gateway, assuming your network isn't running at gigabit speeds
(even the best hubs max out at 100base). That's the most likely
place for you to see your spurious traffic, especially if it's
coming from one or more of your machines which have been
backdoored and collected into a botnet.

Some network admins don't look with favor on anyone but
themselves running network diagnostic tooling on their LANS.
Make sure you have all the right permissions before you go
sniffing around. There are enough stories around of honest
people trying to do the right thing and getting busted for it;
don't you be one of them.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.