In enterprise network, you might find so many possible strange problems that you are unable to analyze off-site. I got some requests to remotely debug network problem immediately. The problem is I couldn’t be there myself. The problem I know is just the network seemed too slow. Nobody knows what happen. What I have is just an account to access a linux server in that network. The first thing I guessed to cause this problem was some computers might be downloading something big. Anyway, my problem is how to spot that machines precisely. Since I only had ssh account, it was not suitable to start X window because the network was so slow. As a result, I had to solve this problem in pure text mode.

The first tool I thought of is tcpdump, the classic one. Unfortunately, there were so many computers plugged into the network. I couldn’t spot them by tcpdump. The next one I tried was IPTraf. IPTraf is a cursed-based packet analysis tool which was very handy for quickly analyzing network at a glance. It provides 4 modes.

1. TCP connection statistics and UDP statistics
2. Interface statistics
3. Port statistics
4. Host statistics

You are allowed to sort entries in all modes. To solve my problem, I started by analyzing port statistics. There were so many TCP packets sent and received on port 1755. That was unusual because it is MMS which usually used for streaming. Next step was to find out who was the one watching the stream. I used TCP connection statistics to find him. Bingo! I have finally found the one who made this problem. Just to inform him to stop watching and continue working. Many thanks to IPTraf.

Technorati Tags: English, IT, Security, Software, Review, Linux, Tips and Tricks, IPTraf