Slow Connection? Sniff your way out!

This is actually mostly for IT personnel but is very useful as well for developers encountering slow connection on LAN.  Speaking as both, one thing that we face most of the time is degradation of speed on the network and the problem is it can be anything such as wrong design in our app, faulty hardware like switches and lan cards, or a malware flooding the network causing heavy traffic.

As an IT Manager, what I do on my end, for lack of proper tools before, is to trace things manually.  Sometimes with the help of IpSnooper tool I shared in foxite, weblogs and blogspot, I was able to pinpoint which machine a specific IP Address belongs to.  But that is if you will be able to trace which IP is flooding the network.

For some cases, like I said, I have to do it manually (with my IT guys' assistance) by observing the speed  of the network or even internet access by unplugging one by one (and reconnecting back) each connection on our switch.  And I was able to trace the units causing the flooding that way.  But...... that is the hard way.



Yesterday, we can not even properly send/receive email via outlook so I decided to try my luck in finding a proper tool over the web, and that is what I wanted to share now because I do found one.  And since I believe this can help others as well, I will share those tools here.

The first one we need is SmartSniff by NirSoft.  A very powerful free tool designed to sniff and capture TCP/IP packets between clients and servers (local or web based).  Here is the link for SmartSniff: http://www.nirsoft.net/utils/smsniff.html

You can also get some more free stuff there.

The next you need to get out most of the power of SmartSniff is WinPcap by Riverbed Technology.  It is open source so portions of it were improved by countless people, institutions and companies (see License section).  Here is the link to WinPCap:  http://www.winpcap.org/install/default.htm

Combine those two and you are ready to sniff your way out of the slow connection in being able to find the ws via its IP Address that is flooding the network.  Observe Local Address, Remote Address, Local and Remote Ports, Remote Host, Packets, Data Size and a lot more.

As my rule of the thumb, do not enable auto-start with OS of some apps like messengers, dropbox, torrent downloaders, etc.  Because even if you leave those unused or idle, those will still use the ports and constantly send packets back and forth.  Just tell your users to double-click those when needed and close outright (totally exit) when not needed.  Just a friendly advice.

I hope this post will help you troubleshoot the cause of slow connections in your end.  Cheers!