Many Microsoft support engineers dealing with customer technical issues ask for network traces to further troubleshoot and isolate a given problem. In this post I wanted to give you an idea about when we generally ask for a network trace so that you might want to take a similar approach for similar problems.

 

May be we can start with the question “When do we need to collect and analyze a network trace?”

 

Even though the answers might vary, generally you will need to collect and analyze a network trace in the below situations:

 

•          You need to troubleshoot network connectivity problems

•          You need to troubleshoot network performance problems

         You need to troubleshoot network security problems

          You need to understand network behavior of protocols and applications for baselining or capacity planning purposes

 

Also you can see below some example problem types that we get from our customers where we ask for network traces:

 

Network connectivity problem examples:

 

          Web browser cannot connect to Web server

          Remote share cannot be browsed

          Event Viewer cannot connect to remote event log service

          I get ‘RPC server is unavailable’ when I initiate AD replication

          We get ‘server not found’ error when starting the XYZ application (a 3rd party app)

          Exchange server doesn’t receive e-mails from the internet

          Sharepoint portal cannot be reached from clients in a certain site

          Sharepoint server cannot retrieve data from SQL server

          SCCM server cannot communicate with the SCCM agent

          3rd party client application cannot connect to 3rd party server application over a VPN tunnel

 

Network performance problem examples:

 

          File copy between two servers takes too long

          Download through HTTP from the internet takes is slow

          Backing up one of our file servers through the network takes too long

          We see delays in browsing our web site

          FTP file transfers are too slow between certain sites

          Windows Explorer is too slow in showing the remote share content

          SQL server query performance over the WAN connections is too slow

          Outbound e-mails queue up on Exchange Edge server

          Outlook client cannot connect to Exchange CAS servers trough a load balancer

 

Network security problem examples:

 

          We would like to understand why File server1 tries to establish a session to 10.1.1.1 through TCP port 7789

          In our firewall logs, we see that certain clients try to access a certain site. Why do those clients try to access that site?

          We would like to see which process generates a specific TCP session

          We would like to see the authentication protocol that the clients use to authenticate to Server X

          Kerberos/NTLM authentication problems

          Certain SSL authentication issues

          As soon as we connect the client machine to a switchport, the switchport is disabled due to excessive traffic coming from the client. We would like to know the reason behind that

 

Hope this helps

 

Thanks,

Murat