Market Brief

Troubleshooting a Slow Network

Download Market Brief

One of the most common end-user complaints within an organization is ‘why is the network slow’? Using StealthWatch by Lancope’s simple 3-click investigation method, network and security administrators can quickly drill down to the root cause of network congestion and rapidly remedy the situation before any impact to network service or availability occurs.

“Troubleshooting is almost effortless with StealthWatch. Previously, when there was an incident, we would add mirrors and sniffers to track and replicate the event, and then manually comb through logs. We can now sort, analyze and baseline traffic with ease.”

-Concord Hospital

Step 1: Quickly Identify the IP Address of the User in Question

One of the first steps in troubleshooting is to obtain the user’s IP address to look at his activity. Previously, this laborious process involved walking the user through finding his IP address, running traceroutes through the network, running queries against the routers in his path, and various other steps that may or may not get the desired answers.

identify IP addressWith the StealthWatch IDentity appliance, administrators can convert this once multi-hour process into less than 5 minutes. Operators simply right-click the IDentity peripheral in the StealthWatch Management Console (SMC) user interface and input the user’s name in the filter to view a list of all the associated IP addresses.

 

Step 2: Locate What Associated Interfaces are Overloaded

Administrators can locate which interfaces the user is passing through by double-clicking the IP address to open a Host Snapshot for that user. The Host Snapshot enables rapid incident response by providing the information necessary for precise action.

locate what associate interfaces are overloadedThe snapshot identifies:

  • Which routers/switches is the user’s traffic passing through?
  • Which interface is exchanging traffic beyond its preset limit?
  • How much traffic is going through the interface?

 

 

Step 3: Learn Why the Interface Is Over Capacity

StealthWatch segments Top Ten statistics by host, flows and services to provide an additional layer of intelligence for investigating network slowdowns or traffic spikes. By monitoring the most important zones, StealthWatch expedites response efforts.

Utilizing StealthWatch’s Top Ten Interface, administrators can investigate:

  • What services are using the most bandwidth?
  • Where is most of the traffic coming from?
  • Where is the traffic going?
  • How much traffic is being exchanged?

learn why the interface is over capacity

With just a few clicks of the mouse, the StealthWatch operator can pinpoint which end-user’s IP address is experiencing network slowness, determine which switch interface is currently over utilized, identify which conversation(s) are saturating the network bandwidth, and finally diagnose which UserID is responsible for the network slowdown. In just 30 seconds, StealthWatch resolves the problem.