2

If the issue happens, it happens at 10am, for about 1minute between onset and return to stability. It does not happen every day. During the minute, pings go through the roof and packets start to drop, then the pings settle down and packets stop dropping, everything is fine again. This occurs on our wifi to the point that wifi users effectively loose internet, signs of the issue are visible on the wired network but don't impact it to the point that people really notice. We have dual internet connections from different providers configured in round-robin, it doesn't seem to care who we are on.

We audited through IT's automated processes and couldn't find anything running at 10am. We've kind of tried to watch the network but our tools are limited, nothing seems to be obviously surging through at the firewall, but we may not be doing the right kind of reporting.

At this point I'm ready to schedule my day around it and start unplugging a target system the moment I see it start to happen to see if that stops the issue in its tracks.

But I wanted to see if anyone has tool or methodology suggestions.

Kaz
  • 23
  • 4
  • 1
    It would be helpful to know a little more about your network. a simple diagram showing network devices would be nice. Where are you pinging to? From where? what WiFi band are you using? What are the devices in question? – Ron Trunk Feb 09 '22 at 21:03

1 Answers1

3

I would suggest you to rather start with network analysis tools like tcpdump and Wireshark. Then you would know if this is a network caused problem or a physical source one.

Is your network protected against physical loops ( through for example a user who would inadvertantly plug an Ethernet cable within 2 different sockets )? If not you would see a symptomatic STP storm with the above mentionned tools.

Is there some electrical engine started at 10am which may cause electromagnetic interferences with any wireless or wired network? If this is the case you would see a lot of frame with bad checksums.

dan
  • 168
  • 9
  • 1
    I feel your advice was good so I'm marking you as the answer, I think wireshark could have helped me, if I was better at using it. Just for the sake of anyone who comes across this. We figured out that a program from our printer service had updated and stared doing searches for new printers, it did this as a broadcast to all machines in its subnet. Our subnet is too big, something we are working to fix, but so this caused the broadcast and response to be huge and gum up the network. – Kaz Jun 13 '22 at 14:06
  • My personnal experience is that `tcpdump` would have shown you this *intelligent* software massive scan at first. You can't miss a storm with such a fast tool: you can't read the screen, you stop it, you see the culprit: 1000 lines toward 192.168.255.255. – dan Jun 13 '22 at 20:03