Trying to Help a Troubled Network with Linux?

vmehta asks: "I was recently put in a situation where I am trying to help a troubled network with many students accessing it. There are issues with broadcast packets and random outages which seem to be plaguing the network. What tools and methods are the best practice when trying to use Linux and Open Source to analyze and fix a network?"

OSS? Linux? WHY?

[Gothmolly]

Whats next, "How do I produce PDF files, using Linux and Open Source?" "How can I leverage Open Source to surf the web?"

Christ, this is like the late 90's, when everything suddenly had "e" in front of it. Dude, get Ethereal, slap it on any Windows box, and be done. No need to get nerdy with Linux. If you know enough that its broadcast traffic, you're halfway there.

Re:Assess the problem

[nocomment]

I'm replying to this comment but my response is directed toward the OP

I agree with madaxe42, First things first. Diagram the network. Figure out where hubs and switches are. Figure out where the firewalls are. Figure out how packets traverse the network(s). If it's a single network with a single point of access to the internet this should be (relatively) easy. If you are looking to save the day with linux what you could do is set the switches to use "port mirrors" to capture every packet on the network to snort DB. Read up on creating snort rules and you can capture literally everything that goes on. Also run samba with no password access and log everything to see what ip's are delivering viruses to your machine. Turn on snmp at every gateway and graph the network traffic. This should tell you what segments are most prone to excessive traffic (across networks).

Chances are with this combo you will find most virus, and especially the p2p abusers.

I've had to do this before and this works for me.

One of our remote sites has a T1 to the internet but also needs to access our financial system. It wasn't working. In theory they had plenty of bandwidth but the system was unstable they were able to connect...sometimes, but once they did it was almost unusable, and we're jsut talking about lightweight telnet (over a VPN) session. I initaially started with an mrtg graph on the router that is the last hop to the Internet. I saw normal traffic interupted by high periods of max bandwidth.

I've seen this type of pattern before..."Kazaa" I thought. I set up one of the company laptops with snort and mandrake linux and sent it down there with instructions to put it on a switch on the same network as the router with port mirroring so I could figure out which network it was coming from. Once I knew that I repeated the process and had them gradually move the laptop down the chain Until it was on the same subnet as the offender. 2 days later I had the IP and a list of mp3s that were being shared out and downlaoded from that machine.

All the while the VP of that location was harping on us that we needed to spring for a second T1 just to support their 12 users running telnet.

I returned to them with the information I had gathered and they responded with a "I know who that is". the traffic stopped immediatley and they have been runnign fine for over a year now with no hiccups.

Just think logically and you will have it figured out in pretty short order.