Skip navigation

No, this isn't a post about hunting or the last time I played Battlefield Bad Company and no I'm not the next guest on Bear Grylls' hit TV show Man vs. Wild (if you're reading this Bear I'm still waiting on that invitation in the mail)... What I'm talking about is what we as IT managers, system administrators, and network engineers do every day - we search and destroy. We hunt, track, and eventually locate problems in our IT environments and then we take them out.

Some of the most troublesome things to locate are devices and users' machines on the network. Typically, when you identify the problem you start out with an IP address. You're looking through some NetFlow data and you see that the user or device at 192.168.54.12 is using up 90% of your internet bandwidth downloading videos from iTunes. You really need to know who that user is (or whose machine it is) before you take action else you might be writing an access list to block your own CEO from accessing the internet and that's never a bright idea (sorry about that Kevin, I really didn't know it was you). So, what do you do next?

Well, it really depends on what tools you have at your disposal. You should be able to trace that IP to a particular subnet fairly easily. Once you know which router that IP is using as a first hope (layer 3 wise I mean) you can look through the router's ARP cache to match the IP address up to a MAC address, assuming that the user is still sending internet traffic and the ARP table entry hasn't timed out. If you don't see a valid ARP table entry you can try pinging that IP from the router to populate the cache. So long as the machine is still on and using that IP address that should get you a valid MAC address.

Now that you've got a MAC address to work with you can login to the switch and start looking thru bridge tables (CAM tables on Cisco switches) to see which port that machine is connected to and hopefully after that you'll be able to map it to an office or cubicle location.

That's a lot of work and it's sort of a best case/easiest resolution scenario so let's complicate things a bit. Last Thursday someone from your company hacked into one of your customers networks and starting downloading pornographic material to one of their web servers. Hey, free bandwidth and disk space, right? Well, thanks to that bonehead your CIO is breathing down your neck. You're able to tell from looking at some of your management tools that the IP address was 192.168.55.17. However, that IP address is in a DHCP pool with 2 day lease times and that particular address block is used by a bunch of temporary employees that all bring in their own personal laptops and connect to your corporate network. Say goodbye to your lunch break my friend...

Problems like these happen all the time and in many cases you're in a real hurry to solve them. One time, many years ago before SolarWinds, I had a user that had hacked into one of my mail servers and was using it to download gigabytes of images that he'd found online. Not only was this causing problems for the mail server but it was choking our internet bandwidth and this was happening while we were attempting to finish some finance updates that were time sensitive. We literally had only a few minutes to solve this problem or risk missing the market close and probably our jobs.

If you've had experiences like this or if you have tips on solving these types of problems post a comment and share with the rest of us. In Part 2 next week I'll discuss some of the solutions available to help solve this problem and I'll post some "sneak peak" footage of a new product from SolarWinds.


Flame on...
Josh
Follow me on Twitter

Most of the time when you start troubleshooting a network problem it's best to start at the bottom - at layer 1 - the physical layer. Recently I took some time to discuss Layer 1 of the OSI Model with the readers of Computerworld. Check it out here.


Flame on...
Josh
Follow me on Twitter

Today we officially launched my new blog out at Computerworld. It's called "EtherGeek" and in that post I'll be talking a lot about networking fundamentals, troubleshooting best practices, and relevant network engineering news.

In the initial post and within the first series of posts we'll be breaking down the OSI model to understand how the different layers function and how to use the knowledge in your role as a network administrator or IT manager.

I hope that you'll bookmark and subscribe to the blog and please send me any ideas that you have around content and comment frequently :)


Flame on...
Josh
Follow me on Twitter

Last week I was in Sydney Australia for the first ever SolarWinds live community event in the land down under. We've done several webcasts and web oriented events for our Australian community and the larger APAC region but this was the first time I've traveled to Australia in person to meet with our customers and community members. As you might know, we opened a regional office in Singapore a few years back and last year we opened our first office in Australia.

It was a fantastic event and I was blown away by how many people showed up and how engaged everyone was during our technical sessions. I don't think we made it to the end of any of our presentations as we had so many great questions and discussions going on and to me, that makes for a much better event than some yahoo talking at you from the podium and flipping through a bunch of slides (yeah, I'm that yahoo sometimes).

I saw two interesting trends. First off, while over the last few years IPv6 has seen more interest and momentum in APAC it seems that adoption is only slightly ahead of the curve in that region. Secondly, cloud computing - specifically public cloud - seems to have gotten more traction there than here in the US. Of the people in attendance, over half were either already leveraging  public cloud resources or were planning to within the next 12 months.

While I was there I did have a chance to take in some of the sights. I visited Darling Harbor, The Rocks, Manly Beaches, Circular Quay, the Sidney Opera House (though from a distance) and just generally walked around the city for hours and hours. It's a beautiful place. I planned a long motorcycle tour for Saturday but alas the rain and wind didn't cooperate. Why couldn't it have rained on one of the days we were inside so I could go riding on Saturday!!!

Thank you to everyone who attended - customers, partners, community members and to all of the SolarWinds team that helped to make this such a great success. I hope to return soon and stay tuned for a community event coming to your neck of the woods...


Flame on...
Josh
Follow me on Twitter

I've fielded a lot of questions lately about VM Sprawl. It's a common problem for just about everyone these days as just about everyone is using VM technology in one way or another. No matter if you use virtualization technologies from VMWare, Citrix, Microsoft (HyperV) or some combination of these - you're going to have to think about sprawl and the sooner you do so the better

So, with all this in mind I decided to write a blog post out at Search Networking on the VM Sprawl. Click here to check it out and good luck.


Flame on...
Josh
Follow me on Twitter

Filter Blog

By date: By tag: