Okay,

I'm at work and having an issue with network latency. I can ping websites, and get a really good response time (30ms) and I can transfer files at big speeds 15mbs, however, browsing the web is really really dirt slow. I think its our IPS that was just installed (I don't think its up to the task at hand) and is choking on port 80 traffic (ping wouldn't be effected).

I want to identify this as the issue, anyone know of a way to show this? What tools would I need?

6/15/2009 11:35:22 AM

Using IE?

Tools -> Internet Options -> Connections -> LAN settings.

If you have a proxy server set, that's probably where your slowdown is. I always chuckle that the A in Microsoft ISA server stands for Acceleration.

6/15/2009 11:38:55 AM

* basic comprehension of networking

* awareness of the network configuration

6/15/2009 11:39:31 AM

This isn't some $50 dollar network.

Its not a client setting I assure you, its much more widespread.

I know they recently installed an IPS, I know it dosn't have the capacity to handle our traffic load. I cant view its configuration, I wish i could. My goal is to show that the source of our latency is the IPS.

Im guessing the IPS isnt checkign all traffic, which is why i get teriffic ping times, however, lantecy and load times for websites are effecting the performance of my users.

Im not a network guru by any means, but I know enough to figure things out and to read. What im looking for is guidance on finding the bottleneck.

ICMP and tracerts aren't going to work, its the wrong kind of traffic.

6/15/2009 11:57:23 AM

You would need to show page load times, maybe using something basic like wget, through the IPS and directly to the internet. Its probably a proxy server that either doesn't have enough hardware to handle the load or is misconfigured.

6/15/2009 12:02:16 PM

1) do a throughput test with and without the proxy
2) compare results
3) ...
4) profit

6/15/2009 1:13:28 PM

I dont see a way around the proxy server, its not configured on the clients (IE dosnt show a proxy server)

I know that since they installed it they have had problems, i think they originally had it running on a 100mb link (were talking about something that probably handles about 5k-10k computers worth of traffic.

Any other ideas?

6/15/2009 2:12:12 PM

Ask IT admins to setup an exception to your workstation so the traffic is not scanned by new system.

Or more likely, get over it and learn to live with it.

6/15/2009 2:16:20 PM

Any good firewall can proxy all web traffic. It doesn't need to be set up in your browser.

6/15/2009 2:21:30 PM

Test the throughput and latency for a port that is transparently proxied, and a port that isn't.

Browse the local network and a few web pages while running a packet capture and compare latencies.

Or -- if you've got a *nix box handy, save some HTTP requests to a file and run a delay loop of "time nc server 80 < http_traffic.txt" and "time nc server open-port". In this case you'll want your HTTP request to specify HTTP 1.0 or disable keep-alive, otherwise the session and connection will not terminate conveniently at the end of the request.

6/15/2009 2:26:19 PM

does the IPS only intercept port 80 traffic?

Is intranet http traffic also slow?

if so, set up a http server that listens on a different port and see if you see the same problem. If not, then it's probably your IPS.

sniffer traces should show the latency as well (using some of the wireshark tools).

6/15/2009 3:06:17 PM

Dumb question, ability to engage people directly who have influence over the company infrastructure? I'll turn to them before I'll consult the HelpDesk these days as I can usually get a hold of somebody who knows what's going on and will at a minimum will admit "Aware of it and working on it".

Otherwise, you are going to have a heck of a time debugging this without violating company policy and/or stepping on several toes in the process. What may seem like an honest intent to fix a widespread problem could be twisted into somebody trying to bypass corporate security. Don't let the latter happen.

Lastly, see if you can setup an encrypted tunnel out of the network. Probably take a 20% hit in raw speed, but latency itself shouldn't be too adversely affected. (See Remote Desktop or VNC over SSH).

6/15/2009 6:22:02 PM

LOL

Make sure

Quote :

"Lastly, see if you can setup an encrypted tunnel out of the network."

doesn't qualify as

Quote :

"violating company policy"

.

6/16/2009 12:05:11 AM