I administer a network that is very spread out. The Wan is administered by another group. We have had some slow performance issues with some of our applications. I was looking for some good tools to test the network and find out where the choke points are when these slow downs occur.

Hi there, Packet tracing is your answer here. This can be done with a number of applications, but you can download WireShark ( http://www.wireshark.org/ - this is the new name for Ethereal ) for free. Start at one end ( i.e. gather packet trace on client or server end ) during a failing scenario. Once you have captured the problem, isolate any sessions that you know are applicable ( filter by IP address and TCP port number for example ) and analyse the flows from there. For TCP sessions - be the lookout for lots of TCP retransmissions, this indicates IP packets are possibly being lost somewhere along the route. The odd retransmission is acceptable, but if you're seeing loads of them then this clearly represents a problem and is likely to be a contributing factor to your performance problem. Also, check TCP window sizes in the packet trace... it is normal for the window to expand and contract, but if either side's window reaches zero - it means that no more data will be received until a TCP ACKnowledgement packet flows from the receiver to the sender. If you can, try and liaise with your WAN provider to see if they will also gather trace data for you at the same time. With two lots of trace data, you can find out if the problem is on one side of your IP route or the other. Happy tracing and good luck! Cheers, Lofty.

We're using Cacti where I work and I like it quite well. Ethereal is a good tool but unless they've made major changes in it since it became WireShark, it can't packet sniff beyond the interface of whatever PC you're running it on. Not very useful in a large environment unless you enjoy running around with a laptop plugging into different physical segments....