Linux answers the age-old question, "Why is my network slow?"

David M Williams
Wednesday, 23 July 2008 20:47

Opinion and Analysis

Here’s two excellent programs which will do the very thing we want. The first is Wireshark which you may also have heard of under the previous name Ethereal. Wireshark is a packet sniffer with an open architecture allowing people worldwide to add to its smarts.

Put simply, Wireshark will keep its virtual ears open for all the TCP/IP activity on your network. This is true of many other pieces of software in the category of packet sniffers, but what sets Wireshark apart is it will interpret the packets to tell you just what they mean – whether they are e-mail traffic, or web page visits, or instant messaging or anything else out of the horde of protocols it knows about. Wireshark has an active community who contribute to it so it is always being updated. This is a tremendous advantage of open source software.

Wireshark is available under the standard package utility for most Linux distributions. For the ASUS Eee an extra step is required, because by default it only draws down from ASUS’ restricted set of packages. Press CTRL-ALT-T to launch a console window. Type sudo synaptic to launch the Synaptic package manager. Click the Settings/Repositories menu, click New, and specify a new repository at URI http://ftp.us.debian.org/debian. Enter ‘stable’ as the distribution and ‘main’ as the section. Click OK. Synaptic will prompt you to reload its list of packages; do this then click search and type in wireshark.

You will be presented with a list of matching packages. Find the one explicitly called ‘wireshark’ towards the bottom and right-click on it. Mark it for installation. You will be prompted to install some dependent components (libadns1 and wireshark-common.) Mark both these too and then click Apply. Close Synaptic and return to the console window.

Type sudo wireshark to launch Wireshark. Click the Capture/Interfaces menu to begin capturing data on a specified network interface – whether the Ethernet adapter, or WiFi adapter or anything else. You’ll be presented with some statistics on what’s being captured but you can’t view it until you opt to stop capturing data. You may then analyse your captured data. The Statistics menu may be particularly interesting, showing conversations, IO graphs, and a great many other items.

Wireshark truly is an extremely useful tool. It can greatly assist in working out what happened on your network, during any point in the period for which you captured data. It has many far-reaching uses beyond the purpose for which I’m using it in this article.

As you’ll have realised, mind you, it’s not live. It still won’t help tell you why your network is slow right now. For that, there’s another program we can use.

IPTraf is largely a program that is similar in intention to Wireshark but with one major distinction, namely IPtraf gives live output. From a terminal window run sudo apt-get install iptraf to install, then sudo iptraf to run the program.

You’ll be prompted for the type of activity you wish to perform – in our case, IP traffic monitor – and then the interface to monitor (typically “all interfaces”.) Now you can happily see what is consuming bandwidth right at any given time. There are some caveats: destination addresses are stripped off the summary screen to save screen real estate, and the frequency at which the screen updates is a configurable item. You may need to experiment with more frequent values to find a refresh rate that suits you.

Nevertheless, we’ve done it. No need to pay for expensive proprietary networking equipment. Using any old computer or laptop lying around and some free open source software we’ve made our own network diagnostic system to answer that perennial question, "why is the network so slow?"