A few thoughts, since I used to do this kind of stuff fairly often..
A sniffer is only so good. A lot of NIC's hide most of the L1/L2 errors from the upper layers, so you don't see them. i.e., you're not going to see a CRC error on an Ethernet frame with a sniffer. What you'll see on a sniffer are SYMPTOMS of network problems, not the problems themselves. The one sniffer product that does better than others is Network General Sniffer. It's an excellent product, but VERY pricey and probably out of your budget.
If you're looking for problems, the best place to start is your infrastructure. Look at your switches and routers and see what they are up to. Look for things like CRC errors, collisions, runts, giants, etc. on your switch ports and various errors on the WAN links.
If you're comfortable with Linux, go out and find a spare box and install MRTG or something of the like. Get it setup to poll your switches and routers to see what's going on. I'd make sure to run it at least every minute, so that you have granular data.
Other tips..
Is there anything common about these slow times? Is it everyone or is it just a few people? It could be just one or two things happening that have a ripple-down affect. i.e., a server-to-server data copy job starts which consumes 90% of the resources on the mail file server with home directories. Access to this server becomes very slow, causing machines to slow down in general as people work on documents, e-mail pst's on their home drive, etc.
A few other tricks:
- Setup something as simple as a ping test from a non-domain machine that has nothing major running on it.
- Go get Ping Plotter and setup a constant ping across your network to see where the latency starts.
- Use something like MRTG to look at all of the stats in a slow network time and see if there seems to be anything that looks odd.
- Check your server jobs - Backups, data syncs, database dumps for backups, etc. They can have a profound ripple-down affect on your users.
- G
Facebook
Twitter