Today’s post will look at network monitoring from the perspective of a Windows endpoint in a local area network (LAN), and outline performance metrics specific to optimizing processing incoming and outgoing traffic.
Hardware and Configuration
When monitoring network traffic on a Windows computer, there are several computer specific items to keep in mind:
- Network Cards
A physical network card, or a virtualized network card emulator for a Windows virtual machine, has specifications for the standards and data transfer rate it supports. Current network cards typically use Ethernet (IEEE 802.3) or WiFi (IEEE 802.11) standards, however newer standards are being developed as technology updates.
As hardware and data compression technologies have improved over time, data transfer speeds have increased significantly. 802.3 ethernet standards introduced in 1999 outlined 10Mbps (Mega bit per second) speeds, using CAT3 twisted copper wiring, while current LANs can run up to 100Gb (100,000Mbps) and use fiber optic cable.
The speed for your network card is available in its properties in Windows. In most versions of Windows, you can get there by going to Control Panel → View Network Status and Tasks → Change Adapter Settings. This will provide a display of your network adapters, e.g.
Windows Network Adapter List
Double-click on the Ethernet icon to view its status:
Network Adapter Status Display
The status display will provide the speed for the ethernet connection, how long the connection has been active, and how many bytes have been sent and received over that time.
Note that the Speed can either be set to Full Duplex or Half Duplex. In Full Duplex, data can be transmitted and received at the same time, while in Half Duplex the data cannot be transmitted and received simultaneously. Most Windows network connections are set to Full Duplex, but you can check the setting by clicking on Properties in the Ethernet Status window, selecting the Advanced tab, and checking the Speed & Duplex setting:
Windows Network Adapter Duplex Setting
- Network Card Drivers and Settings
In addition to knowing the speed for your network connection, you may also need find information about the driver and the network card’s settings, especially if you need to troubleshoot a network connection. Click on the Properties button in the Ethernet Status window to view the network card’s settings, and on the Configure button in the Properties page to view additional details, including the driver:
Windows Network Adapter Properties
Windows Network Adapter Drivers
- Windows version limitations
Microsoft Windows limits the capabilities of its desktop operating systems, and if you cannot connect over the network to a desktop of Windows you could be running in to this limitation. The maximum number of connections is specified in the Terms and Conditions for the License. In the most recent license agreement, up to 20 concurrent connection are allowed - to find the exact number for your version of Windows, look for the license agreement, and the number of connections will be outlined in section 2.
Windows Network Metrics
Data is transmitted between applications using packets, which are units of information using an application specific length and format. For example, MS SQL uses a default packet size of 4,096 bytes, but can be configured to use longer packets to reduce read/write operations, or shorter packets if smaller units of data are typically transmitted. Since packets may be of differing lengths, the number of packets sent or received is a measure of network activity, but not of the total amount of data transmitted.
Due to variable packet size, there is no way to set an upper threshold on how many packets can be sent or received with respect to the speed of the interface. Monitor Network Interface\Packets Received/sec and Network Interface Packets Sent/sec against baseline values for the server’s busiest transmission times.
- Packet Loss
Most Windows applications use TCP, which is connection-oriented. That means sending applications keep track of the packets they send, and expect an acknowledgement (ACK) that each packet has been received. If a sender does not receive an ACK for a packet, it retransmits that packet. A high rate of lost packets can indicate a noisy network or a network with excessive traffic.
Monitor Network Adapter\Packets Received Errors and Network Adapter\Packets Outbound Errors. Ideally these values should be 0, but if your network is noisy use a baseline value as a threshold.
Latency is a measure of the travel time between the sender and receiver, and will increase on a noisy or busy network. Latency is measured in milliseconds (ms), and while zero latency is not expected, it should baseline at a low value. The screenshot below shows a Windows Resource Monitor Network display with TCP connections per network connected process, including Packet Loss and Latency.
Windows Resource Monitor Network TCP Connections Display with Process Latency
Monitor latency by measuring round trip time for connections that have small packet sizes, for example, a ping transaction. Develop a baseline for round trip time and use this as a threshold.
Bandwidth is a measure of how much of an interface’s capacity is in use. This should be evaluated with respect to the speed of the interface and whether the interface is full or half duplex.
Longitude Network Usage Display
Bytes received and sent can be monitored through Bytes Received/sec and Bytes Sent/Sec in either the Network Adapter or Network Interface Performance counters. These values should be measured against baseline values.
- Output Queue Length
If a server has more data to transmit than its interface can send at any given time, packets will be queued up to be sent when capacity is available. This value can be monitored through the Output Queue Length object for either the Network Adapter or Network Interface Performance counters, and should be 0.
- Port Availability
TCP connections bind to specific, and usually well-known, ports. If a TCP connection fails, verify that the port is available. This can be done using the “netstat” command, or a port check utility such as Longitude’s Port Transaction.
Monitoring network usage and errors can optimize data transmission between servers and clients. The following metrics provide an overview of network activity on Windows computers and detect network problems that can impede network activity:
|Baseline||More data is being transmitted or received than typical. If in conjunction with packet errors, may indicate data retransmissions.|
Packets Received Errors
Packets Outbound Errors
|> 0||Packet errors may indicate a noisy network or problems transmitting to the receiving computer.|
|Ping packet round trip time||Deviates from baseline||High round trip times can indicate a noisy or congested network.|
|Deviates from baseline||Rates that are too high indicate congestion at the Windows computer and may indicate network congestion. If in conjunction with packet errors, may indicate data retransmissions.|
Output Queue Length
Output Queue Length
|< 1||The sender has more data to send than its hardware can process. May indicate the need for upgraded hardware. If in conjunction with packet errors, may indicate data retransmissions.|
|Port Availability: netstat or Longitude Port Transaction||Port is available||If port is unavailable it may indicate network congestion, the service for the software is unavailable,or a connection limitation for desktop versions of Windows .|
Want to learn more?