Blog

Windows Network Metric Guide

November 15, 2017 | Susan Bilder

Today’s post will look at network monitoring from the perspective of a Windows endpoint in a local area network (LAN), and outline performance metrics specific to optimizing processing incoming and outgoing traffic.

Hardware and Configuration

When monitoring network traffic on a Windows computer, there are several computer specific items to keep in mind:

  • Network Cards

    A physical network card, or a virtualized network card emulator for a Windows virtual machine, has specifications for the standards and data transfer rate it supports. Current network cards typically use Ethernet (IEEE 802.3) or WiFi (IEEE 802.11) standards, however newer standards are being developed as technology updates.

    As hardware and data compression technologies have improved over time, data transfer speeds have increased significantly. 802.3 ethernet standards introduced in 1999 outlined 10Mbps (Mega bit per second) speeds, using CAT3 twisted copper wiring, while current LANs can run up to 100Gb (100,000Mbps) and use fiber optic cable.

    The speed for your network card is available in its properties in Windows. In most versions of Windows, you can get there by going to Control Panel → View Network Status and Tasks → Change Adapter Settings. This will provide a display of your network adapters, e.g.


    Windows Network Adapter List

    Windows Network Adapter List


    Double-click on the Ethernet icon to view its status:

    Network Adapter Status Display
    Network Adapter Status Display


    The status display will provide the speed for the ethernet connection, how long the connection has been active, and how many bytes have been sent and received over that time.

    Note that the Speed can either be set to Full Duplex or Half Duplex. In Full Duplex, data can be transmitted and received at the same time, while in Half Duplex the data cannot be transmitted and received simultaneously. Most Windows network connections are set to Full Duplex, but you can check the setting by clicking on Properties in the Ethernet Status window, selecting the Advanced tab, and checking the Speed & Duplex setting:


    Windows Network Adapter Duplex Setting
    Windows Network Adapter Duplex Setting


  • Network Card Drivers and Settings

    In addition to knowing the speed for your network connection, you may also need find information about the driver and the network card’s settings, especially if you need to troubleshoot a network connection. Click on the Properties button in the Ethernet Status window to view the network card’s settings, and on the Configure button in the Properties page to view additional details, including the driver:


    Windows Network Adapter Properties
    Windows Network Adapter Properties


    Windows Network Adapter Drivers
    Windows Network Adapter Drivers


  • Windows version limitations

    Microsoft Windows limits the capabilities of its desktop operating systems, and if you cannot connect over the network to a desktop of Windows you could be running in to this limitation. The maximum number of connections is specified in the Terms and Conditions for the License. In the most recent license agreement, up to 20 concurrent connection are allowed - to find the exact number for your version of Windows, look for the license agreement, and the number of connections will be outlined in section 2.


Windows Network Metrics

  • Packets

    Data is transmitted between applications using packets, which are units of information using an application specific length and format. For example, MS SQL uses a default packet size of 4,096 bytes, but can be configured to use longer packets to reduce read/write operations, or shorter packets if smaller units of data are typically transmitted. Since packets may be of differing lengths, the number of packets sent or received is a measure of network activity, but not of the total amount of data transmitted.

    Due to variable packet size, there is no way to set an upper threshold on how many packets can be sent or received with respect to the speed of the interface. Monitor Network Interface\Packets Received/sec and Network Interface Packets Sent/sec against baseline values for the server’s busiest transmission times.


  • Packet Loss

    Most Windows applications use TCP, which is connection-oriented. That means sending applications keep track of the packets they send, and expect an acknowledgement (ACK) that each packet has been received. If a sender does not receive an ACK for a packet, it retransmits that packet. A high rate of lost packets can indicate a noisy network or a network with excessive traffic.

    Monitor Network Adapter\Packets Received Errors and Network Adapter\Packets Outbound Errors. Ideally these values should be 0, but if your network is noisy use a baseline value as a threshold.


  • Latency

    Latency is a measure of the travel time between the sender and receiver, and will increase on a noisy or busy network. Latency is measured in milliseconds (ms), and while zero latency is not expected, it should baseline at a low value. The screenshot below shows a Windows Resource Monitor Network display with TCP connections per network connected process, including Packet Loss and Latency.


    Windows Resource Monitor Network TCP Connections Display with Process Latency
    Windows Resource Monitor Network TCP Connections Display with Process Latency


    Monitor latency by measuring round trip time for connections that have small packet sizes, for example, a ping transaction. Develop a baseline for round trip time and use this as a threshold.


  • Bandwidth

    Bandwidth is a measure of how much of an interface’s capacity is in use. This should be evaluated with respect to the speed of the interface and whether the interface is full or half duplex.


    Longitude Network Usage Display
    Longitude Network Usage Display


    Bytes received and sent can be monitored through Bytes Received/sec and Bytes Sent/Sec in either the Network Adapter or Network Interface Performance counters. These values should be measured against baseline values.


  • Output Queue Length

    If a server has more data to transmit than its interface can send at any given time, packets will be queued up to be sent when capacity is available. This value can be monitored through the Output Queue Length object for either the Network Adapter or Network Interface Performance counters, and should be 0.


  • Port Availability

    TCP connections bind to specific, and usually well-known, ports. If a TCP connection fails, verify that the port is available. This can be done using the “netstat” command, or a port check utility such as Longitude’s Port Transaction.


Summary

Monitoring network usage and errors can optimize data transmission between servers and clients. The following metrics provide an overview of network activity on Windows computers and detect network problems that can impede network activity:


Metric Threshold Problem Indicated
Network Interface/
Packets Received/sec

Network Interface/
Packets Sent/sec
Baseline More data is being transmitted or received than typical. If in conjunction with packet errors, may indicate data retransmissions.
Network Adapter/
Packets Received Errors

Network Adapter/
Packets Outbound Errors
> 0 Packet errors may indicate a noisy network or problems transmitting to the receiving computer.
Ping packet round trip time Deviates from baseline High round trip times can indicate a noisy or congested network.
Network Adapter/
Bytes Received/sec

Network Adapter/
Bytes Sent/Sec

Network Interface/
Bytes Received/sec

Network Interface/
Bytes Sent/Sec
Deviates from baseline Rates that are too high indicate congestion at the Windows computer and may indicate network congestion. If in conjunction with packet errors, may indicate data retransmissions.
Network Adapter/
Output Queue Length

Network Interface/
Output Queue Length
< 1 The sender has more data to send than its hardware can process. May indicate the need for upgraded hardware. If in conjunction with packet errors, may indicate data retransmissions.
Port Availability: netstat or Longitude Port Transaction Port is available If port is unavailable it may indicate network congestion, the service for the software is unavailable,or a connection limitation for desktop versions of Windows .

 

Want to learn more?

Download our Best Practices for Server Monitoring Whitepaper and learn how to achieve a successful long-term server monitoring strategy by focusing on an approach that is lightweight, efficient, resilient, and automated.

Download the whitepaper: Best Practices for Server Monitoring

 

Sign Up for the Blog

Heroix will never sell or redistribute your email address.