back caretBlog

Troubleshooting Network Issues for Your Web Application

Note: The ExtraHop Discovery Edition is no longer actively maintained, but the content of this post is still applicable to existing DE license-holders and Enterprise customers.

Troubleshooting poor web application performance can be frustrating because you don't know where to look first. That's why we created the web application performance troubleshooting guide (no registration required!). It shows how to troubleshoot common web application performance issues using the free ExtraHop Discovery Edition. By analyzing your wire data—all L2-L7 communications on the wire—you can quickly troubleshoot issues caused by overloaded servers, changed APIs, crashed equipment, network bandwidth constraints, and more.

Sometimes the Network Really Is the Problem

So let's get to it. In this post we are focusing on network connectivity and performance problems. "The network is slow" is an all-too-common lament. Despite its frequent vilification, it is worth the time to investigate how well the network is delivering applications. Where should you start? The ExtraHop Discovery Edition makes this investigation easy by showing slow performance or anomalous network activity caused by unplugged cables, broadcast storms, rebooted network switches, virtual packet loss, or modified VLAN tags, for instance.

The steps below demonstrate how you can identify a low-level network connectivity issue. And while this scenario primarily relies on simple L2 analysis, keep in mind that ExtraHop also provides terrific L4 TCP analysis and L7 application-level analysis so that you can dig deeper into web application performance issues.

Looking at the Summary page, we can see what appears to be two minutes (14:47 to 14:49) of almost no activity on the network.

ExtraHop shows traffic per L7 protocol.

Selecting Network and then L2 in the tree control, we can verify that both the number of packets per second and throughput dropped to near zero (12.73 packets/second and 12Kbps, respectively) during that time period. Most likely, this trickle of traffic is localized broadcast traffic.

L2 traffic drops off for two minutes, indicating a network switch reboot.

Layer 2 traffic was virtually nil for two minutes, indicating a network equipment problem. It seems likely that a network switch rebooted, preventing users from connecting to the web server. Looking at Layer 2 activity helped to quickly identify this issue. Now, this leads to the next question, which is why the network switch rebooted. We'll tackle that question in the next scenario. Stay tuned for next week's post!

There are many other situations where ExtraHop's wire data analytics can help to make life easier. Ready to give it a try? Download the free ExtraHop Discovery Edition today and start analyzing your wire data.

The ExtraHop Discovery Edition is a virtual appliance you can run on a bare-metal hypervisor, on a desktop hypervisor, or in the AWS cloud. It provides you with the ability to listen in on what your servers are communicating to each other on the wire.
ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed