A considerable part of monitoring the Transport Layer is actually looking for symptoms, which suggest problems at lower layers. These symptoms often relate to retransmissions and difficulty in achieving high throughput because the TCP slow-start process is not able to reach its full potential for large transfers. If the lower layers are operating without problems, less-than-optimum performance may sometimes be traced to Transport layer configuration parameters. Changing the window size for hosts performing large transfers may be helpful if simple bandwidth and file size calculations suggest that a large transfer should have taken considerably less time even when zero windows are not observed. Dropped packets suggest buffering or queuing problems, flapping routes, and so on.

If monitoring suggests that further investigation is warranted, use of one or more of the following would be the next step in either isolating the source of the problem or further characterizing the problem:

 

  • SNMP analysis of infrastructure devices along the path, checking for errors and utilization statistics
  • Flow protocol analysis of utilization statistics
  • Console access to infrastructure devices along the path, checking for errors and utilization statistics

 

If no errors or bandwidth problems are discovered, protocol analysis often the next step in discovering the cause. In a few cases the problem is due to Layer 4, but more often it is a lower-layer problem showing as a Layer 4 symptom.

Network and Application Troubleshooting Guide, Second Edition