Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Server & Application Monitor (SAM) > SAM - Knowledgebase Articles > Incorrect 80% packet loss statistics returned by Connection Quality polling in SAM

Incorrect 80% packet loss statistics returned by Connection Quality polling in SAM

Updated July 3, 2018

Overview

This article describes issues that cause SAM's Connection Quality polling to report an 80% packet loss statistic that is not valid. Connection Quality polling is subset of the Application Dependencies feature (also called Application Dependency Mapping or ADM) introduced in SAM 6.0. The issue may be related to a scan prevention mechanism that blocks polling.

Environment

  • SAM 6.0 or later
  • Application Dependencies feature enabled (Application Settings page)
  • Connection Quality polling enabled (Application Settings page)

Cause 

If Connection Quality polling incorrectly but consistently reports an 80% packet loss for nodes, the issue may be related to a scan prevention mechanism such as Microsoft's Stealth mode that drops every packet to a port if no service listens on that port. See Stealth Mode in Windows Firewall with Advanced Security for reference (© 2018 Microsoft Corp, obtained on May 18, 2018).

The firewall on the client side of the TCP connection filters out response packets if it cannot find an open listening TCP socket port on the client. Nping does not open the (random) port in -tcp mode so the local firewall drops incoming SYN-ACK packets before Nping can receive them  (© 2018 Nmap, obtained on May 18, 2018). 

Resolution

To retrieve accurate packet loss metrics, you can disable the scan prevention mechanism or modify its rules, as described in How to disable Stealth mode in Windows. (© 2018 Microsoft Corp, obtained on May 18, 2018.) Note that this may not be desirable from a security point-of-view.

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. Your organization should internally review and assess to what extent, if any, recommendations will be incorporated into your environment. You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

Last modified

Tags

Classifications

Public