Internet Auditing and Troubleshooting

Terms

Speedtests for a location should all be performed on the same website, e.g. speedtest.com

Network Appliances

Establishing a Baseline

Establish a baseline by finding out what the paid for internet speed from the ISP is.
Confirm this baseline by running a speedtest from a computer connected as close as possible to the uplink connection. This speedtest should match the paid for internet speed within ~10% margin.

From here, we can troubleshoot downsteam equipment as ncessary.

Layer 1/Layer 2 Troubleshooting

Confirm that the cabling in the building is the appropriate category for the speeds provided by the ISP, and the distances in the building.
If speeds are slow here, check against known good cables
Confirm that any Layer 2 Switches have the throughput appropriate for the bandwidth of the network.
Check the negotiated link speed/duplex on NIC and switch ports to confirm appropriate speeds
Check against additional physical ports to verify that the issue is not specific to the tested port.
Check that any SFPs/tranceivers are appropriate for the function and can transmit the correct bandwidth.

Layer 3 Troubleshooting

Routers and Switches

Confirm that any routers are outputting the correct speed from the ISP from a wired ethernet connection with a laptop performing a speedtest.
Verify that packets are being routed appropriatly to the router/access point and not elsewhere
Check QoS policies and settings
Check resource usage, as well as rate limiting inside any Layer 3 switch or router configuration portals.
As always, logs should be reviewed when issues arise.

Access Points

Confirm that there is appropriate coverage for the space the access points are installed in. This can be checked by walking around the space with a mobile device (such as a phone) running a speed test.
For Wifi 6+, “the best case scenario” is that speeds are ~90% as good as a wired connection.
Confirm that channel overlap, channel width, and co-channel interference are appropriate with built in configuration portal tools.
Additionally, transmit power, band steering, and coverage should be checked as well as auto-failover and client roaming settings.
If the speeds are lower than ~90% of the wired connection, run a speedtest from a mobile device directly next to the AP. If the speeds are appropriate, band optimization should be applied
If band optimization is applied and speeds are still slow, more APs are needed.
Take into account any physical barriers that are blocking the access point locations.

Layer 4/5 Troubleshooting

Check that any hardware firewall appliances are capable of transmitting the correct bandwidth from the ISP from a direct connection with a laptop performing a speed test.
Check for any rate limiting inside any Layer 4 or 5 appliances. As always, logs should be reviewed when issues arise.
Check concurrent session/state table, throughput benchmarking, and inspection engines
Check resource utilization by the firewall to confirm it is not overloaded.
Check internal documentation for customer for any middle boxes, e.g. WAN Optimizer, IDS/IPS content filters, etc

”Slow” Websites

Often, users will report specific websites being slow, here are a couple of things that might be the cause.

Bad DNS Route. This can be confirmed by running an MTR to the specified website location. If a route is bad there will often be a large amount of ping added when routed through that server.
Check content filtering on the firewall or other filtering appliance, as well as any antivirus installed on the computer for blocking connection to the website.
If an issue is found here, add an exception to the website

Tools

iperf - used for measurements of the maximum achievable bandwidth on IP networks (and where bandwidth loss happens)
WireShark - protocol analyzer tool for monitoring incoming and outgoing networking traffic
SpeedTest by Ookla - speed tester showing main web server that the upstream link is connected to\ WinMTR - used for checking routes to specified web server