Periodic Loss of Network Connectivity

edit

I’m new to wireshark and a novice when it comes to network analysis. My main job is software development, but in my company the IT staff wear many hats. Please forgive me if this is not the correct forum to post this.

Over the past four months we’ve been experiencing periodic, but complete loss of network connectivity. It is random. It will last anywhere from one minute to 10+ minutes. Then all will clear up as if nothing was wrong. I’ve suspected a packet storm caused by a bad device, but just can’t find it because there isn’t enough time when it does occur to find the offending device. I’ve reviewed the switch logs to see if there is one device that is showing a large amount of traffic at a particular point in time, but nothing jumps out. Or, maybe there is just so much traffic during the work day the switches and/or servers just can’t keep up.

What I’d like to do is monitor traffic for 24 hour to see if the problem is occurring after work hours, when no one is in the building. If it does occur during off hours then that it’s not necessarily a capacity problem with the switches or servers, and maybe therefore there is a failing device. If there aren’t any dropouts (for lack of a better term) during off hours, then I guess that points to something else, although there still could be a misbehaving device that someone turns on when they get to work.

I’m thinking of setting up a continuous ping either to one of the domain controllers or firewall. Can Wireshark be setup to report a period of long latency that last for more than a say 30 seconds? Or can it capture the ping traffic then I’ll analyze the next day by looking for a delay or loss? Does this make sense to proceed that way?