Chapter 14
422
FIGURE 14-1
Basic network setup.
The important thing to remember when dealing with a network is to view it as a single unit instead of a group of individual connected devices. This also applies to the wide-area connections that are used when connecting to the Internet. Changes that are made to the routers at your location directly affect the efciency and reliability of communication throughout the entire system. Understanding and Establishing the Boundaries of the Network In an enterprise network, it is important that the network staff members know their responsibilities. Is it the responsibility of the network staff to diagnose problems on a users desktop, or is it simply to determine that a users problem is not communication-related? Does the network staffs responsibility extend only as far as the horizontal cabling wall plate, or does that responsibility extend all the way to the NIC? These denitions are important to a networking department because they affect the workload of each person and the cost of network services for the enterprise. The greater the responsibility of a network staff, the greater the resource cost. Imagine a restaurant owned and operated by a single individual. Only one person is responsible for all tasks, including cooking, serving, washing dishes, and paying the bills. The human-resource cost of the restaurant is relatively low, but possibilities for growth and expansion are limited until the owner hires cooks, waiters, bussers, and accountants. When responsibilities are divided, the restaurant can serve more people more efciently. The trade-off, of course, is that resource costs have risen along with growth and expansion.
423 Just as the restaurant example showed, the job of network support can encompass all aspects of the network, or it can be limited to just certain components. These responsibilities need to be dened and enforced on a department-bydepartment basis. The key to understanding this relationship is that making the responsibility area too large can overburden the resources of the department, but making the area too small can make it difcult to effectively resolve the problems on the network. Costs of a Network Network administration encompasses many responsibilities, including cost analysis. This means determining not only the cost of network design and implementation, but also the cost of maintaining, upgrading, and monitoring the network. Determining the cost of network installation is not a particularly difcult task for most network administrators. Equipment lists and costs can be readily established; labor costs can be calculated using xed rates. Unfortunately, the cost of building the network is just the beginning. Some of the other cost factors that must be considered are the following: Network growth over time Technical and user training Repairs Software deployment These cost factors are much more difcult to project than the cost of building the network. The network administrator must be able to look at historical and company growth trends to project the cost of growth in the network. A manager must look at new software and hardware to determine whether the company needs to implement them (and when), as well as to determine what staff training is needed to support these new technologies.
The cost of redundant equipment for mission-critical operations should also be added to the cost of maintaining the network. Think of running an Internetbased business that uses a single router to connect to the Internet. If that router fails, your company is out of business until you replace that router, which could cost the company thousands of dollars in lost sales. A wise network administrator might keep a spare router on the premises to minimize the time that the company is ofine. Error Report Documentation As mentioned in the previous semesters materials, effective network management requires thorough documentation, so when problems arise, some form of
Chapter 14
424 error document should be generated (see Figure 14-2). This document is used to gather the basic information necessary to identify and assign a network problem, and it also provides a way of tracking the progress and eventual solution of the problem. Problem reports provide justication to senior management for hiring new staff, purchasing equipment, and providing additional training. This documentation also provides solutions to recurring problems that have already been resolved.
FIGURE 14-2
Error report documentation.
All the material presented so far in this chapter deal with the nontechnical issues of network management. The rest of this chapter deals with the tools that are available to monitor and diagnose problems on a wide-area network (WAN).
425 Connection Monitoring One of the most basic forms of connection monitoring takes place every day on a network. The process of users logging on to the network veries that connections are working properly, or the networking department will soon be contacted. This is not the most efcient or preferable method of connection monitoring available, however. Simple programs can enable the administrator to enter a list of host IP addresses so that these addresses are periodically pinged. If a connection problem exists, the program will alert the administrator by the ping output. This is an inefcient and primitive way to monitor the network, but it is better than nothing. Another aspect of this type of monitoring is that it determines that there is a communication breakdown only somewhere between the monitoring station and the target device. The fault could be a bad router, switch, or network segment. The ping test indicates only that the connection is down; it does not indicate where the problem is. Checking all the hosts on a WAN using this type of monitoring involves many resources. If the network has 3000 hosts on it, pinging all the network devices and hosts can use a great deal of system resources. A better way is to ping just a few of the important hosts, servers, routers, and switches to verify their connectivity. These ping tests will not give true data unless workstations are always left on. Again, this method of monitoring should be used only if no other method is available. Trafc Monitoring Trafc monitoring is a more sophisticated method of network monitoring. It looks at the actual packet trafc on the network and generates reports based upon the network trafc. Programs, such as Microsoft Windows NT Network Monitor and Flukes Network Analyzer, are examples of this type of software. These programs not only detect failing equipment, but they also determine whether a component is overloaded or poorly congured. The drawback to this type of program is that it normally works on a single segment at a time; if data needs to be gathered from other segments, the monitoring software must be moved to that segment. You can overcome this by using agents on the remote network segments (as shown in Figure 14-3). Equipment, such as switches and routers, can generate and transmit trafc statistics as part of their operating system. So, how is the data gathered and organized in one central location to be useful to the network administrator? The answer: the Simple Network Management Protocol.
Chapter 14
426
FIGURE 14-3
SNMP layout.
Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a protocol that allows management to transmit statistical data over the network to a central management console. SNMP is a component of the Network Management Architecture, which consists of four major components:
Management stationThe network managers interface into the network system. It has the programs to manipulate data and control the network. The management station also maintains a Management Information Base (MIB) extracted from the devices under its management. Management agentThe component that is contained in the devices that are to be managed. Bridges, routers, hubs, and switches might contain SNMP agents to allow them to be controlled by the management station. The management agent responds to the management station in two ways. First, through polling, the management station requests data from the agent, and the agent responds with the requested data. Second, trapping is a data-gathering method designed to reduce trafc on the network and process on the devices being monitored. Instead of the management station polling the agents at specic intervals continuously, thresholds (top or bottom limits) are set on the managed device. If this threshold on the device is exceeded, the managed device sends an alert message to the management station. This eliminates the need to continuously poll all the managed devices on the network. Trapping is benecial on networks with a large number of devices that need to be managed. It reduces the amount
427 of SNMP trafc on the network to provide more bandwidth for data transfer. Management Information Base (MIB)Has a database structure and resides on each device that is managed. The database contains a series of objects, which are resource data gathered on the managed device. Some of the categories in the MIB include port interface data, TCP data, and ICMP data. Network management protocolUsed is SNMP. SNMP is an application layer protocol designed to communicate data between the management console and the management agent. It has three key capabilities: the capability to GET the management console retrieving data from the agent, to PUT the management console setting object values on the agent, and to TRAP the agent notifying the management console of signicant events. The key word to remember in Simple Network Management Protocol is simple. When SNMP was developed, it was designed to be a short-term system that would later be replaced. But just like TCP/IP, it has become one of the major standards in Internet/intranet management congurations. Over the last few years, enhancements have been added to SNMP to expand its monitoring and management capabilities. One of the greatest enhancements to SNMP is called Remote Monitoring (RMON). RMON extensions to SNMP give you the ability to look at the network as a whole instead of looking at individual devices. Remote Monitoring Probes gather remote data in Remote Monitoring (RMON). A probe has the same function as an SNMP agent. A probe has RMON capabilities; an agent does not. When working with RMON, as with SNMP, a central management console is the point of data collection. An RMON probe is located on each segment of the network monitored. These probes can be dedicated hosts, resident on a server, or can be included in a standard networking device, such as a router or a switch. These probes gather the specied data from each segment and relay it to the management console. Redundant management consoles provide two major benets to network management processes. First is the capability to have more than one network administrator in different physical locations monitor and manage the same network (for example, one in New York and one in San Jose). Second is the all-important concept of redundancy. Having two or more management consoles means that if one console fails, the other console still can be used to monitor and control the network until the rst console is repaired (see Figure 14-4). The RMON extension to the SNMP protocol creates new categories of data. These categories add more branches to the MIB database. Each of the major categories is explained in the following list:
The Ethernet Statistics GroupContains statistics gathered for each monitored subnetwork. These statistics include counters (incremental that start
Chapter 14
428 from zero) for bytes, packets, errors, and frame size. The other type of data reference is an index table. The table identies each monitored Ethernet device, which allows counters to be kept for each individual Ethernet device. The Ethernet Statistics Group provides a view of the overall load and health of a subnetwork by measuring different types of errors, including CRC, collisions, and over- and undersized packets.
FIGURE 14-4
Network with dual management consoles.
The History Control GroupContains a data table that records samples of the counters in the Ethernet Statistics Group over a specied period of time. The default time set up for sampling is every 30 minutes (1800 seconds), and the default table size is 50 entries, giving a total of 25 hours of continuous monitoring. As the history is created for the specied counter, a new entry is created in the table at each sample interval until the limit of 50 is reached. Then as each new entry is created, the oldest entry in the table is deleted. These samples provide a baseline of the network and can be used to compare against the original baseline to resolve problems or to update the baseline as the network changes. The Alarm GroupUses user-specied limits called thresholds. If the data counters being monitored cross the thresholds, a message or alarm is sent to the specied people. This process, known as an error trap, can automate many functions of network monitoring. Instead of having a person constantly and directly monitoring the network or waiting for a user to
429 identify a problem with the network, the network process itself can send messages to the network personnel because of a failure or, more importantly, an impending failure. This is an important component of preemptive troubleshooting. The Host GroupContains counters maintained about each host discovered on the subnetwork segment. Some of the counter categories maintained are packets, octets, errors, and broadcasts. Types of counters associated with each of the previously mentioned items could be, for example, total packets, packets received, and packets sent, along with many counters specic to the type of item. The Host TOPN GroupUsed to prepare reports about a group of hosts that top a statistical list based on a measured parameter. The best way to describe this group is by example. A report could be generated for the top ten hosts generating broadcasts for a day. Another report might be generated for the most packets transmitted during the day. This category provides an easy way to determine who and what type of data trafc most occupies the selected subnetwork. The Matrix GroupRecords the data communication between two hosts on a subnetwork. This data is stored in the form of a matrix (a multidimensional table). One of the reports that can be generated from this category is which host utilizes a server. Reorganizing the matrix order can create other reports. For example, one report might show all users of a particular server, while another report shows all the servers used by a particular host. The Filter GroupProvides a way that a management console can instruct an RMON probe to gather selected packets from a specic interface on a particular subnetwork. This selection is based on the use of two lters, the data and the status lter. The data lter is designed to match or not match particular data patterns, which allows for the selection of that particular data. The status lter is based on the type of packet looked at, such as a CRC packet or a valid packet. These lters can be combined using logical and and or to create very complicated conditions. The lter group enables the network administrator to selectively look at different types of packets to provide better network analysis and troubleshooting. The Packet Capture GroupAllows the administrator to specify a method to use to capture packets that have been selected by the Filter Group. By capturing specied packets, the network administrator can look at the exact detail for packets that meet the basic lter. The packet group also species the quantity of the individual packet captured and the total number of packets captured.
Chapter 14
430 The Event GroupContains events generated by other groups in the MIB database. An example is a counter exceeding the threshold for that counter specied in the Alarm Group. This action would generate an event in the Event Group. Based on this event, an action could be generated, such as issuing a warning message to all the people listed in the Alarm Groups parameters or creating a logged entry in the event table. An event is generated for all comparison operations in the RMON MIB extensions. The Token Ring GroupContains counters specic to Token Ring networks. Although most of the counters in the RMON extensions are not specic to any type of data-link protocol, the Statistics and History Groups are. They are particularly attuned to the Ethernet protocol. The Token Ring Group creates counters necessary to monitor and manage Token Ring networks using RMON. Remember that RMON is an extension to the SNMP protocol. Specically, this means that although RMON enhances the operation and monitoring capabilities of SNMP, SNMP is still required for RMON to operate on a network. As a last point, it is important to mention that there are later revisions of both SNMP and RMON, labeled as SNMPv2 and RMON2. This curriculum does not cover all the new capabilities of these versions.
Troubleshooting Networks
Problems happen! Even when the network is monitored, the equipment is reliable, and the users are careful, things will go wrong. The test of a good network administrator is the ability to analyze, troubleshoot, and correct problems under pressure of a network failure that causes company downtime. The suggestions in this section review troubleshooting techniques and offer other tools for troubleshooting a network. This is a review of previous and some additional techniques for troubleshooting a network. As stated previously, these techniques can be the best tools in curing network problems. The rst and most important thing in troubleshooting networks is to use your engineering journal and to take notes. Note-taking can dene a clear path to diagnosing a problem. It can tell you what you have already tried and what effect that had on the problem. This can be extremely valuable to the troubleshooter so that previous attempts at resolving the problem wont be needlessly repeated. Taking notes is also valuable if the problem is handed off to another technician because it prevents that person from having to redo all that work. A copy of these notes should be included with the resolution of the problem when the trouble ticket on this job is completed. This provides a reference for similar problems that might happen.
Troubleshooting Networks
431 Another essential element of preemptive troubleshooting is labeling. Label everything, including both ends of a horizontal cable run. This label should include not only the number of the cable but also where the other end is located and the usage of the cable, such as voice, data, or video. This type of label can be even more valuable than a wiring cut sheet when it comes to troubleshooting because it is located right where the unit is, not stuck in a drawer somewhere. Along with the wire labels, labeling each port on a hub, switch, or router as to location, purpose, and point of connection greatly improves the ease with which problems can be solved. Finally, all other components attached to the network should also be labeled as to their location and purpose. With this type of labeling, all components can be located, and their purpose on the network can be easily dened. Proper labeling, used with the network documentation created when the network was built and updated, will give a complete picture of the network and its relationships. One other important reminder from the previous semester is that the documentation is useful only if it is current. All changes made to the network must be documented both on the devices or wire that is changed and in the paper documentation used to dene the complete network. The rst step in network troubleshooting is to dene the problem. This denition can be a consolidation of many different sources. One of the sources could be a trouble ticket or help desk report, which initially identies a problem. Another source might be a phone conversation with the user where you discuss the problem to gather more information about it. Network monitoring tools can provide a more complete idea about the specic problem that needs to be resolved. Other users and your own observations will provide information. Evaluating all this information might give the troubleshooter a much clearer starting place to resolve the problem, rather than by working from any one source. Troubleshooting Methods The process of elimination and divide and conquer techniques are the most successful methods for network troubleshooting. The following scenarios explain these techniques.
The Process of Elimination Technique
Imagine that a user on your network calls the help desk to report that his computer can no longer connect to the Internet. The help desk lls out the error report form and forwards it to you, the network support department. You call and talk to the user, who tells you that he has done nothing differently to get to the Internet. You check the hardware logs for the network and nd
Chapter 14
432 out that the users computer was upgraded last night. Your rst hypothesis is that the computers network drivers must be incorrectly congured. You go to the machine and check the network conguration information on the computer. It seems to be correct, so you ping the server on that subnet. It doesnt connect (see Figure 14-5).
FIGURE 14-5
Bad ping output.
C:\WINDOWS>ping 110.0.1.1
Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 110.0.1.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
The next solution is to check to see if the workstation cable is plugged in. You check both ends of the cable and try pinging the server again. Next, you ping 127.0.0.1, the loopback address for the computer (see Figure 14-6). The ping is successful, so that eliminates a possible problem between the computer, the driver conguration, and the NIC card. You decide that there might be a problem with the server for this network segment. Another networked computer is at the next desk, so you ping the servers address, and the result is successful (see Figure 14-7). This eliminates the server, the backbone, and the servers connection to the backbone as the problem. You then go to the IDF and switch the port for the workstation, go back to the workstation, and try to ping the server again. The solution still does not work (see Figure 14-8). This narrows your search down to the horizontal cabling or the workstation patch cable. You go back to the IDF, put the cable back in the original switch port, get a new workstation patch cable, and return to the workstation.
Troubleshooting Networks
433
FIGURE 14-6
Loopback ping output.
C:\WINDOWS>ping 127.0.0.1
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128 Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
FIGURE 14-7
Next ping output.
C:\WINDOWS>ping 110.0.1.1
Reply from 110.0.1.1: bytes=32 time=1ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128
Ping statistics for 110.0.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
You replace the workstation cable and try to ping the server again (see Figure 14-9). This time, you are successful, so the problem is xed. The last step is to document the problem solution on the error report form and return it to the help desk so that it can be logged as completed.
Chapter 14
434
FIGURE 14-8
Bad ping output.
C:\WINDOWS>ping 110.0.1.1
Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 110.0.1.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
FIGURE 14-9
Next ping output.
C:\WINDOWS>ping 110.0.1.1
Reply from 110.0.1.1: bytes=32 time=1ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128 Reply from 110.0.1.1: bytes=32 time<10ms TTL=128
Ping statistics for 110.0.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
Here, you combine two networks that work ne when not connected (see Figure 14-10), but when they are joined, the entire combined network fails (see Figure 14-11). The rst step to correct this problem is to divide the network back into two separate networks and verify that the two still operate correctly when separated. If this is true, then you remove all the subnet connections for one of the connecting routers and reconnect it to the other working network. Verify that it is still working correctly.
Troubleshooting Networks
435
FIGURE 14-10
Sample network example.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6
A1 B1
S0
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
FIGURE 14-11
The network without the A and B subnetworks.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6
A1 B1
S0
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
If the network is still functioning, add each of that routers subnetworks back into the router until the overall system fails (see Figure 14-12). Remove the last subnet that was added, and see if the whole network returns to its normal operation.
FIGURE 14-12
The network without the B subnetwork.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6 A1 B1 C1 D1
S0
S1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
If the network is again functioning normally, remove the hosts from the network segment (see Figure 14-13), and replace them one at a time, again checking to see when the network fails (see Figure 14-14). When you nd the offending device, remove it and verify that the network returns to normal.
Chapter 14
436
FIGURE 14-13
The B network segment without the hosts.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6
A1 B1
S0
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
FIGURE 14-14
The B network segment without one host.
A2
A3
A4
A5
A6
C2
C3
C4
C5
C6
A1 B1
S0
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
If the network still functions normally, you have isolated the faulty piece of equipment. It is now possible to troubleshoot this individual piece of equipment to nd out why it was causing the entire network to crash. If nothing proves to be wrong with this device upon analysis, it might be that this device, in conjunction with another device on the opposite network, is causing the problem. To nd the other end of the problem, you have to repeat the process used previously. First, reconnect the host that caused the network to fail. Then, disconnect all the subnetworks from the other router. Check that the network has returned to operating status. If the network is functioning again, add each of that routers subnetworks back into the router until the overall system fails. Remove the last subnet that was added before the failure and see if the whole network returns to its normal operation.
Troubleshooting Networks
437
FIGURE 14-15
The network without the C and D subnetworks.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6 A1 B1 C1 D1
S0
S1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
If the network again functions normally, remove the hosts from the network segment and replace them one at a time (see Figure 14-16), again checking to see when the network fails (see Figure 14-17). When you nd the offending device, remove it and verify that the network returns to normal.
FIGURE 14-16
The C network segment without the hosts.
A2
A3
A4
A5
A6
C2
C3
C4
C5
C6
A1 S0 B1
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
FIGURE 14-17
The C network segment without one host.
A2 A3 A4 A5 A6 C2 C3 C4 C5 C6 A1 S0 B1 C1 D1
S1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
If the network still functions normally, you have isolated the other faulty piece of equipment. It is now possible to troubleshoot this individual piece of equipment to nd out why it was causing the entire network to crash. If nothing proves to be wrong with this device upon analysis, compare the two hosts and nd the reason for their conict. By resolving this conict, you will be able to reconnect both stations into the network and it will still function normally (see Figure 14-18).
Chapter 14
438
FIGURE 14-18
The complete functioning network.
A2
A3
A4
A5
A6
C2
C3
C4
C5
C6
A1 S0 B1
S1
C1 D1
B2
B3
B4
B5
B6
D2
D3
D4
D5
D6
Software Tools Along with the processes described previously, software tools are available for the network administrator to use to solve network connectivity problems. These tools can help in LAN troubleshooting, but they are especially helpful in a WAN troubleshooting situation. We will look at the commands that are available to a network administrator in most client software packages. These commands include ping, tracert (traceroute), telnet, netstat, ARP, and IPcong (WinIPcfg).
ping
ping sends ICMP echo packets to verify connections to a remote host. The output in Figure 14-19 displays whether the ping is successful. The output shows the number of packets responded to and the return time of the echo.
C:\WINDOWS>ping 127.0.0.1
FIGURE 14-19
ping output.
Pinging 127.0.0.1 with 32 bytes of data: Reply Reply Reply Reply from from from from 127.0.0.1: 127.0.0.1: 127.0.0.1: 127.0.0.1: bytes=32 bytes=32 bytes=32 bytes=32 time=1ms TTL=128 time<10ms TTL=128 time<10ms TTL=128 time<10ms TTL=128
Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\WINDOWS>ping
110.0.1.1
Pinging 110.0.1.1 with 32 bytes of data: Request timed out. Reply from 140.189.8.65: Destination host unreachable. Request timed out. Request timed out. Ping statistics for 110.0.1.1: Packets: Sent = 4, Received = 1, Lost = 3 (75% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Troubleshooting Networks
439
ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-r count] destination
-t -a -n -l -f -i -r destination
ping until interrupted Resolves hostname and ping address Resolves hostname and ping address Species length; send specied size echo packets Issues the DO NOT FRAGMENT command to gateways Here, ttl sets the TTL eld Here, count records the route of the outgoing and returning packets Species the remote host to ping, by domain name or by IP address
tracert (traceroute)
tracert (traceroute) shows the route that a packet took to reach its destination. The output in Figure 14-20 shows the trace command.
FIGURE 14-20
tracert output.
C:\WINDOWS>tracert
192.31.7.130
Tracing route to CISCO.com [192.31.7.1301] over a maximum of 30 hops: 1 2 3 4 5 6 7 8 9 10 11 12 1 2 4 23 4 8 9 64 67 66 66 67 ms ms ms ms ms ms ms ms ms ms ms ms <10 1 2 4 5 14 10 64 65 75 68 77 ms ms ms ms ms ms ms ms ms ms ms ms <10 2 2 4 5 8 10 67 69 75 70 76 ms ms ms ms ms ms ms ms ms ms ms ms 198.150.221.254 198.150.15.252 198.150.12.1 UWMadison -sl-0-1.core.wiscnet.net [140.189.64.9] UWMadisonISP-atml-0-3.core.wiscnet.net [140.189.8.65] NChicagol-core0.nap.net [207.227.0.201] 4.0.5.233 p2-1.paloalto-nbr2.bbnplanet.net [4.24.7.18] p0-0-0.paloalto-cr18.bbnplanet.net [4.0.3.86] hl-0. cisco bbnplanet.net [4.1.142.238] sty.cisco.com [192.31.7.39] CISCO.COM [192.31.7.130]
Trace complete.
C:\WINDOWS>tracert 198.150.12.2 Tracing route to 198.150.12.2 over a maximum of 30 hops 1 1 ms 2 1 ms 3 * 4 * 5 * C:\WINDOWS> <10 ms 1 ms * * 1 ms 2 ms * * 198.150.221.254 198.150.15.252 Request timed out. Request timed out.
Chapter 14
440
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
-d -h -j -w
Species that IP addresses shouldnt be resolved to host names max_hopsGives the maximum number of hops searched host-listSpecies the loose source route Species the timeout to wait the number of milliseconds specied for each reply
telnet
This is a terminal emulation program that enables you to run interactive commands on the Telnet server. Until a connection is established, no data will pass; if the connection breaks, telnet will inform you. This is good for testing login conguration parameters to a remote host (see Figure 14-21).
FIGURE 14-21
telnet output.
netstat
netstat displays protocol statistics and current TCP/IP network connections (see Figure 14-22).
Troubleshooting Networks
441
FIGURE 14-22
netstat output.
C:\WINDOWS>netstat-a Active Connections Prothocal Address TCP matc-tag--:80 TCP matc-tag--:135 TCP matc-tag--:1025 TCP matc-tag--:1028 TCP matc-tag--:137 TCP matc-tag--:138 TCP matc-tag--:nbsession UDP matc-tag--:1028 UDP matc-tag--:nbname UDP matc-tag--:nbdatagram Foreign AddressState MATCNT:0 MATCNT:0 MATCNT:0 MATCNT:0 MATCNT:0 MATCNT:0 MATCNT:0 *:* *:* *:*
C:\WINDOWS>netstat-e Interface Statistics Received Bytes Unicast packets Non-unicast packets Discards Errors Unknown protocols 4599931 348078 109119 4774 0 364384056 57374 0 0 989407 Sent
-a -e -n -p proto
Displays all connections and listening ports. (Server-side connections are normally not shown.) Displays Ethernet statistics. This may be combined with the -s option. Displays addresses and port numbers in numerical form. Shows connections for the protocol specied by proto; proto may be tcp or udp. If used with the -s option to display perprotocol statistics, proto may be tcp, udp, or ip. Displays the contents of the routing table. Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP; the -p option may be used to specify a subset of the default. Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If this is omitted, netstat will print the current conguration information once.
-r -s
interval
Chapter 14
442
ARP
ARP gathers hardware addresses of local hosts and the default gateway. You can view the ARP cache and check for invalid or duplicate entries (see Figure 14-23).
FIGURE 14-23
ARP.
C:\WINDOWS>arp-a Interface: 198.150.221.107 on Interface 0x2000002 Internet Address Physical Address Type 198.150.221.254 00-10-2f-0b-44-00 dynamic
arp -a [inet_addr] [-N [if_addr]] arp -d inet_addr [if_addr] arp -s inet_addr ether_addr [if_addr]
Displays the current contents of the ARP cache Deletes the entry specied by inet_addr Adds a static entry to the cache Displays the ARP entries for the specied physical address Gives the IP address, in dotted decimal format Gives the IP address whose cache should be modied Shows the MAC address in hex separated by hyphens
These Windows utilities display IP addressing information for the local network adapter(s) or a specied NIC (see Figure 14-24).
ipconfig [/all | /renew [adapter] | /release [adapter]]
Shows all information about adapter(s) Renews DHCP lease information for all local adapters if none is named Releases DHCP lease information disabling TCP/IP on this adapter
Summary
443
SKILL BUILDER AUX Dial-Up This lab focuses on the Frame Relay Packet Switching Protocol for connecting devices on a wide-area network (WAN).
FIGURE 14-24
WinIPcfg.
These are the tools that enable a network administrator to remotely monitor and control the network. It is important to implement the proper security when using SNMP and RMON so that the network is not violated.
Summary
Now that you have completed this chapter, you should understand the following:
The administrative side of network management How to establish the boundaries of the network Costs of a network Error report documentation How to monitor the network Connection monitoring Trafc monitoring
Chapter 14
444
Simple Network Management Protocol Remote Monitoring (RMON) Troubleshooting methods Software tools for troubleshooting
WAN requirements document WAN physical topology WAN logical topology, including IP addressing scheme WAN electronics WAN media PPP implementation ISDN implementation Frame Relay implementation Trafc ow and routing update analysis WAN pros and cons