TCP/IP Sleuthing – Troubleshooting TCP/IP Using Your Toolbox

You just received another late evening page from the help desk. “I have a problem with my network access, it just doesn’t work!” What should you do next? Troubleshoot! Troubleshooting is a necessary part of supporting any network installation. Determining and repairing problemscan consume a lot of time, especially if you don’t know what to do or how to do it correctly and quickly. In this paper, I will explain how you might consider troubleshooting different problems that could exist in your network. These techniques can all be performed using some of the common tools available in modern operating systems....
Nội dung trích xuất từ tài liệu:
TCP/IP Sleuthing – Troubleshooting TCP/IP Using Your ToolboxExpert Reference Series of White Papers TCP/IP Sleuthing – Troubleshooting TCP/IP Using Your Toolbox1-800-COURSES www.globalknowledge.comTCP/IP Sleuthing – TroubleshootingTCP/IP Using Your ToolboxTed Rohling, Global Knowledge Instructor, CISSPIntroductionYou just received another late evening page from the help desk. “I have a problem with my network access, itjust doesn’t work!”What should you do next? Troubleshoot!Troubleshooting is a necessary part of supporting any network installation. Determining and repairing prob-lems can consume a lot of time, especially if you don’t know what to do or how to do it correctly and quickly.In this paper, I will explain how you might consider troubleshooting different problems that could exist in yournetwork. These techniques can all be performed using some of the common tools available in modern operat-ing systems. The more you know about these tools, the better you can use them to fix your problems.Methodology RequiredEffective troubleshooting requires the use of a methodology. Without a methodology, you still may be able tosuccessfully troubleshoot some problems. But other problems may be hidden, because you have not consideredall of the possibilities. You may already have a favorite method for troubleshooting. If it works, use it. Youmight also wish to consider another approach. One method that has worked successfully is the use of the OSImodel for problem determination.The OSI model is describes the data communication processes. The model consists of seven different layers.Each layer has a given set of responsibilities in the communication process. The seven layers are as follows: Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 Transport Layer 3 Network Layer 2 Data Link Layer 1 PhysicalInformation flows from layer 7, the application layer, down through to layer 1, where it is placed on the physi-cal network circuits. After it arrives at the next device it will flow up and down the layers as needed. Dataswitches typically only look at information at layer 2 to make switching decisions. Routers look at informationCopyright ©2006 Global Knowledge Training LLC. All rights reserved. Page 2at layer 3. Clients and Servers will make use of all seven layers. At the destination machine the informationwill rise from layer 1 up to layer 7, where it interfaces with the application.Using the OSI model as a foundation of the troubleshooting methodology allows you to examine the variouslayers of the model to make sure the involved devices and circuits are performing as expected. It is like tryingto track a relative on a long distance trip from New York City to Los Angeles. After leaving New York, the rela-tives are expected to spend the night in Columbus, Ohio, a 560 mile trip. You can call the hotel in Columbus tofind out if they got there. If they have, you know that part of the trip was successful.In using the OSI model, we can verify the success of the communication process at various layers or levels ofthe model. Did my communication attempt make it to a specific layer? Did it make it to a specific device? Ifnot, where did it fail? Locating the point of failure helps you determine what the failure might be and whatsolution might be needed.Troubleshooting OSI Layers 1 and 2At layers 1 and 2 of the OSI model, communication over the “wire” is the focus. There are many different toolsyou can use at this layer to trouble shoot network problems. If you locate a problem at this layer, repair theproblem and your trouble might go away.Activity IndicatorsFor your workstation, the key is to make sure that your device is actually sending or receiving information fromother devices.In the world of Windows®, the sure indicator is the blinking lights found on the task bar. In the picture above,the two small “screens” are there to show the network activity. If you see the color of the screens change,blink, or turn solid a solid light blue color, you are sending and/or receiving information from or to otherdevices. Your physical network is working!ARPAnother sure way to see if you have been actively communicating with other devices is to view the contents ofyour ARP cache. ARP is a process used to locate other devices on your local network to get their Media AccessControl (MAC) address. If you have entries in your ARP cache, you are communicating with other devices.Copyright ©2006 Global Knowledge Training LLC. All rights reserved. Page 3You can view your ARP cache by entering the command “arp -a” as seen above. In the example, the device hassuccessfully communicated with four different IP devices. The only issue with ARP is that the ARP cache isoften empty because old entries disappear on a regular schedule. It is not uncommon to find that there areARP entries in your ARP cache.NETSTATAnother program can be used to determine local area network physical connectivity. NETSTAT is a commonprogram on most operating systems. It has a number of capabilities but in this troubleshooting role, the NET-STAT option that shows Ethernet activity is the one you want to use.By entering “netstat -e” you will see a display similar to the one above. Here we can clearly see that theEthernet interface has sent and received some traffic. In this case it is not much, but activity has occurred.However this was in the past. What’s happening now? If you wait a minute or two and then enter the samecommand, you should see a change in the number. If you do, you are communicating. If you do not see achange, you pos ...