1

Chapter Overview

Documentation and Resources Logs and Indicators Network Testing and Monitoring Tools

2

Product Documentation

Hardware and software products usually include documentation in some form.

You should always keep all product documentation. Although you may be familiar with the

devices or software products you use, you might still need the documentation later when you need to reinstall, upgrade, or troubleshoot the network.

3

CD-ROM Documentation Formats Text files. Many manufacturers use plain ASCII text files

to provide late-breaking information about product problems, revisions, and compatibility issues.

Hypertext Markup Language Files. Some manufacturers create documentation in Hypertext Markup Language (HTML) format and include it with the product on a CD-ROM.

Adobe Acrobat Portable Document Format files. Acrobat creates and displays documents in a proprietary format called the Portable Document Format (PDF).

PDF files preserve all the original design elements, layout, and formatting characteristics of the original documents.

The .pdf format has become a de facto publishing standard in the computing industry.

4

An Example of an Adobe Acrobat PDF File

5

Telephone Support Free telephone support is a thing of the past. Some products include free technical support

for a limited time or a limited number of incidents before the manufacturer begins charging a fee.

Because of the expense, determining when to call for help is more difficult than it used to be.

People are more likely to find other sources of support before paying for help.

Sometimes calling for technical support is necessary. Look for help on the Web and Usenet first, and

call technical support as a last resort.

6

Online Resources Marketing collateral. Includes datasheets, features and

benefits lists, product comparisons, product reviews, and other sales literature

Product manuals. Can be more valuable if the site has a search engine

Technical documents. Frequently more concerned with the theoretical aspects of the product than with day-to-day operations

Frequently asked questions (FAQs). Address common problems; can be an excellent product evaluation resource

Technical support databases. Let you search for keywords or error messages, and provide information on solutions and links to software patches

7

Online Resources (Cont.) File downloads. Let you see how many patches have

been issued for a product, which is a good way of evaluating the product before buying it

Online messaging. The Web equivalent of the old bulletin board systems, where you leave a text message and receive a reply from a technical support representative

Live support. Usually a chat application that provides a live text-messaging link between users and company representatives

Manufacturer’s contact information. E-mail addresses and telephone numbers for technical support, and other contact information

8

Usenet Usenet is a worldwide, text-based Internet bulletin

board system that consists of newsgroups devoted to many topics.

Usenet is not as user-friendly as the Web, but it provides an enormous amount of valuable technical information.

To access Usenet newsgroups, you must have a newsreader client program and access to a news server.

The clients and servers communicate with each other by using a specialized TCP/IP protocol called the Network News Transfer Protocol (NNTP).

Most Internet service providers (ISPs) include access to a news server as part of a standard Internet access subscription, but the quality of the service varies.

9

The Usenet Newsgroup List

10

Usenet Message Headers

11

A Usenet Newsgroup Message

12

The Microsoft TechNet Interface

13

Books and Periodicals Networking and computer books are an excellent

resource for background information and networking theory.

Many books include a searchable electronic version on a CD-ROM.

Magazines and trade newspapers are good places to look for current technical information and industry news.

Keep in mind that information in a typical monthly magazine is written at least three to four months before you see the issue.

Weeklies usually provide more timely information. Many weekly trade newspapers are now available online.

14

Link Pulse Lights Most Ethernet network interface adapters that

use unshielded twisted-pair (UTP) cable have a light-emitting diode (LED) that is lit when the adapter is connected to a functioning hub.

The hub usually has an additional LED for each port that indicates from either end of the patch cable whether the devices are connected.

Link pulse lights can tell you whether a computer is wired to the hub properly.

When an Ethernet adapter and a hub are properly connected, they exchange signals to test the connection.

15

The Link Pulse LED on a Network Interface Adapter

16

The Link Pulse LED on a Hub

17

Normal Link Pulse (NLP) Signals On 10Base-T and 10Base-FL equipment, the

signal exchanged by network interface adapters and hubs is called a normal link pulse (NLP).

The NLP signals Last for 2 milliseconds Repeat at intervals of 16.8 milliseconds Occur only when the network is not busy transmitting

data, so they do not interfere with normal operations When the LEDs at both ends of the connection

are lit, the NLP signals generated by each device are reaching the other device.

18

Fast Link Pulse Signals Fast Ethernet and Gigabit Ethernet equipment that supports

multiple speeds uses fast link pulse (FLP) signals. FLP signals differ from NLP signals in that they include a 16-bit

data packet that the devices use to autonegotiate their connection speed.

The data packet contains a link code word that consists of a selector field and a technology ability field.

The devices use these fields to advertise their capabilities, including the speeds they can run at and whether they support full-duplex communications.

By examining the link code word supplied by the other device, the network interface adapter and the hub both configure themselves to use the best transmission mode that they have in common.

FLP signals are fully compatible with the NLP signals that are used by devices that cannot operate at multiple speeds.

19

Error Displays The most obvious indication of a computer problem is an error

message. Error messages are generated primarily by applications and

operating systems. In most cases, error messages cannot give you specific

information about a problem with the network itself. There is usually no way for the computer to test or communicate

with network components except for other computers. An error message generated by an operating system might tell

you that the computer could not communicate with another computer on the network, but it usually cannot tell you why unless the problem is with the computer generating the message.

If you do not understand an error message, record the exact message, including all number and letter codes, memory addresses, and other types of information.

20

Event Logs An event log is a running record of processes that

documents an operational history of the product involved.

Many applications, operating systems, and networking components maintain logs of their activities.

You should check the logs on a regular basis. Some applications let you specify whether you

want them to log their activities and how much detail you want in the logs.

You should consider the amount of detail you want in the logs.

Selecting the most detailed option might not always be best.

21

The General Properties Tab in the IIS Extended Logging Properties Dialog Box

22

The Extended Properties Tab in the IIS Extended Logging Properties Dialog Box

23

The Windows 2000 Event Viewer

24

Event Viewer Some logs are maintained and displayed

by a separate application, such as the Event Viewer included in Microsoft Windows 2000 and Microsoft Windows NT.

To launch Event Viewer in Windows 2000, select Event Viewer on the Start menu’s Programs/Administrative Tools group.

By default, the application displays the logs for the current system.

You can also view the logs of another computer running Windows 2000.

25

Event Viewer (Cont.) Event Viewer maintains lists of messages generated

by various elements of the operating system. Each log entry is listed as a separate item with the date and

time that it was generated, the process that generated it, the event ID, and other important information.

By default, Microsoft Windows 2000 Professional contains three different logs—an Application Log, a Security Log, and a System Log—all of which are maintained independently.

The Microsoft Windows 2000 Server products include these three logs, plus others, depending on the services installed.

Each event in each log is classified as Information, Warning, or Error.  

26

The Event Properties Dialog Box

27

Network Management Products Error messages generated by network components, such as

routers or computers at remote locations, can be difficult to monitor.

A stand-alone router does not have a screen to display error messages, but many networking devices can supply information about their status.

Network management products provide a comprehensive view of network systems and processes.

These products use a distributed architecture based on a specialized management protocol, such as the Simple Network Management Protocol (SNMP) or the Remote Monitoring (RMON) protocol.

Network management products often include other functions, such as software distribution and metering, network diagnostics, network traffic monitoring, and report generation.

Deploying a network management system is a complex undertaking.

28

SNMP SNMP is a Transmission Control Protocol/Internet Protocol (TCP/IP)

application layer protocol and query language that specially equipped networking devices use to communicate with a central console.

Many networking hardware and software products use SNMP agents to Gather information about the product and deliver it to a computer

designated as the network management console Gather specific information about the network devices and store it as

managed objects in a management information base (MIB) SNMP agents transmit MIBs to the console using SNMP messages,

which are carried inside User Datagram Protocol (UDP) datagrams. The console collates the information received from the agents and

provides a composite picture of the network and its processes. An agent can generate a special message called a trap, which causes

the console to alert of a potentially dangerous condition.

29

Windows 2000 System Monitor

30

The Add Counters Dialog Box in System Monitor

31

The Performance Console in System Monitor

32

The Performance Logs and Alerts Feature in the Performance Console

33

The Novell Netware MONITOR.NLM Application

34

Protocol Analyzers A protocol analyzer captures a sample of network traffic,

decodes the packets into the language of the individual protocols that they contain, and lets you examine them in detail.

Capturing and displaying network traffic is relatively easy, but interpreting and using the information for troubleshooting requires a detailed understanding of networking protocols.

Protocol analyzers are useful tools, but they can also be used for malicious purposes.

A protocol analyzer can be either A device with a proprietary interface that you connect to a network

to capture traffic, or A software program that runs on a computer that is already

connected to the network Protocol analyzers typically work by switching their network

interface adapter into promiscuous mode.

35

The Network Monitor Capture Summary Window

36

The Network Monitor Detailed Information Display

37

An Expanded TCP Header

38

The Network Monitor Raw Data Display

39

Crossover Cables A crossover cable is a good tool to use for

eliminating the hub and the cables as possible sources of a network communications problem.

If two computers seem to be properly connected with a hub and prefabricated cables (or an internal cable run and patch cables), and they are not communicating, try connecting the computers with a crossover cable that you know works properly.

If the computers can communicate with the crossover cable, the problem is in either the hub or the cables connecting the computer to the hub.

If the computers fail to communicate with the crossover cable, the problem is in one or both of the computers or network interface adapters.

40

Hardware Loopback Connectors A loopback connector is an inexpensive device that

you plug into a jack. The loopback connector redirects the outgoing

signals from the device right back into it. Many adapters have a diagnostic utility built into

their configuration programs. After plugging the loopback connector into the adapter

port, you run the diagnostic program, and the loopback connector transmits a series of signals out through the adapter.

If the adapter receives the signals back in exactly the same format as they were sent, the adapter passes the test.

41

A Typical Tone Generator and Locator

42

Tone Generators and Locators A basic way to identify and test a cable connection is to use a tone

generator and locator, also known as a "fox and hound" cable tester.

You connect a tone generator to a cable at one end, and it transmits a signal over the cable.

The tone locator is a separate device that can detect the generator's signal, either by touching it to the conductor in the cable or by touching it to the cable insulation.

When the locator detects the generator's signal, it emits an audible tone.

You can use a tone generator and locator to test an entire cable or to test the individual wire connections inside a UTP cable.

Tone generators and locators are most commonly used to identify the cable that belongs to a particular connection.

The tone generator and locator is the simplest and most inexpensive type of cable tester.

43

Wire Map Testers A wire map tester is similar in principle to the tone generator and

locator, except that it tests all the wire connections in a UTP cable at once.

A wire map tester consists of two parts that you connect to the opposite ends of a cable.

The unit at one end transmits signals over all the wires, which are detected by the unit at the other end.

A wire map tester can detect transposed wires, open circuits, and shorts, just as a tone generator and locator can.

However, it does all the tests simultaneously and provides you with a simple readout telling you what is wrong.

The one common cable fault that a typical stand-alone wire map tester cannot detect is a split pair.

Wire map testers are relatively inexpensive stand-alone devices and are good investments for small- to medium-sized internal cable installations.

44

A Typical Multifunction Cable Tester

45

Multifunction Cable Testers

Handheld devices that test cable connections and compare the results to standard values that have been programmed into the unit

Display a list of pass or fail ratings for the individual tests

Can perform basic wire mapping tests in addition to testing length, attenuation, near end crosstalk (NEXT), power sum NEXT (PSNEXT), equal level far end crosstalk (ELFEXT), power sum ELFEXT (PSELFEXT), propagation delay, delay skew, and return loss 

46

Multifunction Cable Testers (Cont.)  Multifunction cable testers can be dangerous

because of the very strengths they advertise. Some marketing materials imply that you can

rely on the device to tell you if the cables are installed correctly, without knowing what the measurements mean.

This is true, if the tester is calibrated to the proper standards.

If you do not know what each test represents, you are relying on the manufacturer of the device to set it to the proper standards.

In some cases, official standards for certain cable types have not yet been ratified.

47

Chapter Summary

Documentation and resources Product documentation can be a valuable

network troubleshooting tool. You should always keep all the documentation

that comes with your hardware and software. Web sites for many hardware and software

manufacturers offer a variety of resources for the network administrator, including technical documents, FAQs, online messaging, and technical support databases.

48

Chapter Summary (Cont.)

Logs and indicators LEDs and other lights are frequently useful

indicators of a piece of a hardware component’s current status.

The link pulse LEDs on Ethernet hubs and network interface adapters indicate when these devices are connected properly.

Tools like the Windows 2000 Performance console enable you to monitor ongoing computer and network operations in real time.

49

Chapter Summary (Cont.)

Network testing and monitoring tools A tone generator and locator is a simple

cable-testing device that determines whether a cable is carrying a signal.

Wire map testers test all four of the wire pairs in a UTP cable at the same time.

Multifunction cable testers perform a comprehensive battery of tests on a cable connection and compare the results to established standards.