1 Network Problems and Tools Part 2 ITEC 370 George Vaughan Franklin University.
Network Problems and Tools Part 2
24
1 Network Problems and Tools Part 2 ITEC 370 George Vaughan Franklin University
description
Network Problems and Tools Part 2. ITEC 370 George Vaughan Franklin University. Sources for Slides. Material in these slides comes primarily from course text, Guide to Networking Essentials,Tomsho, Tittel, Johnson (2007). Other sources are cited in line and listed in reference section. - PowerPoint PPT Presentation
Transcript of Network Problems and Tools Part 2
1
Network Problems and ToolsPart 2
ITEC 370
George Vaughan
Franklin University
2
Sources for Slides
• Material in these slides comes primarily from course text, Guide to Networking Essentials,Tomsho, Tittel, Johnson (2007).
• Other sources are cited in line and listed in reference section.
3
TCP/IP and OSI ModelsTCP/IP and OSI Models (OSI-Model, n.d.) and (Tomsho, 2007)
TCP/IP Layers
PDU OSI Layers Function Devices - Apps Standards
7 Application Network process to application, Initiates or accepts a request to transfer data
Browsers, servers, Gateways
HTTP, SNMP, FTP, Telnet
6 Presentation Adds formatting, display, and encryption of information
Gateways ASCII, MPEG
Application Data
5 Session Adds communication session control information, Login/Logout
DNS, Gateways
NetBIOS
Transport Segments 4 Transport Adds End-to-end connections and reliability, re-sequencing, flow control
Gateways TCP, UDP
Network Packets 3 Network Path determination and logical addressing (IP), translates MAC address to logical address
Routers IP, ICMP, ARP, NetBEUI
LLC Frames 2 Data Link
MAC
Adds error checking and physical addressing (MAC & LLC)
Switches, Bridges, NICs
802.3, 802.11, FDDI
Link
Bits 1 Physical Media, signal and binary transmission, sends data as a bit stream
Hubs, Repeaters
10Base-T, T1, E1
4
Making Use of Problem Solving Tools
• Digital Volt Meter (DVM)• Time-Domain Reflectometer (TDR)• Basic Cable Testers• Advanced Cable Testers• Oscilloscopes• Network Monitors
• Protocol Analyzers
5
Digital Voltmeter (DVM)
• Measures a cable’s resistance
• Can determine if a cable break occurred
• Can also be used to identify short circuits– A short circuit (or short)
prevents network traffic from traversing the cable and requires repair or replacement of that cable
6
Time-Domain Reflectometer (TDR)
• A TDR, like a DVM, can determine whether there’s a break or short in a cable
• Measures the time it takes for signal to return and estimates how far down the cable the fault is located– A high-quality TDR can determine the
location of a break within a few inches• TDRs are available for fiber-optic as well
as electrical cables• TDR function is standard in most
advanced cable testers• Use a TDR to document actual lengths of
all cables
7
Basic Cable Testers
• Basic cable testers cost less than $100• Typically test only the correct termination of a twisted-
pair cable or continuity of a coaxial cable• Excellent tools for checking patch cables and testing for
correct termination of a cable at the patch panel and jack• Can only verify that the cable wires are terminated in
correct order or that there are no breaks in the cable• Can’t check a cable for attenuation, noise, or other
possible performance problems in your cable run
8
Advanced Cable Testers
• Advanced cable testers not only measure where a break is located in a cable, but can also gather other information, including a cable’s impedance, resistance, and attenuation characteristics
• Functions at both the Physical and Data Link layers of the OSI model– Can measure message frame counts,
collisions, congestion errors, and beaconing information or broadcast storms
– They combine the characteristics of a DVM, a TDR, and a Protocol Analyzer
9
Oscilloscopes
• Oscilloscopes are advanced pieces of electronic equipment that measure signal voltage over time
• When used with a TDR, an oscilloscope can help identify shorts, sharp bends, or crimps in a cable, cable breaks, and attenuation problems
10
Network Monitors• Network monitors are software packages that can track all or part of the network
traffic– By examining packets sent across the network, they can track information such
as packet type, errors, and traffic– Can collect this data and generate reports/graphs– E.g., Windows Server 2000/2003 Network Monitor, WildPacket’s EtherPeek,
Network Instruments Analyst/Probe, and Information Systems Manager Inc.’s PerfMan
11
Protocol Analyzers
• A protocol analyzer evaluates the network’s overall health by monitoring all traffic– Also captures traffic and decodes received packets– Some combine HW and SW in a self-contained unit
• May include built-in TDR to help determine the network’s status
– E.g., Network General Sniffer, Ethereal, WildPacket EtherPeek, Fluke Network Protocol Inspector
• Experienced network administrators rely on protocol analyzers to establish baselines for network performance and to troubleshoot their networks
12
TCPDUMP
• Unix/Linux command line protocol analyzer (packet sniffer) used for: – Debugging networks– Debugging applications that depend on networking.– Monitoring traffic
• Ported to Windows– Windump
• Supports user defined filters• Command Line syntax:
tcpdump -v –e• Check Man page for other options
13
TCPDUMP (Cont.)
• Example: Ping (Internet Control Message Protocol)
– 16:23:57.892354 00:15:f2:4d:52:19 > 00:20:ed:73:b7:1d, ethertype IPv4 (0x0800), length 74: IP (tos 0x0, ttl 128, id 8475, offset 0, flags [none], proto 1, length: 60) 192.168.1.101 > 192.168.1.12: icmp 40: echo request seq 11520
– Timestamp = 16:23:57.892354– Source (MAC Address) = 00:15:f2:4d:52:19– Destination (MAC Address) = 00:20:ed:73:b7:1d– Source IP = 192.168.1.101– Destination IP = 192.168.1.12– Protocol = icmp
14
TCPDUMP (Cont.)
• Example: arp (Address Resolution Protocol)
– 16:22:37.497442 00:15:f2:4d:52:19 > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 192.168.1.112 tell 192.168.1.101
– Timestamp = 16:22:37.497442– Source (MAC Address) = 00:15:f2:4d:52:19– Destination (MAC Address) = Broadcast– Protocol = arp who-has 192.168.1.112 tell
192.168.1.101
15
TCPDUMP (Cont.)
• example: Web Request
– 16:22:43.383893 00:20:ed:73:b7:1d > 00:16:b6:21:71:d1, ethertype IPv4 (0x0800), length 74: IP (tos 0x0, ttl 64, id 42626, offset 0, flags [DF], proto 6, length: 60) 192.168.1.12.56478 > www8.cnn.com.http: S [tcp sum ok] 970586877:970586877(0) win 5840 <mss 1460,sackOK,timestamp 5790847 0,nop,wscale 2>
– Timestamp = 16:22:43.383893– Source (MAC Address) = 00:20:ed:73:b7:1d– Destination (MAC Address) = 00:16:b6:21:71:d1– Source IP = 192. 92.168.1.12– Destination IP = www8.cnn.com.http
16
Wireshark (Ethereal)
• Name change in 06/2006 due to trademark issues.
• GUI based protocol analyzer• Available for Unix, Linux, Windows• Open Source application
– www.ethereal.com– Documentation:
http://www.ethereal.com/docs/#userguide• Can be used to analyze raw data files from
TCPDUMP tool.• Supports user-defined filters.
17
Ethereal (Cont.)
18
ARP Broadcast
ARP Unicast
Response
TCP 3-way Handshake
• SYNC
•SYNC-ACK
•ACK
ARP Broadcast
Broadcast Message
19
Common Troubleshooting Situations
• This section outlines some common network problems and possible solutions
20
Cabling and Related Components
• Majority of networking problems occur at the Physical layer
• First, determine whether the problem lies with the cable or the computer– Make sure you use the same type of UTP cable
throughout the network– Check cable lengths to make sure you don’t exceed
the maximum length limitation– If you suspect a faulty or misconfigured NIC, check
the back of the card– If the NIC seems functional and you’re using TCP/IP,
use Ping to check connectivity to other computers
21
Power Fluctuations
• Power fluctuations in a building can adversely affect computers
• Verify that servers are up and functioning– Remind users that it takes a few minutes for servers
to come back online after a power outage• You may eliminate effects of power fluctuations by
connecting devices to UPSs• Some packages perform shutdowns automatically,
eliminating the need for human intervention when power failures or severe power fluctuations occur
22
Upgrades
• When you perform network upgrades, remember three important points– Ignoring upgrades to new software releases and new
HW can lead to a situation in which a complete network overhaul is necessary because many upgrades build on top of others
• Keep current and do one upgrade at a time– Test any upgrade before deploying it on your
production network– Don’t forget to tell users about upgrades
23
Poor Network Performance
• When performance problems appear, answering these questions should help pinpoint the causes– What has changed since the last time the network
functioned normally?– Has new equipment been added to the network?– Have new applications been added to computers?– Is someone playing electronic games in the network?– Are there new users on the network? How many?– Could any other new equipment, such as a
generator, cause interference near the network?
24
References
Tomsho, Tittel, Johnson (2007). Guide to Networking Essentials. Boston: Thompson Course Technology.
Odom, Knott (2006). Networking Basics: CCNA 1 Companion Guide. Indianapolis: Cisco Press
Wikipedia (n.d.). OSI Model. Retrieved 09/12/2006 from http://en.wikipedia.org/wiki/OSI_Model
