Network Problems and Tools Part 2

1
Network Problems and ToolsPart 2

• ITEC 370
• George Vaughan
• Franklin University

2
Sources for Slides

• Material in these slides comes primarily from
  course text, Guide to Networking
  Essentials,Tomsho, Tittel, Johnson (2007).
• Other sources are cited in line and listed in
  reference section.

3
TCP/IP and OSI Models
4
Making Use of Problem Solving Tools

• Digital Volt Meter (DVM)
• Time-Domain Reflectometer (TDR)
• Basic Cable Testers
• Advanced Cable Testers
• Oscilloscopes
• Network Monitors
• Protocol Analyzers

5
Digital Voltmeter (DVM)

• Measures a cables resistance
• Can determine if a cable break occurred
• Can also be used to identify short circuits
• A short circuit (or short) prevents network
  traffic from traversing the cable and requires
  repair or replacement of that cable

6
Time-Domain Reflectometer (TDR)

• A TDR, like a DVM, can determine whether theres
  a break or short in a cable
• Measures the time it takes for signal to return
  and estimates how far down the cable the fault is
  located
• A high-quality TDR can determine the location of
  a break within a few inches
• TDRs are available for fiber-optic as well as
  electrical cables
• TDR function is standard in most advanced cable
  testers
• Use a TDR to document actual lengths of all cables

7
Basic Cable Testers

• Basic cable testers cost less than 100
• Typically test only the correct termination of a
  twisted-pair cable or continuity of a coaxial
  cable
• Excellent tools for checking patch cables and
  testing for correct termination of a cable at the
  patch panel and jack
• Can only verify that the cable wires are
  terminated in correct order or that there are no
  breaks in the cable
• Cant check a cable for attenuation, noise, or
  other possible performance problems in your cable
  run

8
Advanced Cable Testers

• Advanced cable testers not only measure where a
  break is located in a cable, but can also gather
  other information, including a cables impedance,
  resistance, and attenuation characteristics
• Functions at both the Physical and Data Link
  layers of the OSI model
• Can measure message frame counts, collisions,
  congestion errors, and beaconing information or
  broadcast storms
• They combine the characteristics of a DVM, a TDR,
  and a Protocol Analyzer

9
Oscilloscopes

• Oscilloscopes are advanced pieces of electronic
  equipment that measure signal voltage over time
• When used with a TDR, an oscilloscope can help
  identify shorts, sharp bends, or crimps in a
  cable, cable breaks, and attenuation problems

10
Network Monitors

• Network monitors are software packages that can
  track all or part of the network traffic
• By examining packets sent across the network,
  they can track information such as packet type,
  errors, and traffic
• Can collect this data and generate reports/graphs
• E.g., Windows Server 2000/2003 Network Monitor,
  WildPackets EtherPeek, Network Instruments
  Analyst/Probe, and Information Systems Manager
  Inc.s PerfMan

11
Protocol Analyzers

• A protocol analyzer evaluates the networks
  overall health by monitoring all traffic
• Also captures traffic and decodes received
  packets
• Some combine HW and SW in a self-contained unit
• May include built-in TDR to help determine the
  networks status
• E.g., Network General Sniffer, Ethereal,
  WildPacket EtherPeek, Fluke Network Protocol
  Inspector
• Experienced network administrators rely on
  protocol analyzers to establish baselines for
  network performance and to troubleshoot their
  networks

12
TCPDUMP

• Unix/Linux command line protocol analyzer (packet
  sniffer) used for
• Debugging networks
• Debugging applications that depend on networking.
• Monitoring traffic
• Ported to Windows
• Windump
• Supports user defined filters
• Command Line syntax
• tcpdump -v e
• Check Man page for other options

13
TCPDUMP (Cont.)

• Example Ping (Internet Control Message Protocol)
• 162357.892354 0015f24d5219 gt
  0020ed73b71d, ethertype IPv4 (0x0800),
  length 74 IP (tos 0x0, ttl 128, id 8475, offset
  0, flags none, proto 1, length 60)
  192.168.1.101 gt 192.168.1.12 icmp 40 echo
  request seq 11520
• Timestamp 162357.892354
• Source (MAC Address) 0015f24d5219
• Destination (MAC Address) 0020ed73b71d
• Source IP 192.168.1.101
• Destination IP 192.168.1.12
• Protocol icmp

14
TCPDUMP (Cont.)

• Example arp (Address Resolution Protocol)
• 162237.497442 0015f24d5219 gt Broadcast,
  ethertype ARP (0x0806), length 60 arp who-has
  192.168.1.112 tell 192.168.1.101
• Timestamp 162237.497442
• Source (MAC Address) 0015f24d5219
• Destination (MAC Address) Broadcast
• Protocol arp who-has 192.168.1.112 tell
  192.168.1.101

15
TCPDUMP (Cont.)

• example Web Request
• 162243.383893 0020ed73b71d gt
  0016b62171d1, ethertype IPv4 (0x0800),
  length 74 IP (tos 0x0, ttl 64, id 42626, offset
  0, flags DF, proto 6, length 60)
  192.168.1.12.56478 gt www8.cnn.com.http S tcp
  sum ok 970586877970586877(0) win 5840 ltmss
  1460,sackOK,timestamp 5790847 0,nop,wscale 2gt
• Timestamp 162243.383893
• Source (MAC Address) 0020ed73b71d
• Destination (MAC Address) 0016b62171d1
• Source IP 192. 92.168.1.12
• Destination IP www8.cnn.com.http

16
Wireshark (Ethereal)

• Name change in 06/2006 due to trademark issues.
• GUI based protocol analyzer
• Available for Unix, Linux, Windows
• Open Source application
• www.ethereal.com
• Documentation http//www.ethereal.com/docs/userg
  uide
• Can be used to analyze raw data files from
  TCPDUMP tool.
• Supports user-defined filters.

17
Ethereal (Cont.)
18
ARP Broadcast
ARP Unicast Response

• TCP 3-way Handshake
• SYNC
• SYNC-ACK
• ACK

ARP Broadcast
Broadcast Message
19
Common Troubleshooting Situations

• This section outlines some common network
  problems and possible solutions

20
Cabling and Related Components

• Majority of networking problems occur at the
  Physical layer
• First, determine whether the problem lies with
  the cable or the computer
• Make sure you use the same type of UTP cable
  throughout the network
• Check cable lengths to make sure you dont exceed
  the maximum length limitation
• If you suspect a faulty or misconfigured NIC,
  check the back of the card
• If the NIC seems functional and youre using
  TCP/IP, use Ping to check connectivity to other
  computers

21
Power Fluctuations

• Power fluctuations in a building can adversely
  affect computers
• Verify that servers are up and functioning
• Remind users that it takes a few minutes for
  servers to come back online after a power outage
• You may eliminate effects of power fluctuations
  by connecting devices to UPSs
• Some packages perform shutdowns automatically,
  eliminating the need for human intervention when
  power failures or severe power fluctuations occur

22
Upgrades

• When you perform network upgrades, remember three
  important points
• Ignoring upgrades to new software releases and
  new HW can lead to a situation in which a
  complete network overhaul is necessary because
  many upgrades build on top of others
• Keep current and do one upgrade at a time
• Test any upgrade before deploying it on your
  production network
• Dont forget to tell users about upgrades

23
Poor Network Performance

• When performance problems appear, answering these
  questions should help pinpoint the causes
• What has changed since the last time the network
  functioned normally?
• Has new equipment been added to the network?
• Have new applications been added to computers?
• Is someone playing electronic games in the
  network?
• Are there new users on the network? How many?
• Could any other new equipment, such as a
  generator, cause interference near the network?

24
References

• Tomsho, Tittel, Johnson (2007). Guide to
  Networking Essentials. Boston Thompson Course
  Technology.
• Odom, Knott (2006). Networking Basics CCNA 1
  Companion Guide. Indianapolis Cisco Press
• Wikipedia (n.d.). OSI Model. Retrieved 09/12/2006
  from http//en.wikipedia.org/wiki/OSI_Model