SYSTEM ADMINISTRATION Chapter 19 Troubleshooting Network Problems Using TCP/IP Utilities Trace Route (Tracert) • Trace Route (tracert) is a command-line diagnostic utility that is used to determine the route a packet uses to get to a destination. • Tracert determines the route by sending Internet Control Message Protocol (ICMP) packets to the destination that you specify, either by IP address or DNS name. Using Tracert for Troubleshooting • Use tracert to determine where packet traffic is being stopped. • Tracert can be used to show routers with configuration problems or that are offline. • It can also indicate that an incorrect IP address is being used or that a specific network does not exist. • It can also pinpoint bottlenecks in the network. PING • The PING utility is used to see if the TCP/IP protocol is functioning correctly on a host computer and to check connectivity between devices. • Like tracert, PING uses the Internet Control Message Protocol (ICMP) echo function to send a packet through the network to another host. If there is a good connection between the hosts, a good return packet will be received. • PING can also report the number of router hops between the two computers and the amount of time it takes for a packet to make the complete trip. • You can PING a host by DNS name or IP address. Using PING for Troubleshooting • PING can be used to test a local host or a connection to • • • • another host. Always begin by PINGing the local computer, that is, the computer you are currently using. You can PING the actual machine IP address, or PING the machine using the local loopback address of 127.0.0.1. Once you determine that the local machine’s IP address is functioning correctly, PING your default gateway. This will determine whether or not you have connectivity across your side of the network. Once you can successfully PING the default gateway, PING a host on the far side of the router. For example, you may choose to PING a host on another network segment within your own company or a popular Web site. PING can also be used to test name resolution services Address Resolution Protocol (ARP)/Reverse Address Resolution Protocol (RARP) • Address Resolution Protocol (ARP) is used to resolve an IP address to the MAC or physical address of a machine. • Reverse Address Resolution Protocol (RARP) does just the opposite, resolving a MAC address to an IP address. (continued) ARP/RARP (continued) • To understand how ARP works, follow this example. Suppose Computer25, with an IP address of 200.200.200.25, wants to communicate with Computer50, which is located on the same network, with the IP address 200.200.200.50. It will follow these steps: – The source computer (Computer25) begins by checking its ARP cache to see if it already contains the destination computer’s (Computer50) MAC address. – If it does not, Computer25 will send a broadcast across the network. Included in this broadcast is the destination computer’s IP address. – All computers on the network will see the broadcast and cross-reference the destination IP address with entries in their ARP cache. (continued) ARP/RARP (continued) – If they do not have that address stored in their cache, they will discard the message. – If a computer receiving the broadcast finds the IP address in its cache, that computer will add the IP and MAC addresses of the sending computer (Computer25) to its ARP cache and then send a reply back to the sending computer. The reply will contain the MAC address of Computer50. – Computer25 will add the MAC address of Computer50 to its own ARP cache. Once the address is added, Computer25 can communicate with Computer50. Using ARP for Troubleshooting • ARP is very useful in situations where more than one host machine has the same IP address. Netstat • Netstat is used to display protocol statistics and current TCP/IP network connections. • Netstat can also be used to view all of the TCP/IP connections in use by a host, whether they are inbound or outbound. Using Netstat for Troubleshooting • Netstat can be extremely useful when troubleshooting network problems that you believe are protocol related. For example, if users report that they cannot transfer files from the corporate FTP server, at the server, type: netstat –a. The results screen will disclose whether the port for the FTP service is active. If it is not, you may need to either restart the FTP service or the server. • You may also use the netstat –r command to show the routing table that is maintained on the local machine. • Careful analysis of the routing table will disclose how network traffic is being routed when it leaves the local machine. This data could then be used to pinpoint network configuration errors. Nbtstat • Nbtstat is used to display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). • It will also display current information stored in the NetBIOS cache. Since almost all Microsoft networks are NetBIOS based, nbtstat can be used in a variety of troubleshooting situations. Using Nbtstat for Troubleshooting • With the “-r” switch, nbtstat can be used to determine if a Windows Internet Name Service (WINS) server is functioning correctly. IP Configuration (IPCONFIG) • The IP Configuration (IPCONFIG) utility is used to display current IP configuration parameters for a host computer running certain types of Windows operating systems, such as Windows 98, Windows NT, Windows 2000, and Windows XP. Using IPCONFIG for Troubleshooting • Since the IPCONFIG utility shows all IP addressing information for a particular host, it is a great way to make sure that a host is configured correctly. WINIPCFG • WINIPCFG returns a graphical box containing IP configuration information. • You can then press buttons to release or renew DHCP-assigned IP addressing information. • WINIPCFG is the IP configuration utility found on computers running the Windows 95 and 98 operating systems. IFCONFIG • The IFCONFIG utility is used to configure kernelresident network interfaces in a UNIX environment. • Running IFCONFIG without any switches will display the settings for all currently active network interfaces. Nslookup • Nslookup is a program that allows you to directly query a DNS server by host name or IP address. Nslookup Modes of Operation • Interactive mode allows the user to query name servers for information about various hosts and domains. – Additionally, interactive mode allows you to specify additional parameters when using nslookup. – Interactive mode is entered automatically when no arguments are given. – You will know you are using interactive mode by looking at the command prompt. (continued) Nslookup Modes of Operation (continued) • Noninteractive or command-line mode – Used to return just the name or other requested information for a host or domain. – When noninteractive mode is used, you supply the name or Internet address of the host as an argument.