Network Troubleshooting

1
Network Troubleshooting

• Part of fault management
• Deals with the unexpected
• Requires both technical knowledge and general
  problem solving skills
• Some people skills and communications skills
  couldnt hurt!

2
Selected troubleshooting hints

• Think systematic, not ad-hoc
• Change one thing at a time between tests
• Document everything
• Assumptions are often false check the obvious
• Be aware of security barriers
• Learn a few tools well, not many poorly
• Test after fixing

3
Diagnostic tools

• ping (Windows, Linux, IOS)
• ipconfig (Windows), ifconfig (Linux)
• arp (Windows Linux), show arp (IOS)
• netstat
• tracert (Windows), traceroute (Linux, IOS)
• whois (Linux Windows ports)
• nslookup (Windows), dig (preferred on some
  Linuxes)
• Packet capture, port scan, many other tools
• Windows Network Monitor, etc.
• Linux snoop, tcpdump, nmap, etc.
• Multi-platform Ethereal/WireShark,
  Tethereal/TShark

4
ping

• Essentially a layer-3 connectivity test
• If it doesnt work, suspect layers 1,2, or 3 for
  other problems
• If it does work, suspect layers 4-7 for other
  problems
• For usage help, type ping /? (Windows) , man ping
  (Linux), ping ? (IOS)

5
ping error messages

• Unknown host DNS problemtry IP address
• Network unreachable, no route available . . .
  check routing tables, default gateway, etc.
• Request timed out (or something similar) many
  possibilities such as remote host not powered on,
  remote network problems, etc.
• Notes
• ICMP blocking may be a factor
• Error messages implementation-specific on both
  ends!

6
ipconfig/ifconfig

• Lists the local machines network configuration
• Use to check the big three IP address, subnet
  mask, default gateway
• Use ipconfig /all for more (Windows)
• Note that ipconfig /all doesnt really give you
  alltry ipconfig /displaydns for example
• Use ipconfig /? for help (Windows) or man
  ifconfig (Linux)
• Permissions can be an issue on Linux boxes, as
  can the program location (e.g., you might find it
  as /sbin/ifconfig)

7
arp

• Analyzes layer 2 to layer 3 translation (what to
  what?)
• Allows display, addition, deletion of entries
• Remember -d deletes but -a doesnt add, it
  displays (-s adds) (Windows)
• Dynamic entries are made by the ARP protocol
  expire static ones are permanent

8
netstat

• Statistics on traffic to/from the local machine,
  broken down by protocol type if desired
• netstat -nr is the same as route print (Windows)
• netstat r is the same as route on ntcommlinux

9
tracert/traceroute

• Displays paths of routers
• Traditionally, cleverly implemented via UDP
  packets with 1, 2, 3 . . . TTL and an invalid
  port
• Good for how far toward a remote host can we
  get?
• Bad for accurate bi-directional information
• As usual, location may vary on Linux machines
  (e.g., it could be /usr/sbin/traceroute)

10
whois
Administrative Contact Manager, Lab
netcomm_at_boisestate.edu Boise State
University NOIS 1910 University
Drive Boise, Idaho 83725-1615 United
States 2084262922 Fax -- Technical
Contact Manager, Lab netcomm_at_boisestate.ed
u Boise State University NOIS
1910 University Drive Boise, Idaho
83725-1615 United States 2084262922
Fax -- Domain servers in listed order
DNS1.NT415.NET DNS2.NT415.NET
jstudent_at_ntcommlinux whois nt415.net Querying
whois.internic.net Redirected to
whois.godaddy.com Querying whois.godaddy.com w
hois.godaddy.com Registrant Boise State
University NOIS 1910 University Drive
Boise, Idaho 83725-1615 United States
Registered through GoDaddy.com Domain Name
NT415.NET Created on 19-Feb-03
Expires on 19-Feb-07 Last Updated on
04-Feb-05
Did weexpire?
11
nslookup/dig

• Locate authoritative servers for remote domains
• Obtain records about a remote host
• Browse remote zone file contents (may be denied)
• Both single command and interactive modes
• Lots of options!
• Some flavors of Linux and BIND now deprecate
  nslookup and prefer dig