Desktop Tools
Internetworks have become complex for many reasons, including LAN/WAN architecture, media, technologies, and protocols. The progression from host-centric environments to distributed client-server platforms still very much requires a hierarchical network to aid in troubleshooting. So far, I have reviewed various internetworking tools. However, it is impossible to be an expert in everything. If you are a WAN guru, you may lack technical expertise at the desktop. If you are a LAN guru, you may lack technical expertise at the internetwork level. Obviously, because of the added complexities in current LANs and WANs, you need some basic tools to assist.
Refer to the desktop support resources in Table 2-10 and throughout this section to assist with end-to-end troubleshooting. Desktop tools, such as ping and trace, looking at the routing table, logging and monitoring functions, and more are available for your use. Many come with the operating system, and others are supplied by third-party vendors. Use /? for command-line help to see the specific options.
| Desktop Tool | Options and Functions |
|---|---|
| ping | ping
ping –t Continuous ping. ping –n Number of echos. |
| tracert | tracert Hop-by-hop test.
tracert –d Test without DNS lookup tracert –h Maximum number of hops to search for target. |
| pathping | pathping –n Test without DNS lookup.
pathping –h Maximum number of hops to search for target. pathping combines ping and tracert to trace a route and show packet losses for each router in the path (also good for quality of service, QoS). |
| arp | arp –a To view ARP cache. |
| route | route print To view routing table. |
| netstat | Displays local NetBIOS name table and cache. Displays active TCP and UDP connections and their state. |
| nbtstat | NetBIOS over TCP statistics. Displays protocol statistics and current TCP connections for NetBIOS over TCP/IP. nbtstat –RR to force reinsertion and update of local NetBIOS names. |
| nslookup | Query DNS servers to check records, services, and operating system information. |
| ipconfig/winipcfg | ipconfig
ipconfig /all displays more parameters, such as MAC, IP, subnet mask, gateway, WINS, and DNS. ipconfig /release ipconfig /renew |
Try these tools for yourself. For example, ping your favorite website and then trace to it as I do in Figure 2-22 and Figure 2-23.
Now turn your attention back to hosta and hostb from the Sniffer capture. First ping from hosta to hostb, tracert, and then look at the ARP cache in Example 2-38.
Example 2-38. ARP Cache on hosta
C:>ping hostb Pinging hostb [192.168.1.12] with 32 bytes of data: Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 Reply from 192.168.1.12: bytes=32 time<10ms TTL=128 Ping statistics for 192.168.1.12: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:>tracert hostb Tracing route to hostb [192.168.1.12] over a maximum of 30 hops: 1 <10 ms <10 ms <10 ms HOSTB [192.168.1.12] Trace complete. C:>arp -a Interface: 192.168.1.11 on Interface 0x1000005 Internet Address Physical Address Type 192.168.1.12 00-80-c7-aa-c8-87 dynamic C:> |
The preceding example displays the IP and MAC address for destination hostb in the ARP table, but the entry will stay there for only two minutes unless you use the entry again. Then its life is extended to 10 minutes, total, no matter how many times it is accessed. Next look at the active routes in the routing table on hosta in Example 2-39.
Example 2-39. route print on hosta
C:>route print
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...44 45 53 54 42 00 ...... NOC Extranet Access Adapter
0x4000004 ...00 10 4b a5 ae 50 ...... FE575 Ethernet Adapter
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 1
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 1
224.0.0.0 224.0.0.0 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.11 2 1
Persistent Routes:
None
C:>
|
Example 2-40 and Example 2-41 display netstat and nbtstat options. Pick an option and try it out from the command prompt to see the exact display.
Example 2-40. netstat Options
C:>netstat /? Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] -a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the -s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once. C:> |
Example 2-41. nbtstat Options
C:>nbtstat /? Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ] -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. -c (cache) Lists NBT's cache of remote [machine] names and their IP addresses -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS -R (Reload) Purges and reloads the remote cache name table -S (Sessions) Lists sessions table with the destination IP addresses -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names. -RR (ReleaseRefresh) Sends Name Release packets to WINs and then, starts Refresh RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. C:> |
Example 2-42 illustrates ipconfig with the optional /all parameter, which provides more detail (such as the MAC address and name resolution parameters).
Example 2-42. ipconfig /all
C:>ipconfig /all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : hosta
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter {F6BB63C3-5752-480C-96DB-206E49F87839}:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NOC Extranet Access Adapter
Physical Address. . . . . . . . . : 44-45-53-54-42-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com Megahertz 10/100 LAN CardBus
PC Card
Physical Address. . . . . . . . . : 00-10-4B-A5-AE-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration IP Address. . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . :
C:>
|
You will continue to use many of these tools in the Trouble Tickets to come. Depending on the operating system, other administrative and troubleshooting tools are available. Other administrative and troubleshooting tools include system configuration utilities, startup menus for safe modes, help troubleshooters, Device Manager, Perfmon, Event Viewer, and Task Manager.
Many third-party tools are worthy of exploring, too. Consider taking a look at TTCP, VMWare, NetOps, and VNC. Microsoft TechNet and Novell Users International (NUI) Technical Resource CD are similar resources to the CCO (but focusing on their proprietary products rather than Cisco products). Explore these tools on your own; some of them are very addicting.
NOTE
If you need more help troubleshooting in this area, I highly recommend CompTIA A+ and Network+ programs or specific operating system resources for more detail. Check out www.comptia.org and individual vendor websites.
After all this information and examination of tools and resources, don't forget the Physical Layer. LEDs are quite helpful in troubleshooting and on a practical note should be your first observation if you have physical access. Try test led sometime on a router to make sure that you are actually connected to the box you think you are. Look at the link lights on your NICs and devices. Use multiple tools to administer and manage your internetwork. Pictures and maps are great, but if you can't afford a fancy network management program, do what you can with the IOS and operating system tools and explore other third-party tools.
Use all of these tools in conjunction with sound troubleshooting techniques. Use CDP, draw your own map, know what is normal, know what your configurations look like, annotate them with descriptions and remarks, verify connectivity with ping and trace, log changes, and only use debug to the point that it won't stress out your router. Sometimes a protocol analyzer gives you more detail and is less intrusive on your devices. By now you should be well on your way to a full tool bag that will enable you to work through the more practical portions of the remainder of this book.
NOTE
I used to deliver TCP/IP and CCNP classes for Chesapeake/Mentor Technologies. Recently it was brought to my attention that the old www.ccci.com site is up and running with references to some great tools and resources.