CHAPTER 11: Network Troubleshooting Tools 546 the most up-to-date DNS information. The command ipconfig /displaydns will show you the contents of the local DNS cache. After typing ipconfig / displaydns at the command prompt, you’ll see output similar to what is dis- played in Figure 11.19. The command ipconfig /registernds will refresh DHCP leases for all NICs on the machine and will reregister the machine’s hostname and IP address with the DNS server. The is a helpful switch to use when you’ve made changes to the local machine’s IP address configuration and need to quickly reregister the new information with the DNS server. Utilizing the nslookup Command The nslookup utility allows you to test and query the records stored in your DNS server. You can use nslookup in command mode to perform a single query, or in interactive mode to perform multiple queries. For example, if you enter the command nslookup www.smeekers.com, you’ll see the output depicted in Figure 11.20. You can use any hostname in place of the one listed in this example to see nslookup in action. As you can see, you get returned to the command prompt once you receive the information – this is typical of using nslookup in command mode. To enter interactive mode, just type nslookup at the command prompt, and your output will look like the example in Figure 11.21. FIGURE 11.18 Ipconfig /all Output. Windows Tools 547 FIGURE 11.19 Ipconfig /displaydns Output. CHAPTER 11: Network Troubleshooting Tools 548 Notice that you’re not returned to the command prompt, but instead you remain at the nslookup command’s interactive prompt which is represented with a “>” symbol. Once you enter interactive mode, you can use the set commands to control the information that’s returned by your queries. The set commands available in nslookup are as follows:  set all Prints options, current server, and host.  set [no]debug Prints debugging information. set debug turns debug- ging on, set no debug turns debugging off.  set [no]d2 Prints the most exhaustive debugging information possible.  set domain=NAME Sets the default domain name for any queries.  set root=NAME Sets the root server being used.  set srchlist=N1[/N2/ /N6] Sets the DNS domains used to search for a particular host.  set retry=X Sets the number of retries.  set timeout=X Sets the initial timeout interval for DNS queries. FIGURE 11.20 Nslookup Command Mode Example. FIGURE 11.21 Nslookup Interactive Mode Example. Windows Tools 549  set [no]defname Appends the default domain name to each query.  set [no]recurse Performs a recursive query or a non-recursive (iterative) query.  set [no]search Uses the domain search list configured on the client.  set querytype=X Restricts the query type so that it only returns a particular type of records. You can restrict nslookup queries to look for CNAME records, MX records, NS and SRV records, and more. When you’re ready to leave the interactive mode and return to the command prompt, just type exit. Utilizing the route Command You can use the route command to manipulate and display the routing table for the local computer. The route print command produces the same results as the netstat –r command – it produces a copy of the local computer’s rout- ing table, like the one shown in Figure 11.22. You can also use the route command to add, change, or delete routes that are defined on the local computer. To specify the route to a remote host using the route command, you need to configure the following information:  Destination The destination that this route statement is designed to reach. This can be a single host, a network address, or the default route for this computer, indicated by the syntax 0.0.0.0. The default route dictates where network packets will be sent if the routing table doesn’t have a more specific entry for them.  Mask This indicates the subnet mask for the route’s destination. If the destination is a single IP address, the mask will be 255.255.255.255. For a network address, this will be the subnet mask of the destination network. The mask for the default route is 0.0.0.0.  Gateway The IP address that packets will be forwarded to for this route. This has to be an IP address that’s on the same subnet as the local computer.  Metric This specifies the metric or cost of a particular route, from 1 to 9999. The higher the metric, the less likely the computer is to Test Day Tip Be sure that you’re familiar with the different query types that you can use with nslookup. In particular, be aware of how to search for mail server records using the MX option, and DNS servers using the NS option. CHAPTER 11: Network Troubleshooting Tools 550 use a particular route. This is particularly useful if you’re creating multiple routes to the same network as a fault tolerance measure; configure one route with a metric of 1 and another with a metric of 50. The local computer will use the first route unless it’s not avail- able, at which point it will revert to the second route.  Interface This indicates the IP address of the NIC that should be used to reach the destination specified in this route. If you have two NICs installed that are attached to two different networks, you’ll need to specify which NIC the route command should use to reach its destination. To add a route to a remote network, issue the following command at the command line: route add 172.16.1.0 255.255.0.0 192.168.1.101 1 FIGURE 11.22 Route print Command Example. Exam Warning In most cases, you’ll only add routes in this fashion on a server that’s attached to multiple networks. Workstations will simply rely on their default gateway to route network traffic. Windows Tools 551 To change the metric of the route you just created, use the route change command: route change 172.16.1.0 255.255.0.0 192.168.1.101 10 To delete a route that you’ve created, use route delete: route delete 172.16.1.0 255.255.0.0 192.168.1.101 10 The route command has two additional switches that you should be aware of as you’re preparing for the Network+ exam:  route –f will clear any routes to destination networks that are cur- rently in the routing table. If you use the –f switch while creating or changing a route, the route command will clear the routing table and then add the new route you specify.  route –p will make the entry you’re adding to the routing table persistent. By default, any routes that you add manually will only stay in the routing table until the computer reboots. Using the –p switch ensures that the route will remain in memory until you manually delete it. Simple Network Management Protocol The Simple Network Management Protocol (SNMP) is a protocol used to communicate status messages from computers and devices on your net- work. These messages are sent to machines configured to receive these status messages. Machines that send these messages run SNMP agent software, and the machines that receive the status messages run SNMP management software. One way to remember how this works is to think of the agent software as a “secret agent” that gets information about a network device, and then reports the information to his “manager” at headquarters. Although the name of the SNMP protocol would lead you to believe that its primary function is to allow you to manage objects on your network, the management that’s happening here has more to do with monitoring your network, rather than actually making any changes to the devices themselves. SNMP allows you to audit the activities of servers, workstations, routers, bridges, intelligent hubs, and just about any network-connected device that supports SNMP agent software. For example, the agent software available with Windows 2003 allows you to monitor the Windows 2003 Server operating system, as well as Windows services like DHCP, WINS, Routing and Remote Access Service (RRAS), and others. All of these Windows 2003 services can be monitored remotely by SNMP management software. CHAPTER 11: Network Troubleshooting Tools 552 For the SNMP agent software to collect information regarding a particular service, a Management Information Base (MIB) must be created. The MIB is a database that describes which kinds of information should be gathered from a particular device. The MIBs included with Windows 2003 allow the agent software to communicate a wide range of information. The agent software is responsible for reporting the information gathered by the MIB. However, agents rarely volunteer information spontaneously. Rather, the SNMP agent must be queried by an SNMP management system. There is, however, an exception to this: a trap message. A trap message is sent spontaneously by an SNMP agent to the SNMP management system when an important event occurs. For example, you could configure a trap message to indicate that the World Wide Web service has become unresponsive on a particular machine. We would then configure the agent to send a trap message to the IP address of a computer running the SNMP management software so that an admin- istrator can quickly respond to this event. SNMP trap messages are sent to UDP port 162. There are two other types of messages associated with SNMP. A GET message is a request that is sent from an SNMP management system that requests information from an agent. A SET message will allow the SNMP management system to write changes to an MIB, and therefore extend its information-gathering abilities. SNMP GET and SET messages communi- cate on UDP port 161. SNMP is a fairly open protocol that doesn’t have many security features. To control which machines receive SNMP trap messages, you will configure an SNMP community name. In addition, you’ll configure a trap destination, which is the hostname or IP address of the computer running the SNMP management software. For a system to report to an SNMP management system, you first need to install the agent software on the target computer. In Exercise 11.3, we’ll install and configure the SNMP agent software on a Windows XP machine. ExErcisE 11.3 Click 1. Start | Control Panel | Add/Remove Programs. Click 2. Add/Remove Windows Components. Scroll down to 3. Management and Monitoring Tools and select Details. Enable the 4. Simple Network Management Protocol option. Linux Tools 553 Click 5. Next to begin the file copy process, and Finish when the process is complete. To configure the SNMP community, click 6. Start | Control Panel | Administrative Tools | Services. Scroll down to the 7. SNMP service. Right-click on the service and select Properties. Click the 8. Traps tab. In the Community Name drop-down list, enter the name of the 9. SNMP community and click Add. Under Trap Destinations, enter the 10. hostname or IP address of the computer running the SNMP management software and click Add. Click 11. OK to finish configuring the SNMP Agent. LINUX TOOLS Although you may be spending a great deal of your “real world” troubleshoot- ing time working on Windows computers, you should also be aware of the troubleshooting tools that are available for Linux- and UNIX-based comput- ers. This is especially important because large organizations often employ these open-source operating systems as Web servers, firewalls, and other components of the network infrastructure. Many of the troubleshooting tools available for Linux and UNIX are similar or even identical to tools we’ve already covered for Windows. For example, you can use the ping command from both a Windows and a UNIX computer. In this section, we’ll look at some tools that are specific to Linux- and UNIX-based operating systems. Utilizing the ifconfig Command You’ll use the ifconfig command to configure the NICs installed in a Linux computer, as well as to view information about any configured interfaces. Like most Linux tools, you’ll work with ifconfig from the command line. The most basic syntax and output for ifconfig is to simply type ifconfig, which will produce the following output: eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51 inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:190312 errors:0 dropped:0 overruns:0 frame:0 CHAPTER 11: Network Troubleshooting Tools 554 TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb) Interrupt:9 Base address:0x5000 Lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:306 errors:0 dropped:0 overruns:0 frame:0 TX packets:306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb) Even if you haven’t worked with Linux before, you should be able to recognize the two adapters that ifconfig is displaying information for: an Ethernet adapter called “eth0”, and the Loopback Adapter. You can see the following information listed for the eth0 interface:  HWaddr 00:80:C8:F8:4A:50 is the MAC address of the Ethernet adapter.  addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0 indicates the IP address, broadcast address, and subnet mask.  Interrupt:9 Base address:0x5000 give you information about the hardware resources being used by the Ethernet adapter.  RX packets indicate the number of packets received by this adapter. TX packets show the number of packets transmitted. You can quickly disable the Ethernet NIC on this Linux computer by typing ifconfig eth0 down. If you reissue the ifconfig command after you’ve brought the Ethernet adapter down, you’ll only see configuration informa- tion for the loopback adapter: ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:306 errors:0 dropped:0 overruns:0 frame:0 TX packets:306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb) Bringing an adapter back online is slightly more complicated, as you need to have the IP address and subnet mask ready to configure the adapter with. Linux Tools 555 To configure the Ethernet adapter with the same IP address it had before, you’ll issue the following command (notice the up at the end of the state- ment, which brings the NIC online after assigning it an IP address): ifconfig eth0 192.168.99.35 netmask 255.255.255.0 up If you enter the ifconfig command again after configuring the Ethernet adapter, you’ll once again see configuration information for eth0 in the out- put, as follows: eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51 inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:190312 errors:0 dropped:0 overruns:0 frame:0 TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb) Interrupt:9 Base address:0x5000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:306 errors:0 dropped:0 overruns:0 frame:0 TX packets:306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb) Utilizing the dig Command The dig command is the Linux equivalent to nslookup in Windows – it’s used to send name resolution queries to DNS servers to troubleshoot name resolution on a Linux-based client computer. The syntax of the dig com- mand is as follows: Test Day Tip ifconfig will configure a NIC in a Linux machine at the command line in the same way that the Network applet in Control Panel works on a Windows computer. dig [@server] [-b address] [-c class] [-f filename] [-k filename] [ -n ][-p port#] [-t type] [-x addr] [-y name:key] [name] [type] [class] [queryopt ] dig [-h] dig [global-queryopt ] [query ] . nslookup. In particular, be aware of how to search for mail server records using the MX option, and DNS servers using the NS option. CHAPTER 11: Network Troubleshooting Tools 550 use a particular. regarding a particular service, a Management Information Base (MIB) must be created. The MIB is a database that describes which kinds of information should be gathered from a particular device that’s on the same subnet as the local computer.  Metric This specifies the metric or cost of a particular route, from 1 to 9999. The higher the metric, the less likely the computer is to Test