CHAPTER 11: Network Troubleshooting Tools 556 Unlike nslookup, there is no interactive mode for nslookup; you’ll specify all of the necessary command line switches each time you issue the command. Each of these switches specifies certain behavior for the dig command, as follows:  @server This is the name of the computer you’re querying for. Unlike nslookup, dig requires you to use the Fully Qualified Domain Name (FQDN) of the host you’re looking for. Therefore, dig server1.mycompany.com is correctly formatted, while dig server1 would return an error.  –b address If you have multiple NICs installed on your computer, this switch will specify the IP address that you want the query to be sent from. This is useful if you have NICs attached to different networks and you are trying to isolate which network is experiencing the name resolution failure.  –t type This specifies the type of record you’re looking for, like an MX or SRV record.  –f filemane This will allow dig to operate in batch mode, where it will perform multiple queries that it reads in from a text file.  –p port This will issue a DNS query on a non-standard port. + [no] tcp Specifies whether to use TCP or UDP when performing a DNS query. dig www.mycompany.com +tcp will perform the query using TCP. dig www.mycompny.com +no tcp will issue the query using UDP. + domain=domainname Searches for a host using only the domain name that you specify, rather than using the search list that the Linux computer is configured with. + [no] recursive Specifies whether to use an iterative or a recursive query. Dig queries are recursive by default, so issuing the dig www.mycompany. com +no recursive would instruct dig to use an iterative query.  +time=Time Specifies the time (in seconds) that dig should wait before deciding that a query has timed out. The default value is five seconds. Exam Warning Remember that the default DNS port is 53. DNS queries use UDP port 53, and DNS zone transfers use TCP port 53. NetWare Tools 557 Utilizing the traceroute Command As you can probably guess, traceroute is the Linux and UNIX equivalent to tracert on a Windows computer. By typing traceroute www.mycompany.com from the command prompt of a Linux computer, you’ll see output similar to the following: traceroute to library.airnews.net (10.66.12.202), 30 hops max, 40 byte packets 1 rbrt3 (192.225.64.50) 4.867 ms 4.893 ms 3.449 ms 2 519.Hssi.ALTER.NET (10.130.0.17) 6.918 ms 8.721 ms 16.476 ms 3 113.ATM3.ALTER.NET (172.188.176.38) 6.323 ms 6.123 ms 7.011 ms 4 192.ATM2-0.ALTER.NET (192.188.176.82) 6.955 ms 15.400 ms 6.684 ms 5 105.ATM6FW4.ALTER.NET (192.188.136.245) 49.105 ms 49.921 ms 47.371 ms 6 298.XR2.DFW4.ALTER.NET (192.188.240.77) 48.162 ms 48.052 ms 47.565 ms 7 194.GW1.DFW1.ALTER.NET (192.188.240.45) 47.886 ms 47.380 ms 50.690 ms 8 iadfstomer.ALTER.NET (172.39.138.74) 69.827 ms 68.112 ms 66.859 ms 9 libnews.net (10.66.12.202) 174.853 ms 163.945 ms 147.501 ms NETWARE TOOLS When you are troubleshooting client connectivity problems involving NetWare servers, especially when the clients are Microsoft Windows clients using the NWLink Protocol, the most common culprit tends to be the Ethernet frame type that’s in use. When you install NWLink on a Windows PC, NWLink will be configured to use an Auto Detect feature to determine the correct frame type. In most cases, Auto Detect detects the correct frame type and network number. However, you can run into connectivity issues if your network is using multiple frame types or if a particular machine has the incorrect frame type set. By default, NWLink will set the Ethernet frame Exam Warning As you can see, the outputs of the traceroute and tracert commands are nearly identical. Just remember that you’ll use traceroute on a Linux or UNIX computer, and tracert on a Windows computer. CHAPTER 11: Network Troubleshooting Tools 558 type to 802.2. You can verify that the frame type is set correctly by following these steps: Access the 1. Local Area Connection dialog box on the Windows PC. Right-click the desired LAN connection and select Properties. Double-click 2. NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. On the 3. General tab, you can either verify that Auto Detect has been selected in the Frame type field, or else manually specify the frame type that should be used. OTHER NETWORK TROUBLESHOOTING TOOLS All of the troubleshooting tools we’ve discussed so far have been concerned with the networking software installed on a computer, especially the TCP/ IP stack. However, there are a number of tools that you can use to test the physical connectivity on your network. Some of these are tools that you can build yourself, like an Ethernet crossover cable, and some are more sophis- ticated, like high-powered hardware testers such as an oscilloscope or a tone generator. In this section, we’ll look at the different types of hardware testers that you should be familiar with. Crossover Cables A standard Ethernet cable will connect the NIC installed in a server or work- station to a wall jack or directly into a hub, switch, or router. For trouble- shooting situations, though, you may need to connect two computers directly together. In this case you’ll need to create a crossover cable, also called a null modem cable. You can also use crossover cables to identify which wall plate corresponds to a particular port on a switch or a hub – this is useful if you’ve taken over administration of a network that doesn’t have a good diagram of the physical network layout. The easiest way to create a crossover cable is to cut one end off of a standard Ethernet cable, and then rearrange the wires on one end of the cable so that they are in the following order (starting at pin 1): White/green1. Green2. Test Day Tip You can verify the network number and frame type on a Windows PC by typing ipxroute config at the command prompt. Other Network Troubleshooting Tools 559 White/orange3. White/brown4. Brown5. Orange6. Blue7. White/blue8. Oscilloscope For in-depth troubleshooting of your network cabling, you can use an oscillo- scope to monitor the electrical signal levels as they pass through the Ethernet cable. An oscilloscope displays a small graph that shows how electrical signals change over time. This helps you to determine the voltage and frequency of an electrical signal, and if any malfunctioning hardware components are distorting the signal. Tone Generator If you need to troubleshoot telephone connections, especially when dealing with modem connections, you may find yourself in need of a tone generator. This is either a piece of software or a hardware device that generates the tones that are used in a telephone system, including a dial tone, busy signal, and ring tone. You can plug a tone generator into a telephone jack to determine if the jack is functioning and able to make and receive calls. You can see a software-based tone generator in Figure 11.23. Cable Testers As you saw when we talked about creating a crossover cable, the wires in Ethernet cables are arranged in pairs, as follows: White/orange Orange White/green Blue White/blue Green White/brown Brown CHAPTER 11: Network Troubleshooting Tools 560 You can use a cable tester to test for any faults or breaks in an Ethernet cable. Cable testers are designed to allow you to plug both ends of a cable into the tester. If the cable is in good condition, light emitting diode (LED) lights on the tester will light up. If there is a break in the cable (or if the wires are in the wrong order) the LED lights on the tester will not light. FIGURE 11.23 Test Tone Generator Software for Windows. Test Day Tip NICs, hubs, routers, and switches have their own LED lights that you can use for troubleshooting. In general, the rule of thumb is that a steady green light indicates a solid network connection; a blinking green light means that traffic is being passed over a particular connection; and an amber (orange-brown) light means that the device (NIC, router port, hub port, etcetera) is damaged, malfunctioning, or has encountered an error. Importance of Network Documentation 561 IMPORTANCE OF NETWORK DOCUMENTATION After you’ve done all of the necessary troubleshooting to solve a problem, documenting your troubleshooting activities is vitally important. Putting down on paper the steps you go through, as you perform them, serves several purposes. First, it helps you to stay organized and perform those steps methodically. If you’re writing it down, you’re less likely to skip steps, because it’s all there in front of you, in visual form. You don’t have to wonder, “Did I test that cable segment?” or “Did I check the default gateway setting?” Documenting your actions also provides a valuable record if you end up having to call in an outside consultant or otherwise request someone else’s assistance with the problem. You’ll save time and money with an outside consultant if you can provide detailed information about what you tried, how you proceeded, and what the results were. Many network administrators lull themselves into a state of compla- cency about not documenting their behavior because they see the documen- tation process as too time-consuming. However, if a mistake occurs because of a failure to document what you’ve done, or what you were planning to do, the amount of time lost far exceeds the time you would have spent actually writing things down in the first place. Finally, you should document the troubleshooting and problem resolu- tion process for a very practical reason: History tends to repeat itself, and human memory is imperfect. As you wipe the perspiration off your brow and breathe a silent sigh of relief at having finally tracked down and solved your connectivity problem, you may think that there is no way you will ever, ever forget what you did to fix it – not after going through all of that agony. But a year later, when the same thing occurs again, it’s likely that you’ll remember only, “This happened before and I fixed it … somehow.” The details tend to get lost unless you write them down. One last caveat on documentation: It’s great to have a nice, neatly typed (and maybe even illustrated) troubleshooting log, but if you do your record- keeping on the computer instead of on paper, it’s a good idea not only to back it up to tape, floppy, writable CD, or other media, but also to print out a hard copy. It should be a given, but sometimes folks forget that when the computers go down, computerized documents may be inaccessible as well. SUMMARY OF EXAM OBJECTIVES In this chapter, we talked about the different troubleshooting tools available for you to track down and isolate connectivity problems on your network. We started by looking at the importance of having an overall framework or CHAPTER 11: Network Troubleshooting Tools 562 methodology for tackling networking issues. Before you think about the different tools available for troubleshooting, you first need to determine what the problem actually is. To do this, you need to gather as much infor- mation as possible from your users, as well as gathering information from system logs of any devices that are having trouble. You need to figure out what the problem actually is – users can’t access the Internet, they can’t communicate with another subnet, or maybe they’re only having trouble with a particular application. You also need to determine how widespread the failure is – if a problem is only affecting a single computer, the cause will probably be quite different than if it is affecting an entire subnet or your whole network. To help you further isolate the cause of a problem that you’re troubleshoot- ing, you have a number of utilities available in the Windows and Linux oper- ating systems. To test basic TCP/IP connectivity between two hosts, you can use the ping command – this is the equivalent of sending a message saying “Hey, can you hear me?” If you’re unable to ping the destination host, you can ping any number of devices along the way to determine where TCP/IP connectivity is failing – start by pinging a computer on the same subnet as the source host, then pinging the default gateway of the source host, and then pinging another host on the same segment as the destination host. You can also use the tracert command on a Windows computer or traceroute on Linux to view the actual path that network traffic takes between two hosts. tracert will ping each router that a network packet travels over to reach its destina- tion to see how well it is responding. You can see the IP address of each router that’s between you and your destination, and whether any of these hops is unavailable or slow to respond. On Windows Vista, XP, and 2000, you can use the pathping command, which combines the features of ping and tracert into a single utility. To troubleshoot name resolution issues, you can use nslookup on a Windows computer and dig on Linux. These commands will allow you to verify that your DNS servers are functioning properly and have the cor- rect information with which to answer client queries. For Windows-based computers that rely on NetBIOS, you can use the nbtstat command to troubleshoot NetBIOS name resolution. There are other tools that you can use to release and refresh IP address information that’s been assigned by a DHCP server, including ipconfig and winipcfg. To troubleshoot the physical components of your network, including network cables and wall jacks, you should also be familiar with the purpose of an Ethernet crossover cable, as well as cable testers that are designed to test Ethernet cables for flaws or breaks. Exam Objectives Fast Track 563 EXAM OBJECTIVES FAST TRACK A Troubleshooting Methodology When troubleshooting network connectivity, gather as much infor- mation from your users as possible. Use your knowledge of your network’s physical layout to isolate  connectivity issues. Documentation of your network’s physical and logical layout is  critical in performing troubleshooting in an efficient manner. The OSI Model A solid understanding of the OSI model will help you to trouble- shoot connectivity issues that occur at all layers of the model, especially the physical, data link, network, and transport layers. Physical layer difficulties are often associated with bad network  cables, NICs, or hubs. The network layer usually creates the largest number of trouble- shooting issues, because IP address configuration is assigned by an administrator and can change over time, unlike the MAC addresses of the data link layer that typically don’t change. Windows Tools Use  ping to test basic network connectivity between two hosts.  tracert will show you the actual path that network packets take when traveling from one computer to another, and how well these intermediary hops are functioning.  nslookup will allow you to troubleshoot name resolution issues relating to DNS. nbtstat is useful for troubleshooting NetBIOS- related issues. Linux Tools ifconfig is used to configure the network adapter on a Linux or  UNIX-based computer, much like the Network Connections applet on a Windows computer. CHAPTER 11: Network Troubleshooting Tools 564  dig is quite similar to nslookup in Windows, and it is used to test DNS name resolution for Linux computers.  traceroute is the Linux equivalent to tracert in Windows and produces nearly identical output. NetWare Tools When you are troubleshooting client connectivity problems  involving NetWare servers, especially when the clients are Microsoft Windows clients using the NWLink protocol, the most common culprit tends to be the Ethernet frame type that’s in use. When you install NWLink on a Windows PC, NWLink will be  configured to use an Auto Detect feature to determine the correct frame type. In most cases, Auto Detect detects the correct frame type and network number. You can verify the network number and frame type on a Windows  PC by typing ipxroute config at the command prompt. Other Network Troubleshooting Tools There are a number of tools that you can use to test the physi- cal connectivity of your network. Some of these are tools that you can build yourself, like an Ethernet crossover cable, and some are more sophisticated, like high-powered hardware testers such as an oscilloscope or a tone generator. For in-depth troubleshooting of your network cabling, you can use  an oscilloscope to monitor the electrical signal levels as they pass through the Ethernet cable. An oscilloscope displays a small graph that shows how electrical signals change over time. NICs, hubs, routers, and switches have their own LED lights that  you can use for troubleshooting. In general, the rule of thumb is that a steady green light indicates a solid network connection; a blinking green light means that traffic is being passed over a particular con- nection; and an amber (orange-brown) light means that the device (NIC, router port, hub port, etcetera) is damaged, malfunctioning, or has encountered an error. Exam Objectives Frequently Asked Questions 565 Importance of Network Documentation Documenting your troubleshooting activities helps you to stay  organized and perform troubleshooting steps methodically. Documenting your actions also provides a valuable record if you  end up having to call in an outside consultant or otherwise request someone else’s assistance with the problem. It’s great to have a nice, neatly typed (and maybe even illustrated)  troubleshooting log, but if you do your record-keeping on the computer instead of on paper, it’s a good idea not only to back it up to tape, floppy, writable CD, or other media, but also to print out a hard copy. It should be a given, but sometimes folks forget that when the com- puters go down, computerized documents may be inaccessible as well. EXAM OBJECTIVES FREQUENTLY ASKED QUESTIONS I’m working on a Linux computer and have forgotten the syntax of Q: the ifconfig command. Is there any way to quickly look it up with- out an Internet connection? A: Use the command A: man ifconfig. man is short for manual page and will produce a help file for many Linux- and UNIX-based com- mands. Use man ifconfig | more to force the man output to pause after every full screen. What is the difference between a recursive DNS query and an Q: iterative query? Iterative queries are used by DNS servers to look up records on A: behalf of clients. An iterative query is basically a big game of “whisper down the lane,” where one DNS server will refer to several other servers to find the answer to a query. A recursive query is performed by a DNS client, where the client will send a query to a server and wait patiently for an answer. I have a Windows Server 2003 server that runs the World Q: Wide Web service. I want to prevent outside users from being able to ping this server. Money is tight at our company, so we can’t afford to buy a physical firewall device to protect this server. How can I protect this server? Enable the built-in firewall that comes with Windows Server 2003. You A: can configure this firewall to block any ICMP requests to the server, which will prevent outside users from being able to ping the server. . However, you can run into connectivity issues if your network is using multiple frame types or if a particular machine has the incorrect frame type set. By default, NWLink will set the Ethernet frame. or UNIX computer, and tracert on a Windows computer. CHAPTER 11: Network Troubleshooting Tools 558 type to 802.2. You can verify that the frame type is set correctly by following these steps: Access. modem cable. You can also use crossover cables to identify which wall plate corresponds to a particular port on a switch or a hub – this is useful if you’ve taken over administration of a