Appendix C 746 Over the weekend you have installed a new NIC in a server and 15. have configured the NIC to have the same static IP address that was set on the old NIC. First thing Monday morning you receive a network alert that there is large number of broadcasts taking place on the network segment where this server resides. What is the probable cause for the increase in broadcasts? A. ARP resolutions B. RARP resolutions C. DNS resolutions D. Dig attempts Correct answers and explanations: A. Answer A is correct because by replacing the NIC in the server, the IP address to MAC address information that was cached on other machines for that server is now out of date. In order to communicate with the server successfully the other machines will perform an ARP broadcast requesting the MAC address that corresponds to the server’s IP address. Since the replacement took place over the weekend when it was likely that many machines were off or not in use, the spike in broadcasts was not seen until Monday morning when the machines were powered on and attempting connection to the server. The ARP broadcasting will subside once resolution has occurred and the machines are able to store the new MAC and IP address values in their ARP cache. Incorrect answers and explanations: B, C, and D. Answer B is incorrect because RARP is reverse ARP and in this case it is unlikely that it is being required to connect. The name and the IP address of the server did not change, so DNS and other name resolution systems would have the correct information. So once the name resolution has taken place to provide an IP address, the final compo- nent to retrieve is the MAC address that corresponds to the IP address. ARP is responsible for mapping IP addresses to MAC addresses, not RARP. RARP maps MAC addresses to IP addresses. Answer C is incorrect because DNS resolution does not occur over a broadcast. DNS resolution is directed traffic sent to the DNS server. Answer D is incorrect because Dig attempts do not occur over a broadcast. Dig is traffic that is sent directly to the DNS server. ChApTEr 12: NETworK TrouBlEShooTING METhodoloGy You are a network consultant specializing in supporting Small 1. Office Home Office (SOHO) networks. One of your clients maintains an office consisting of three workstations configured Appendix C 747 in a peer-to-peer workgroup. This office does not have a server computer at this time. One of the workstations, \\OFFICE1, has an IP address of 192.168.1.100 and has a file share that the other three workstations are able to access using the following syntax: \\OFFICE1\share. Your client has called you in to troubleshoot a new workstation that they have recently installed that is unable to access this share. When you arrive on site, you find that the workstation is able to ping OFFICE1 by its IP address, but not by its NetBIOS name. What is the best way for you to allow the new workstation to access the file share located on OFFICE1? A. Upgrade OFFICE1 to Windows 2003 server and configure the WINS Server service. B. Add an entry to the lmhosts file on the new workstation. C. Add an entry to the findhosts file on the new workstation. D. Upgrade OFFICE1 to Windows 2003 server and configure the DNS service. Correct answers and explanations: B. Answer B is correct, because a Universal Naming Convention (UNC) path is being used to attempt to connect to the OFFICE1 machine. UNC paths utilize NetBIOS names for connectivity, so the NetBIOS name of OFFICE1 must be resolved to an IP address before a connection can be successful. The LMHOSTS files is a local text-based file which is used to resolve NetBIOS names. By adding an entry into the LMHOSTS file for the OFFICE1 machine, the new workstation will be able to resolve the name, get an IP address, and then use the IP address to make a successful connection to the share. Incorrect answers and explanations: A, C, and D. Answer A is incorrect, because upgrading a workstation operating system to a server operating sys- tem is not a viable upgrade path for Windows-based systems. If a fresh install of Windows 2003 was to be performed, and WINS were to be installed, then all of the machines in the office would need to be configured to utilize WINS. In a small office setting with so few machines, installing a server-based sys- tem and a name resolution service like WINS is possible, but it is much more than such a small setting requires. Answer C is incorrect, because the findhosts file doesn’t exist. It is a fictional file name. Answer D is incorrect, because DNS is a service that is used for host names, and not for NetBIOS name resolution. Also, upgrading a workstation operating system to a server operating system is not a viable upgrade path for Windows-based systems. If a fresh install of Windows 2003 was to be performed, and DNS were to be installed, then all of the machines in the office would need to be configured Appendix C 748 to utilize DNS. In a small office setting with so few machines, installing a server-based system and a name resolution service like DNS is possible, but it is much more than such a small setting requires. You are troubleshooting network connectivity issues on a network 2. that is running Windows servers and clients. Users are reporting that they are unable to send e-mail, though they have been receiv- ing messages from external users without a problem. During your troubleshooting, you see the configuration item on the Windows server that is shown in Figure 12.8. Based on this information, how can you correct the issue that this office is reporting? A. Install and configure the POP3 service. B. Change the startup type of the SNMP Trap Service to Automatic. C. Start the Simple Mail Transport Protocol (SMTP) service. D. Start the Routing and Remote Access Service. Correct answers and explanations: C. Answer C is correct, because the Simple Mail Transport Protocol (SMTP) service is utilized to send e-mail. On this server the service is in a stopped state, even though it is configured to start automatically. While the service is stopped e-mail cannot flow out- bound from the system and users will not be able to send mail until the service is restored to a Started state. FIGurE 12.8 Appendix C 749 Incorrect answers and explanations: A, B, and D. Answer A is incorrect, because POP3 is a protocol used to receive mail. This question states that users are receiving mail without an issue, and it is the sending of e-mail that is not functioning. Answer B is incorrect, because SNMP is an acronym for Simple Network Management Protocol. It is a protocol used to manage and collect information about a network infrastructure and it is not used for e-mail sending purposes. Answer D is incorrect, because the Routing and Remote Access Service (RRAS) is utilized to validate remote access sessions. It is not used in to send e-mail messages and therefore is not the appropriate solution to the issue presented. You are a network consultant and have been called in to trouble-3. shoot a connectivity issue on a UNIX network. From the client’s UNIX workstations, which of the following utilities can you use to perform network troubleshooting? (Select all that apply.) A. Ping B. Tracert C. Pathping D. Traceroute E. Nslookup F. Dig Correct answers and explanations: A, D, E and F. Answer A is correct, because ping is a command that can be utilized on a UNIX-based worksta- tion in order to troubleshoot TCP/IP connectivity problems. Answer D is correct, because traceroute is a command that can be utilized on a UNIX- based workstation in order to troubleshoot routing-related issues that may exist. Answer F is correct, because dig is a command that can be utilized on a UNIX-based workstation in order to troubleshoot DNS-related issues. Answer E is correct, because nslookup is a command that can be utilized to troubleshoot DNS from a Windows or a UNIX-based system. Incorrect answers and explanations: B and C. Answer B is incorrect, because tracert is a command that is used to troubleshoot routing-based issues from a Windows-based system. Answer C is incorrect, because pathping is a command also used to troubleshoot routing-based issues from a Windows-based system. You are the network administrator for a network that employs a 4. Windows 2003 server and 30 Windows XP Professional worksta- tions. The Windows 2003 server runs the DHCP service to provide TCP/IP configuration information to the Windows XP clients. You receive a call from one of your users stating that he is unable to Appendix C 750 browse any internal network resources or Internet websites. Other users on the same subnet are able to browse without difficulty. You run the ipconfig command on the problem workstation and see the following output: Windows IP Configuration Host Name: IBM-A38375FF22E Primary Dns Suffix: Node Type: Hybrid IP Routing Enabled: No WINS Proxy Enabled: No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix: Description: Intel(R) PRO/Wireless 2200BG Network Connection Physical Address: 00-1E-25-1A-D3-5A Dhcp Enabled: Yes Autoconfiguration Enabled: Yes IP Address: 169.254.1.96 Subnet Mask: 255.255.0.0 Default Gateway: DHCP Server: DNS Servers: Lease Obtained: Tuesday, March 29, 2005 1:00:10 PM Lease Expires: Wednesday, March 30, 2005 1:00:10 PM Based on this output, why is this workstation unable to browse any network resources? A. The default gateway is unavailable. B. The workstation could not contact a DHCP server. C. The workstation is configured with the incorrect default gateway. D. The workstation’s DHCP lease has expired. Correct answers and explanations: B. Answer B is correct, because the workstation is displaying a 169.254.1.96 IP address, which is an APIPA address. APIPA is short for Automatic Private IP Address and covers a range of 169.254.0.0 through 169.254.255.254. An address from this range is automatically assigned to a machine when it is configured to utilize DHCP, but it is not able to contact a DHCP server. Typically when a machine is assigned an APIPA address it is not able to connect to with the rest of the network, since the rest of the network will most likely be utilizing a differ- ent addressing scheme. In very small business networks and home network environment is it possible to rely on APIPA for addressing. APIPA does not Appendix C 751 configure variables such as a gateway, so in most corporate environments where routers exist, APIPA isn’t appropriate for network configurations. Incorrect answers and explanations: A, C, and D. Answer A is incorrect, because a default gateway is never configured when an APIPA address has been assigned. Answer C is incorrect, because the workstation does not have a gateway value configured; it has an APIPA address configured, which never has an accompanying gateway value. Answer D is incorrect, because when a workstation’s DHCP lease has expired it will attempt to renew its existing IP address. It is only is if is unsuccessful in renewal that it will be forced to abandon the currently issued IP address. It will then issue an APIPA address instead. You are the network administrator for a sales office. Until now, this 5. has been a small peer-to-peer network consisting of five Windows XP workstations using lmhosts files on each workstation to per- form name resolution. The sales force has recently expanded sig- nificantly, requiring you to purchase a Windows Server 2003 server and 15 additional workstations. You have encountered numerous troubleshooting situations where a workstation’s lmhosts file was missing or out of date, preventing name resolution from taking place. How can you improve the name resolution process for your network? A. Install the DNS service on the Windows 2003 server. B. Install the WINS service on the Windows 2003 server. C. Install the DHCP service on the Windows 2003 server. D. Install the DNS service on each Windows XP workstation. Correct answers and explanations: B. Answer B is correct, because by centralizing the name resolution service by deploying WINS, much of the maintenance and overhead that comes with managing a distributed name solution is removed. Since once a workstation is configured to use WINS they will automatically update and register their name and IP informa- tion, the burden is taken off the administrator to keep the local text-based LMHOSTS file up to date. Incorrect answers and explanations: A, C, and D. Answer A is incorrect, because DNS services are utilized for hostname resolution, and this scenario is utilizing lmhosts files, which are used for NetBIOS name resolution. Answer C is incorrect, because DHCP is a service utilized to configure IP addresses, and not a service used to aid in name resolution. Answer D is incorrect, because DNS is a service that is installed on server-based platforms, and not on Appendix C 752 workstation machines. For local hostname resolution on a workstation, a host’s file may be used. You are the network administrator for a large pharmaceutical com-6. pany that has over 1,000 workstations. To simplify TCP/IP configu- ration for these numerous clients, you installed a DHCP server over a year ago to automatically configure your clients with an IP ad- dress, as well as the following common configuration information: Subnet Mask: 255.255.0.0 Default Gateway: 172.16.0.1 DNS Servers: 172.16.0.100 172.16.0.101 As part of a recent network redesign, you had to change the default gate- way used by your clients to a different IP address: 172.16.1.1. You made the necessary change on the DHCP server, and most of your clients were updated automatically. After you make this change, you receive a call from one user who no longer is able to browse the Internet. You examine the TCP/IP configuration of her LAN connection (see Figure 12.9). How can you configure this workstation with the correct default gate- way information? (Each choice represents a complete solution. Choose two.) A. Delete the manually configured information and select Obtain an IP address automatically. B. Run ipconfig /renew from the command prompt. C. Manually update the IP address of the default gateway. D. Run ipconfig /release from the command prompt. Correct answers and explanations: A and C. Answer A is correct, because by changing the configuration to Obtain an IP address automatically the machine will connect to the DHCP server to receive an IP address and also receive the configured options which include the new default gateway value. Answer C is correct, because by manually updating the IP address of the default gateway on the client machine it will be able to connect to the correct default gateway. Incorrect answers and explanations: B and D. Answer B is incorrect, because an ipconfig/renew command will force a client to attempt renewal of its DHCP address. Since this client machine is configured with a static IP address, issuing this command will not have an effect, and will not cause the client machine to receive the correct default gateway from the DHCP server. Answer D is incorrect, because ipconfig/release command will force Appendix C 753 a client to release its current DHCP address. Since this client machine is configured with a static IP address, issuing this command will not have an effect, and will not cause the client machine release a DHCP address since it doesn’t have one. Also, since it is configured with a static IP address this command will not cause the client to receive the correct default gateway from the DHCP server. You are the administrator for the network shown in the Figure 7. 12.10. Based on the information in this figure, which computer is configured incorrectly? A. Computer1 B. Computer2 C. Computer3 D. Computer4 E. Computer5 FIGurE 12.9 Appendix C 754 F. Computer6 G. Computer7 H. Computer8 Correct answers and explanations: D. Answer D is correct, because Computer4 has an incorrectly configured IP address. The machine is connected to a segment with the network address of 192.168.4.0/24, yet Computer4 has an IP address of 192.168.5.101/24. This will prevent the machine from properly connecting to its default gateway and any other nodes on the same segment. Incorrect answers and explanations: A, B, C, E, F, G, and H. Answer A is incorrect, because Computer1 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.3.0/24, and Computer1 has an IP address of 192.168.3.101/24. Answer B is incorrect, because Computer2 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.3.0/24, and Computer2 has an IP address of 192.168.3.102/24. Answer C is incorrect, because Computer3 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.4.0/24, and Computer3 has an IP address of 192.168.4.100/24. Answer E is incorrect, because Computer5 has a correctly configured IP FIGurE 12.10 Appendix C 755 address. The machine is connected to a segment with the network address of 192.168.1.0/24, and Computer5 has an IP address of 192.168.1.101/24. Answer F is incorrect, because Computer6 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.1.0/24, and Computer4 has an IP address of 192.168.1.102/24. Answer G is incorrect, because Computer7 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.2.0/24, and Computer7 has an IP address of 192.168.2.100/24. Answer H is incorrect, because Computer8 has a correctly configured IP address. The machine is connected to a segment with the network address of 192.168.2.0/24, and Computer8 has an IP address of 192.168.2.101/24. You are the network administrator for the network shown in Figure 8. 12.11. You have recently purchased a new Windows XP worksta- tion called Computer9 that you now need to add to Subnet C. Which of the following would be a valid IP address that would allow Computer9 to access resources on all four subnets? A. 192.168.3.155 B. 192.168.3.1 C. 192.168.3.0 D. 192.168.3.255 FIGurE 12.11 . information: Subnet Mask: 255.255.0.0 Default Gateway: 172.16.0.1 DNS Servers: 172.16.0.100 172.16.0.101 As part of a recent network redesign, you had to change the default gate- way used by your clients