9. Hosts: TCP/IP Configuration IP Address MAC Address Subnet Mask Default Gateway DNS Server DHCP Enabled DHCP Server 192.168.1.100 00-50-56-C0-00-01 255.255.255.0 192.168.1.1 192.168.2.101 Yes 192.168.2.200 [email_address] [email_address]
10. Subnetting DMZ Internet Subnet Mask 255.255.255.192 or CIDR /26 Network ID 192.168.1.0 10.21.128.1 [email_address] [email_address] 192.168.1.128 192.168.1.0 192.168.1.64 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 Hosts: 192.168.1.66-126 Hosts: 192.168.1.29-190 192.168.1.1 192.168.1.65 192.168.1.129
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22. Tools Summary [email_address] [email_address] Tool Description Arp Allows viewing and editing of the Address Resolution Protocol (ARP) cache. Hostname Displays the host name of the computer. Ipconfig Displays the current TCP/IP configuration for both IPv4 and IPv6. Also used to manage Dynamic Host Configuration Protocol (DHCP)-allocated IPv4 address configurations, display or flush the DNS client resolver cache, and register DNS names. Netsh Configuration tool for many network services. For each network service, there is a context containing commands specific for that service. For the netsh interface ip contexts, displays and administers TCP/IP protocol settings on either the local computer or a remote computer. Netstat Displays protocol statistics and information on current TCP connections. Nslookup Performs DNS queries and displays the results. Ping Sends Internet Control Message Protocol (ICMP) Echo or Internet Control Message Protocol for IPv6 (ICMPv6) Echo Request messages to test reachability. Route Allows viewing of the IPv4 and IPv6 routing tables and editing of the IPv4 routing table. Tracert Sends ICMP Echo or ICMPv6 Echo Request messages to trace the network route taken by IPv4 or IPv6 packets to a specific destination. Pathping Sends ICMP Echo or ICMPv6 Echo Request messages to trace the route an IPv4 or IPv6 packet takes to a destination and displays information on packet losses for each router and link in the path. Event Viewer Records errors and events. Performance Logs and Alerts Logs TCP/IP core protocol performance and sends alerts (the SNMP service must be installed). Network Monitor Captures and displays the contents of TCP/IP packets sent to and from computers running Windows Server 2003. Telnet Tests TCP connection establishment between two nodes.
Editor's Notes
http://technet.microsoft.com/en-us/library/hh182191.aspx IT Networking for Application Developers: Knowing how to troubleshoot your development machine, test and production environments for networking connectivity issues.
A network supports communication between one device to another. Sometimes, devices just do not communicate. What should we do? Understanding IT Networking and Troubleshooting for Connectivity As an application developer, I have always wondered how networking works and what their configuration means. And so I have gone on a research journey on answering my own questions and sharing them with you in this presentation from perspective of an application developer.
Host Generally, routers, printers, switches, hubs and modems are not considered as host in everyday networking language.
DNS server resolves fully qualified domain names to IP addresses – similar to a phone book. Hosts cache DNS mappings into their DNS client resolver cache. When a new host name is resolved, the host saves it in the DNS client resolver cache for a period of time. The local host file gets loaded to the DNS client resolver cache. File location: C:\\Windows\\System32\\drivers\\etc DHCP server allows for a host for automatic IP configuration for communication on a network. Centralized management for hosts to be connected to a network. As a result, two hosts won’t have the same IP address assigned. Can provide local caching of DNS resolvers. In the case where a host needs a static IP address assignment, the DHCP server can create a client reservation for an IP address based on the MAC address. For example, servers and network printers would normally have client reservations. A network interface is configured with DHCP server IP address.
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. [TODO: further expansion]
As we have identified the basic networking devices that enable communication, TCP/IP is the “language” as to how they communicate. TCP/IP is a suite of protocols that also include UDP, ARP, ICMP, DHCP, DNS, IGMP and others. The standard for internet based communication. A protocol has header and message format. a set of rules and standards of exchanging data. can be specific to a layer in the OSI or TCP/IP model.
IP Address Numerical identification of a device on a network. Two components – network ID or subnet prefix and host ID Supports routing Static IP assignment is configured at one time to the network interface and is constant. Usually through manual user configuration. Dynamic IP assignment is done through a DHCP server within the network. Each time a network device is connected, a new IP address is given. Also it has a defined lease duration before a new IP address is assigned. For home networks, the router serves as a DHCP server. Windows Server has the DHCP server role feature that can be installed and serve to assign IP addresses. In a DHCP enabled network, it is best to statically assign IP addresses to routers, firewalls, servers, print servers. This is configured in the DHCP server as a ‘client reservation’. Given the MAC address of the device, one can configure an IP address within it scope. For example, if a network printer is turned on/off then it will receive a new IP address from the DHCP server, clients will not be able to print; therefore configuring for client reservation. Subnet Mask A subnet is a partition of a network. Applying the subnet mask to an IP address yields the network ID and Host ID. All hosts in a subnet work share the same network ID. MAC Address Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are hardwired to the network interface cards. 48-bit address. Default Gateway A router on a network or subnet that serves as the entry and exit point to another network. When a destination IP address does not match any routes or the subnet IP range, then the packet is sent to the default gateway for further routing.
http://wiki.xtronics.com/index.php/IP_Subnet_Masks#Mask_.3D_.2F25 Subnet Mask 255.255.255.192 can have 62 usable hosts per each of the 4 subnets. Network ID is 192.168.1.0 Hosts 192.168.1.0-63 192.168.1.64-127 192.168.1.128-191 192.168.1.192-255
[May drop this slide, but feel it is good to illustrate how subnetting works.]
Verify tcip/ip installation ping 127.0.0.1 Verify IP Address ipconfig /all netsh interface ip show config ipconfig /release ipconfig /renew To see IP configuration settings on a remote server netsh –r filesrv1 interface ip show config (provide username and password as part of arguments) Ping the Loopback Address 127.0.0.1 Ping 127.0.0.1 to verify that TCP/IP is working properly If you receive an error message at this point, TCP/IP (protocol) is not properly installed. Remove and reinstall TCP/IP. Local Area Connection > Properties > General tab, click Install , select Protocol , and then click Add . Ping Your Computer's IP Address ping <computer’s IP address> to verify network adaptor is working properly If you receive an error message at this point, there may be a communication problem between Windows NT and your network adapter. To correct, remove and reinstall your network adapter driver. IP Conflict scenario If a host on a DHCP network is configured with static IP addresses manually where the IP address is already assigned by DHCP server, then an IP conflict will result. Communication is will split between the two hosts. The Event Viewer can log such events. ARP cache The address resolution protocol (ARP) cache is a list of recently resolved IP address to Media Access Control (MAC) address mappings. The MAC address is the unique physical address embedded in each network interface card. To display IP address to MAC address mappings: arp –a The ARP cache may have old mappings and hinder connectivity. To clear arp cache: arp –d Situation: If two switches are patched or have direct connection, the ARP tables can refer to one another creating a loop.
Verify tcip/ip installation ping 127.0.0.1 Verify IP Address ipconfig /all netsh interface ip show config ipconfig /release ipconfig /renew To see IP configuration settings on a remote server netsh –r filesrv1 interface ip show config (provide username and password as part of arguments) Ping the Loopback Address 127.0.0.1 Ping 127.0.0.1 to verify that TCP/IP is working properly If you receive an error message at this point, TCP/IP (protocol) is not properly installed. Remove and reinstall TCP/IP. Local Area Connection > Properties > General tab, click Install , select Protocol , and then click Add . Ping Your Computer's IP Address ping <computer’s IP address> to verify network adaptor is working properly If you receive an error message at this point, there may be a communication problem between Windows NT and your network adapter. To correct, remove and reinstall your network adapter driver. IP Conflict scenario If a host on a DHCP network is configured with static IP addresses manually where the IP address is already assigned by DHCP server, then an IP conflict will result. Communication is will split between the two hosts. The Event Viewer can log such events. ARP cache The address resolution protocol (ARP) cache is a list of recently resolved IP address to Media Access Control (MAC) address mappings. The MAC address is the unique physical address embedded in each network interface card. To display IP address to MAC address mappings: arp –a The ARP cache may have old mappings and hinder connectivity. To clear arp cache: arp –d Situation: If two switches are patched or have direct connection, the ARP tables can refer to one another creating a loop.
Default Gateway ipconfig to display default gateway IP address. Ping default gateway to verify connectivity. If error, then router is not connected, turned off, or hardware failure. Subnet Mask A wrong subnet can disrupt communication from one host to another. If a subnet mask of a host is “within” the subnet mask of another host and the router’s, then the other host can communicate to the first. Example, PC1 can communicate with PC2 PC1 - 192.168.1.10 /24 PC2 - 192.168.1.210 /25 Default Gateway - 192.168.1.1 /24 Wrong subnet mask effect on a host - https://learningnetwork.cisco.com/message/75037 If you have PC1 and PC2 on 192.168.1.0 /24 network and you have PC3 and PC4 on the 192.168.2.0 /24 network, you can attach them all to the same switch and PC1 will communicate with PC2 and PC3 will communicate with PC4 because the rules are all correct. But, PC1/PC2 can't communicate with PC3/PC4 because they are located on different subnets and require routing.
Connecting to other via ping command ping <computer IP address> If ‘request timed out’ possible issue with router(s), intermediate network devices or target host. Note: a host may deny ping (ICMP) requests as a security measure (on the internet). Verify Persistent Route Table Entries All computers have a route table to route packets to neighboring nodes. Route table is automatically rebuilt at reboot. route -print to display route table. A persistent route may be old or incorrect. route –print netstat –r To clear, route –f [Route tables shouldn’t be a problem area.] TCP/IP Routing Basics for Windows NT - http://support.microsoft.com/kb/140859/EN-US Verify reachability with intermediate routers Troubleshoot whether it is a router issue rather than a target host issue. tracert <IP address> reports each router or gateway crossed by a TCP/IP packet on its way to another host. Possible firewall or proxy blocking packet. Note: a router may deny ping (ICMP) requests as a security measure (on the internet).
Connecting to other via ping command ping <computer IP address> If ‘request timed out’ possible issue with router(s), intermediate network devices or target host. Note: a host may deny ping (ICMP) requests as a security measure (on the internet). Verify Persistent Route Table Entries All computers have a route table to route packets to neighboring nodes. Route table is automatically rebuilt at reboot. route -print to display route table. A persistent route may be old or incorrect. route –print netstat –r To clear, route –f [Route tables shouldn’t be a problem area.] TCP/IP Routing Basics for Windows NT - http://support.microsoft.com/kb/140859/EN-US Verify reachability with intermediate routers Troubleshoot whether it is a router issue rather than a target host issue. tracert <IP address> reports each router or gateway crossed by a TCP/IP packet on its way to another host. Possible firewall or proxy blocking packet. Note: a router may deny ping (ICMP) requests as a security measure (on the internet).
Verify DNS Configuration nslookup <DNS server IP address> Queries DNS server to resolve host name to IP addresses. Note that the local host file overrides DNS lookups, but nslookup does not consider the host file. Although a host reachable by IP, it may not be reachable by host name or a FQDN. This would be due to DNS server issues. Verify through ipconfig /all that the DNS server IP address is correct. netsh interface ip show dns ping the DNS server by IP address. Verify DNS server on the network. To re-register the local computer in the DNS database on name servers. What this means is that all DNS names for the local computer are first released and then renewed in the DNS database (assuming you have an Active Directory network that uses Dynamic DNS or DDNS for registering DNS names in the database). ipconfig /registerdns Verify DNS client resolver cache Verify DNS entries ipconfig /displaydns In the event of DNS configuration changes, may need to flush the DNS client resolver cache. Clear cache ipconfig /flushdns NetBIOS NetBIOS name resolution means successfully mapping a NetBIOS name to an IP address. A NetBIOS name is a 16-byte address that is used to identify a NetBIOS resource on the network. A NetBIOS name is either a unique (exclusive) or group (nonexclusive) name. When a NetBIOS process is communicating with a specific process on a specific computer, a unique name is used. When a NetBIOS process is communicating with multiple processes on multiple computers, a group name is used. To reload remote cache name table nbtstat -r Host File File location: %SystemRoot% \\system32\\drivers\\etc\\hosts DNS client resolver cache is populated with the host file entries along with DNS server records Host file entries override DNS entries. The nslookup command does not resolve entries in the host file.
Check Packet Filtering or Firewall Rules Verify TCP Session Establishment Although a remote host is reachable by ping tool, verify TCP connection. telnet <IP address> <TCP Port>
Check Packet Filtering or Firewall Rules Verify TCP Session Establishment Although a remote host is reachable by ping tool, verify TCP connection. telnet <IP address> <TCP Port>