appreciate the value of these commands. Ping
Ping is the most frequently used network monitoring and troubleshooting tool. Although it basically tests Layer 3 connectivity, it can be used to help solve application layer problems. For example, a troubleshooting strategy using ping can be used to identify a DNS application layer problem. If there is high latency due to congestion, it may cause application layer problems because of timeout issues. In a WAN setting, latency between packets should be expected. However, in a LAN setting, excessive latency between packets could be an indication of network problems. Ping is an excellent tool for identifying latency issues. Traceroute
Traceroute can be used to pinpoint a network problem. It identifies each intermediate router on the way from host A to host B. As shown in Figure , traceroute sends the first packet with a TTL value of 1. The first router decrements this and since the value drops to zero, the router discards the packet and sends an ICMP Time-to-live Exceeded message back to the sender. Traceroute then sends a packet with a TTL value of 2, which the first router decrements and routes. But the second router decrements it to zero, and sends an ICMP error message back. Ultimately, the TTL gets high enough for the packet to reach the destination host, and traceroute is done, or some maximum value (usually 30) is reached and traceroute ends the trace. Please note that most traceroute programs send a UDP datagram to a randomly selected high UDP port. Microsoft’s tracert uses an ICMP echo request message (a ping packet) instead, which may explain why some trace results do not match those of other users. Pathping
Pathping is a Windows NT/2000/XP feature that combines the features of the ping and tracert commands with additional information-gathering features. The pathping command sends packets to each router on the way to a final destination over a period of time and then computes results based on the packets returned from each hop. Pathping displays the degree of packet loss at any given router or link. This makes it easier to determine which routers or links might be causing network problems. Netstat
Netstat is used to report on the routing table of the system, TCP and UDP protocols, open connections (ports), and the remote systems ports. It gets this networking information by reading the routing tables in the memory, and then provides an ASCII format at the terminal. Every machine connected to an IP network has an IP routing table. How this information is displayed is platform dependent. The output of netstat – n and netstat – r on a Windows platform (netstat –r produces the same output as route print) is shown in Figure . Other useful netstat commands include netstat -a, which displays all connections, and netstat -e, which displays Ethernet statistics. Nslookup
The most useful tool for troubleshooting DNS problems is nslookup. It lets a user enter a host name (for example, cisco.com) and find out the corresponding IP address. It will also do reverse name lookup and find the host name for a specified IP address. Nslookup sends a domain name query packet to a designated (or defaulted) domain name system (DNS) server. Depending on the system being used, the default may be the local DNS name server at the service provider, some intermediate name server, or the root server system for the entire domain name system hierarchy.
Content 7.2 Gathering Information on Application Layer Problems 7.2.3 Platform specific TCP/IP utilities The traffic requirements of various platforms influences how network devices are configured. Five situations where traffic requirements would affect router setup are shown in Figure . TCP/IP troubleshooting combines facts gathered from network devices such as routers and switches, and facts gathered from a client or server. To check the local host configuration on a Windows NT/2000/XP system, open a DOS command window on the host and enter the ipconfig /all command. The resulting output displays the TCP/IP address configuration, default gateway, DHCP server, and Domain Name System (DNS) server addresses. If any IP addresses are incorrect or if no IP address is displayed, determine the correct IP address and edit it or enter it for the local host. The Windows NT/2000/XP platform will log most incorrect IP address or subnet mask errors in the Event Viewer. Examine the Event Viewer system log and look for any entry with TCP/IP or DHCP as the source. Read the appropriate entries by double-clicking them. Because DHCP configures TCP/IP remotely, DHCP errors cannot be corrected from the local computer. Also, check the configurations on the NT/2000/XP server. If a connection using an IP address is possible but the connection cannot be made using Microsoft networking (for example, Network Neighborhood), try to isolate a problem with the Windows NT/2000/XP server configuration. Problem areas with Microsoft networking relate to NetBIOS support and associated mechanisms used to resolve non-IP entities with IP addresses. Non-IP problems can be checked using the nbtstat command. As a last resort, try rebooting the Windows system. Although this practice is not encouraged, it frequently repairs the problem. Figure shows some general commands used for isolating application layer problems. While many of these commands display lower layer information, the commands are still useful because they highlight problems in the application layer. Figure shows the output of the ifconfig command.
Content 7.2 Gathering Information on Application Layer Problems 7.2.4 Cisco IOS commands The Cisco IOS software offers powerful commands to help in monitoring and troubleshooting network problems. The following highlights some of the most common and useful commands. The router show commands are among the most important tools for understanding the status of a router, detecting neighboring routers, monitoring the network in general, and isolating problems in the network. These commands are essential in almost any troubleshooting and monitoring situation. Use show commands for the following activities: The debug EXEC commands can provide a wealth of information about the traffic being seen (or not seen) on an interface, error messages generated by nodes on the network, protocol-specific diagnostic packets, and other useful troubleshooting data. Be conservative with debug commands as these commands often generate quite a bit of extraneous data. Use debug commands to isolate problems, not to monitor normal network operation. Use debug commands to look for specific types of traffic or problems after narrowing the problems to a likely subset of causes. Figure shows examples of IOS troubleshooting commands.
Content 7.2 Gathering Information on Application Layer Problems 7.2.5 System logs Logging enables the router or switch to keep track of events that occur. Logging can help find trends, system error messages, outages, and a variety of other network events. How an administrator chooses to implement system logging and manage logging data may affect their ability to manage their networks and effectively troubleshoot problems. Time should be taken to develop a logging strategy that will provide reliable data when required. Monitoring activity in the log files is an important