respectively. The following commands can be used
to isolate application layer problems related to email and the
POP3, SMTP, and IMAP protocols. If there is a problem with the
receiving system, the user should see a text error message. If
the connection was successful, a hello message will be
displayed or an unresponsive Telnet window will open. This
indicates connectivity to the server. At this point, the user
could use POP3 or SMTP text-based commands to perform basic
e-mail procedures such as authenticate, read, delete, or send
messages. For example, basic POP commands include user, pass,
stat, list, top, uidl, retr, dele, noop, rset, and quit.
Content 7.3 Troubleshooting TCP/IP Application Layer
Protocols 7.3.6 File transfer File Transfer
Protocol (FTP) is used for uploading and downloading files
between remote computer systems on a network. Servers run FTP
services or FTP daemons, and clients connect by way of the
TCP/IP FTP client command line interface or with a third party
commercial program that offers a graphical user interface (for
example, WS_FTP Pro, UNIX NcFTP Client, and Linux IglooFTP
PRO). A Web browser can also make FTP requests to download
programs selected from a Web page. FTP uses two or more TCP
connections to accomplish data transfers. To start a session,
the FTP client opens a TCP connection to port 21 on the FTP
server. This connection is called the control connection and is
used to pass commands and results between the client and the
server. No data, such as file transfers or directory listings,
is passed over the control connection. Instead, data is
transferred over a separate TCP connection called the data
connection. This data connection can be opened in several
different ways: - Traditional (or active)—The FTP
server opens a TCP connection back to the client's port 20.
This method will not work on a multi-user system because many
users may make simultaneous FTP requests, and the system will
not be capable of matching incoming FTP data connections to the
appropriate user.
- Multi-user traditional (or
active)—The FTP client instructs the FTP server to open a
connection on some random port in the range 1024 through
65,535. This method creates a rather large security hole
because it requires system administrators to permit inbound TCP
connections to all ports greater than 1023. Although firewalls
that monitor FTP traffic and dynamically allow inbound
connections help close this security hole, many corporate
networks do not permit this type of traffic. Most command-line
FTP clients default to this method of transfer and offer a
passive command (or something similar) to switch to passive
mode.
- Passive mode—The FTP client instructs
the FTP server that it wants a passive connection, and the
server replies with an IP address and port number to which the
FTP client can open a TCP data connection. This method is by
far the most secure because it requires no inbound TCP
connections to the FTP client. Many corporate networks permit
only this type of FTP transfer. Most web browsers default to
this method of FTP transfer.
As an example, assume
a typical FTP connection process to connect to an FTP server
and download a file called README. Once logged in to an FTP
server, the user could type help to get a listing of acceptable
commands. Some of the more popular FTP commands include ascii,
binary, cd, dir, get, help, Is, mkdir, put, pwd, and quit. An
FTP connection can be tested using any Telnet application that
allows a port number to be specified. Telnet to the IP address
of the destination server using port 21. If the connection is
successful, a hello message will be displayed or an
unresponsive Telnet window will open. This indicates
connectivity to the server. At this point the user may want to
type in help to see which commands are available. Since the
connection to the FTP server is by way of Telnet, the choice of
commands will vary. In some instances, a router can be
configured to act as an FTP server. FTP clients can copy files
to and from certain directories on the router. For example, the
FTP Server allows retrieval of files, such as syslog files,
from the disk file system on the router. When the router
receives a request for an FTP connection, the FTP Server
process is started. At this point, the user is typically
prompted for a username and password. After supplying a valid
username and password, various commands can be entered.
TFTP
Trivial File Transfer Protocol (TFTP) is a
simplified version of FTP. Unlike FTP that uses the TCP
transport protocol, TFTP operates over port 69 and makes use of
the UDP protocol. UDP makes TFTP faster at uploading and
downloading files. A client can only read or write a file to a
TFTP server. Unlike FTP, TFTP does not support
directory-browsing, file renaming, logging in, or statistics.
For this reason, a user must know the filename of the file
they wish to download. A common TFTP application is to back up
and restore router configuration files and IOS images. The
following commands display information about file management
applications. A troubleshooter uses the information from these
commands to isolate problems at the application layer that are
related to the FTP and TFTP protocols.
Content 7.3
Troubleshooting TCP/IP Application Layer Protocols
7.3.7 Network management and time protocols
NTP
Logging time is very important in determining
when a problem started. Most network problems can be narrowed
down to a configuration change or modifications to the network
topology. A synchronized time enables correlation of syslog and
Cisco IOS debug output to specific events. While the primary
goal of problem resolution is to fix the problem, it is also
quite helpful to know when the problem originated so that the
problem can be resolved and avoided in the future. The Network
Time Protocol (NTP) synchronizes timekeeping among a set of
distributed time servers and clients. This synchronization
allows events to be correlated when system logs are created and
other time-specific events occur. For timestamps to be of use,
it is a good idea for all the routers and switches in the
network to derive time from a common network time source.
Configuring time services on routers requires exec and
configuration commands. To configure the time zone properties
on the router, the configuration commands clock
timezone and clock summer-time are used. The
commands ntp server ip-addr and ntp source
interface define the NTP server(s) and the source IP
address of the NTP requests. The internal clock of the router
is set using the EXEC command clock set. To view NTP
peer status information, use the show ntp associations
and show ntp status commands. SNMP
Simple
Network Management Protocol (SNMP) is an application-layer
protocol that facilitates the exchange of management
information between network devices. It is part of the
Transmission Control Protocol/Internet Protocol (TCP/IP)
protocol suite. Although troubleshooting is necessary to
recover from problems, the ultimate goal of the network
administrator is to avoid problems. That is also the goal of
network management software. The network management software
used on TCP/IP networks is based on the Simple Network
Management Protocol (SNMP). SNMP is a client/server protocol.
In SNMP terminology, it is described as a manager/agent
protocol. The agent (the server) runs on the device being
managed, which is called the Managed Network Entity. The agent
monitors the status of the device and reports that status to
the manager. The manager (the client) runs on the Network
Management Station (NMS). The NMS collects information from all
of the different devices that are being managed, consolidates
it, and presents it to the network administrator. This design
places all of the data manipulation tools and most of the human
interaction on the NMS. Concentrating the bulk of the work on
the manager means that the agent software is small and easy to