ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

FEGTS IP Training - Network Diagnostic Introduction

?Download as PPTX, PDF?
?
Kae Hsu
Kae Hsu

This document provides an agenda and overview for an IP network diagnostic training session. The training will cover network diagnostic concepts, hostname resolution verification using nslookup and dig, network connection verification using ping and traceroute, and application condition verification. It includes examples of using these tools and concepts like ICMP packets, TTL, and troubleshooting network reachability. The goal is for students to understand basic network troubleshooting principles and tools.

1 of 38
Downloaded 34 times
c o m m Ve r Ge ? Hong Kong S O L U T I O N S ? Bangkok FEGTS IP Training ? Beijing 2011/11/11, Taipei ? Brunei ? Kuala Lumpur ? Manila ? San Jose Network Diagnostic ? Seoul Introduction ? Shanghai ? Singapore ? Taipei Kae Hsu Commverge Solutions, Taiwan
Object ? Course Object ¨C By the course, the students could understand basic network troubleshooting concept, principle and relative WWW.COMMVERGE.COM tools ? Course Information ¨C 2.5 hours lecture & hand-on practice ¨C 30 minutes Q & A 2
Agenda ? Network diagnostic concept ? Hostname resolution verification WWW.COMMVERGE.COM ? Network connection verification ? Application condition verification ? Low level traffic investigation ? Friendly tools ? Hands-on practice 3
Network diagnostic concept ? Regular Internet connection concept DNS WWW.COMMVERGE.COM www.abc.com = 203.47.56.180 www.abc.com = ? Client Server 4
Network diagnostic concept ? Regular troubleshooting sequence ¨C Hostname resolution verification ? nslookup & dig WWW.COMMVERGE.COM ¨C Network connection verification ? ping & traceroute ¨C Application condition verification ? telnet 5
Hostname resolution verification ¨C nslookup ? Name/IP address query WWW.COMMVERGE.COM 6
Hostname resolution verification ¨C nslookup ? Mail Exchange (MX) query WWW.COMMVERGE.COM 7
Hostname resolution verification ¨C dig ? Name/IP address query WWW.COMMVERGE.COM 8
Hostname resolution verification ¨C dig ? Mail Exchange (MX) query WWW.COMMVERGE.COM 9
Network connection verification ¨C ping ? Check network connection status ¨C concept WWW.COMMVERGE.COM Are you Are you there? there? Are you Are you ¡°Server¡± is alive there? there? Are you Are you there? there? Client Server I am I am I am here here here I am I am here here I am I am here here 10
Network connection verification ¨C ping ? ICMP packet ¨C ICMP echo-request & echo-reply WWW.COMMVERGE.COM ¨C Identify reachability & round-trip time echo echo request request echo echo ¡°Server¡± is alive request request echo echo request request Client Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 11
Network connection verification ¨C ping ? ICMP identifier & sequence number ¨C match reply & request WWW.COMMVERGE.COM echo echo request request echo echo request request echo echo request request Client Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 12
Network connection verification ¨C ICMP block by network filter WWW.COMMVERGE.COM echo echo request request echo echo request ICMP timeout packet dropped request echo request Client Server 13
Network connection verification ¨C traceroute ? Check packet forwarding path information ¨C concept (in forwarding path) WWW.COMMVERGE.COM ? router will drop packet with TTL=1 ¨C ¡°ICMP time exceeded¡± message sent to source with router inbound interface TTL=1 ICMP TTL=2 TTL=1 ICMP TTL=3 TTL=2 TTL=1 ICMP 14
Network connection verification ¨C concept (arrive destination) ? destination will NOT check TTL status ? different response with different probe packet WWW.COMMVERGE.COM ¨C ICMP echo-request ¨C response ICMP echo-reply ¨C UDP with high destination port ¨C response ICMP port unreachable ? ICMP TTL=4 TTL=3 TTL=2 TTL=1 ICMP echo reply ? UDP TTL=4 TTL=3 TTL=2 TTL=1 ICMP port unreachable 15
Network connection verification ¨C Multiple path in a single traceroute task ? router load-share the traffic by flow information ? identify different flow by WWW.COMMVERGE.COM ¨C different ICMP echo-request identifier ¨C different UDP port number ICMP Time Exceed ICMP TTL=3 Time Exceed ICMP Time Exceed ICMP Time Exceed 16
Application condition verification ? Internet application communication concept ¨C TCP 3 way handshaking WWW.COMMVERGE.COM ? Verify TCP connection first during troubleshooting From "Figure 211: TCP ¡°Three-Way Handshake¡± Connection Establishment Procedure" in TCP/IP Guide 17
Application condition verification ¨C telnet ? To verify the destination site service status ¨C example WWW.COMMVERGE.COM ? A WEB service ? check correct IP information ? check network connection status ? check service response 18
Application condition verification ¨C example WWW.COMMVERGE.COM 19
Low level traffic investigation ? ¡°Sniffer¡± the traffic ¨C TCPDUMP WWW.COMMVERGE.COM 20
Friendly Tools ? WinMTR ¨C Probe target & provide path information together ? Download: http://winmtr.net/download-winmtr/ WWW.COMMVERGE.COM 21
Friendly Tools ? Looking glass ¨C Execute ping/traceroute from different sites WWW.COMMVERGE.COM 22
Friendly Tools ? Looking glass WWW.COMMVERGE.COM 23
Friendly Tools ? Looking glass list WWW.COMMVERGE.COM 24
Friendly Tools ? Wireshark WWW.COMMVERGE.COM 25
Friendly Tools ¨C Wireshark reference guide ? ¡°Wireshark Network Analysis, The Official Wireshark Certified Network Analyst Study Guide¡± by Laura Chappell WWW.COMMVERGE.COM 26
Hands-on practice ? Lab environment WWW.COMMVERGE.COM Sniffer box 192.168.4.X 192.168.2.X 192.168.1.X 192.168.5.X 192.168.7.X 192.168.3.X 192.168.6.X J4350 C3750-1 C3750-2 192.168.7.6 SSID: WL-330gE PWD: 0123456789 .3 .1 .2 192.168.1.0/24 27
Hands-on practice ? Install Wireshark ¨C Download: http://www.wireshark.org/download.html WWW.COMMVERGE.COM 28
Hands-on practice ¨C Use Wireshark to monitor DNS message WWW.COMMVERGE.COM 29
Hands-on practice ¨C Use Wireshark to monitor ICMP message WWW.COMMVERGE.COM 30
Hands-on practice ? ping WWW.COMMVERGE.COM 31
Hands-on practice ? traceroute WWW.COMMVERGE.COM 32
Hands-on practice ? DNS ¨C nslookup ¨C é_ʼ -> WWW.COMMVERGE.COM ˆÌÐÐ -> ¡°cmd¡± 33
Prior Course Q & A Summary ? Is there any troubleshooting skill for SCTP? ¨C Using Tools ? Iperf over SCTP WWW.COMMVERGE.COM ¨C Adapted version of Iperf(version 1.6.5), runs on lksctp ¨C Use iperf with ¨Cz to open SCTP connection to test target ? Windows SCTP library ¨C Bundle some SCTP application for simple test ¨C Useful link ? http://www.sctp.be/ ¨C SCTP research and simulation page ¨C SCTP Software page ¨C SCTP application Software production page ? http://sigtran.org ¨C SCTP Test Tool (stt) ¨C SCTP Performance Test 34
Prior Course Q & A Summary ? How to capture packet by tcpdump from TWO or more NICs at the same time? A. Use ¡°any¡± as ¡°-i¡± parameter on Linux WWW.COMMVERGE.COM a) From tcpdump man page: -I Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match.On Linux systems with 2.2 or later kernels, an interface argument of ``any'' can be used to capture packets from all interfaces. Note that captures on the ``any'' device will not be done in promiscuous mode.If the -D flag is supported, an interface number as printed by that flag can be used as the interface argument. 35
Prior Course Q & A Summary ? How to flush DNS cache manually? ¨C With BIND 9.2.0 or newer ? # rndc flush WWW.COMMVERGE.COM ¨C With older BIND ? Kill BIND process and restart it ? # rndc restart ¨C For detail information, please refer ? ¡°Flushing (Clearing) a Name Server's Cache¡± from ¡°DNS & Bind Cookbook¡± by Cricket Liu, O?Reilly 36
Prior Course Q & A Summary ? How to execute ping by different interface? ¨C Windows platform ? Use ?-S? parameter to identify source IP address WWW.COMMVERGE.COM ¨C Linux ? Use ?-I interface/IP_address? to identify source IP address ¨C IOS ? Enter extended command to identify source IP or interface ? Use ¡°source¡± parameter to identify source IP address (newer) ¨C Junos ? Use ¡°source¡± parameter to identify source IP address 37
Q&A 38 WWW.COMMVERGE.COM

More Related Content

FEGTS IP Training - Network Diagnostic Introduction

  • 1. c o m m Ve r Ge ? Hong Kong S O L U T I O N S ? Bangkok FEGTS IP Training ? Beijing 2011/11/11, Taipei ? Brunei ? Kuala Lumpur ? Manila ? San Jose Network Diagnostic ? Seoul Introduction ? Shanghai ? Singapore ? Taipei Kae Hsu Commverge Solutions, Taiwan
  • 2. Object ? Course Object ¨C By the course, the students could understand basic network troubleshooting concept, principle and relative WWW.COMMVERGE.COM tools ? Course Information ¨C 2.5 hours lecture & hand-on practice ¨C 30 minutes Q & A 2
  • 3. Agenda ? Network diagnostic concept ? Hostname resolution verification WWW.COMMVERGE.COM ? Network connection verification ? Application condition verification ? Low level traffic investigation ? Friendly tools ? Hands-on practice 3
  • 4. Network diagnostic concept ? Regular Internet connection concept DNS WWW.COMMVERGE.COM www.abc.com = 203.47.56.180 www.abc.com = ? Client Server 4
  • 5. Network diagnostic concept ? Regular troubleshooting sequence ¨C Hostname resolution verification ? nslookup & dig WWW.COMMVERGE.COM ¨C Network connection verification ? ping & traceroute ¨C Application condition verification ? telnet 5
  • 6. Hostname resolution verification ¨C nslookup ? Name/IP address query WWW.COMMVERGE.COM 6
  • 7. Hostname resolution verification ¨C nslookup ? Mail Exchange (MX) query WWW.COMMVERGE.COM 7
  • 8. Hostname resolution verification ¨C dig ? Name/IP address query WWW.COMMVERGE.COM 8
  • 9. Hostname resolution verification ¨C dig ? Mail Exchange (MX) query WWW.COMMVERGE.COM 9
  • 10. Network connection verification ¨C ping ? Check network connection status ¨C concept WWW.COMMVERGE.COM Are you Are you there? there? Are you Are you ¡°Server¡± is alive there? there? Are you Are you there? there? Client Server I am I am I am here here here I am I am here here I am I am here here 10
  • 11. Network connection verification ¨C ping ? ICMP packet ¨C ICMP echo-request & echo-reply WWW.COMMVERGE.COM ¨C Identify reachability & round-trip time echo echo request request echo echo ¡°Server¡± is alive request request echo echo request request Client Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 11
  • 12. Network connection verification ¨C ping ? ICMP identifier & sequence number ¨C match reply & request WWW.COMMVERGE.COM echo echo request request echo echo request request echo echo request request Client Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 12
  • 13. Network connection verification ¨C ICMP block by network filter WWW.COMMVERGE.COM echo echo request request echo echo request ICMP timeout packet dropped request echo request Client Server 13
  • 14. Network connection verification ¨C traceroute ? Check packet forwarding path information ¨C concept (in forwarding path) WWW.COMMVERGE.COM ? router will drop packet with TTL=1 ¨C ¡°ICMP time exceeded¡± message sent to source with router inbound interface TTL=1 ICMP TTL=2 TTL=1 ICMP TTL=3 TTL=2 TTL=1 ICMP 14
  • 15. Network connection verification ¨C concept (arrive destination) ? destination will NOT check TTL status ? different response with different probe packet WWW.COMMVERGE.COM ¨C ICMP echo-request ¨C response ICMP echo-reply ¨C UDP with high destination port ¨C response ICMP port unreachable ? ICMP TTL=4 TTL=3 TTL=2 TTL=1 ICMP echo reply ? UDP TTL=4 TTL=3 TTL=2 TTL=1 ICMP port unreachable 15
  • 16. Network connection verification ¨C Multiple path in a single traceroute task ? router load-share the traffic by flow information ? identify different flow by WWW.COMMVERGE.COM ¨C different ICMP echo-request identifier ¨C different UDP port number ICMP Time Exceed ICMP TTL=3 Time Exceed ICMP Time Exceed ICMP Time Exceed 16
  • 17. Application condition verification ? Internet application communication concept ¨C TCP 3 way handshaking WWW.COMMVERGE.COM ? Verify TCP connection first during troubleshooting From "Figure 211: TCP ¡°Three-Way Handshake¡± Connection Establishment Procedure" in TCP/IP Guide 17
  • 18. Application condition verification ¨C telnet ? To verify the destination site service status ¨C example WWW.COMMVERGE.COM ? A WEB service ? check correct IP information ? check network connection status ? check service response 18
  • 19. Application condition verification ¨C example WWW.COMMVERGE.COM 19
  • 20. Low level traffic investigation ? ¡°Sniffer¡± the traffic ¨C TCPDUMP WWW.COMMVERGE.COM 20
  • 21. Friendly Tools ? WinMTR ¨C Probe target & provide path information together ? Download: http://winmtr.net/download-winmtr/ WWW.COMMVERGE.COM 21
  • 22. Friendly Tools ? Looking glass ¨C Execute ping/traceroute from different sites WWW.COMMVERGE.COM 22
  • 23. Friendly Tools ? Looking glass WWW.COMMVERGE.COM 23
  • 24. Friendly Tools ? Looking glass list WWW.COMMVERGE.COM 24
  • 25. Friendly Tools ? Wireshark WWW.COMMVERGE.COM 25
  • 26. Friendly Tools ¨C Wireshark reference guide ? ¡°Wireshark Network Analysis, The Official Wireshark Certified Network Analyst Study Guide¡± by Laura Chappell WWW.COMMVERGE.COM 26
  • 27. Hands-on practice ? Lab environment WWW.COMMVERGE.COM Sniffer box 192.168.4.X 192.168.2.X 192.168.1.X 192.168.5.X 192.168.7.X 192.168.3.X 192.168.6.X J4350 C3750-1 C3750-2 192.168.7.6 SSID: WL-330gE PWD: 0123456789 .3 .1 .2 192.168.1.0/24 27
  • 28. Hands-on practice ? Install Wireshark ¨C Download: http://www.wireshark.org/download.html WWW.COMMVERGE.COM 28
  • 29. Hands-on practice ¨C Use Wireshark to monitor DNS message WWW.COMMVERGE.COM 29
  • 30. Hands-on practice ¨C Use Wireshark to monitor ICMP message WWW.COMMVERGE.COM 30
  • 31. Hands-on practice ? ping WWW.COMMVERGE.COM 31
  • 32. Hands-on practice ? traceroute WWW.COMMVERGE.COM 32
  • 33. Hands-on practice ? DNS ¨C nslookup ¨C é_ʼ -> WWW.COMMVERGE.COM ˆÌÐÐ -> ¡°cmd¡± 33
  • 34. Prior Course Q & A Summary ? Is there any troubleshooting skill for SCTP? ¨C Using Tools ? Iperf over SCTP WWW.COMMVERGE.COM ¨C Adapted version of Iperf(version 1.6.5), runs on lksctp ¨C Use iperf with ¨Cz to open SCTP connection to test target ? Windows SCTP library ¨C Bundle some SCTP application for simple test ¨C Useful link ? http://www.sctp.be/ ¨C SCTP research and simulation page ¨C SCTP Software page ¨C SCTP application Software production page ? http://sigtran.org ¨C SCTP Test Tool (stt) ¨C SCTP Performance Test 34
  • 35. Prior Course Q & A Summary ? How to capture packet by tcpdump from TWO or more NICs at the same time? A. Use ¡°any¡± as ¡°-i¡± parameter on Linux WWW.COMMVERGE.COM a) From tcpdump man page: -I Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match.On Linux systems with 2.2 or later kernels, an interface argument of ``any'' can be used to capture packets from all interfaces. Note that captures on the ``any'' device will not be done in promiscuous mode.If the -D flag is supported, an interface number as printed by that flag can be used as the interface argument. 35
  • 36. Prior Course Q & A Summary ? How to flush DNS cache manually? ¨C With BIND 9.2.0 or newer ? # rndc flush WWW.COMMVERGE.COM ¨C With older BIND ? Kill BIND process and restart it ? # rndc restart ¨C For detail information, please refer ? ¡°Flushing (Clearing) a Name Server's Cache¡± from ¡°DNS & Bind Cookbook¡± by Cricket Liu, O?Reilly 36
  • 37. Prior Course Q & A Summary ? How to execute ping by different interface? ¨C Windows platform ? Use ?-S? parameter to identify source IP address WWW.COMMVERGE.COM ¨C Linux ? Use ?-I interface/IP_address? to identify source IP address ¨C IOS ? Enter extended command to identify source IP or interface ? Use ¡°source¡± parameter to identify source IP address (newer) ¨C Junos ? Use ¡°source¡± parameter to identify source IP address 37
  • 38. Q&A 38 WWW.COMMVERGE.COM