0
c o m m Ve r Ge                                       • Hong Kong       S   O   L   U   T   I   O   N   S                 ...
Object Course Object   – By the course, the students could understand basic     network troubleshooting concept, principl...
Agenda Network diagnostic concept Hostname resolution verification                                           WWW.COMMVER...
Network diagnostic concept          Regular Internet connection concept                               DNS                ...
Network diagnostic concept Regular troubleshooting sequence   – Hostname resolution verification      • nslookup & dig   ...
Hostname resolution verification  – nslookup     • Name/IP address query                                       WWW.COMMVER...
Hostname resolution verification  – nslookup     • Mail Exchange (MX) query                                       WWW.COMM...
Hostname resolution verification  – dig     • Name/IP address query                                       WWW.COMMVERGE.CO...
Hostname resolution verification  – dig     • Mail Exchange (MX) query                                       WWW.COMMVERGE...
Network connection verification             – ping                     • Check network connection status             – con...
Network connection verification              – ping                     • ICMP packet                             – ICMP e...
Network connection verification             – ping                    • ICMP identifier & sequence number                 ...
Network connection verification            – ICMP block by network filter                                                 ...
Network connection verification  – traceroute     • Check packet forwarding path information  – concept (in forwarding pat...
Network connection verification  – concept (arrive destination)     • destination will NOT check TTL status     • differen...
Network connection verification  – Multiple path in a single traceroute task          • router load-share the traffic by f...
Application condition verification Internet application communication concept   – TCP 3 way handshaking                  ...
Application condition verification  – telnet     • To verify the destination site service status  – example               ...
Application condition verification  – example                                          WWW.COMMVERGE.COM                  ...
Low level traffic investigation “Sniffer” the traffic    – TCPDUMP                                       WWW.COMMVERGE.CO...
Friendly Tools WinMTR  – Probe target & provide path information together     • Download: http://winmtr.net/download-winm...
Friendly Tools Looking glass   – Execute ping/traceroute from different sites                                            ...
Friendly Tools Looking glass                       WWW.COMMVERGE.COM                  23
Friendly Tools Looking glass list                            WWW.COMMVERGE.COM                       24
Friendly Tools Wireshark                      WWW.COMMVERGE.COM                 25
Friendly Tools  – Wireshark reference guide     • “Wireshark Network Analysis, The Official Wireshark Certified       Netw...
Hands-on practice      Lab environment                                                                                   ...
Hands-on practice Install Wireshark   – Download: http://www.wireshark.org/download.html                                 ...
Hands-on practice  – Use Wireshark to monitor DNS message                                                WWW.COMMVERGE.COM...
Hands-on practice  – Use Wireshark to monitor ICMP message                                                 WWW.COMMVERGE.C...
Hands-on practice ping                         WWW.COMMVERGE.COM                    31
Hands-on practice traceroute                         WWW.COMMVERGE.COM                    32
Hands-on practice DNS –  nslookup   – 開始 ->                         WWW.COMMVERGE.COM     執行 ->     “cmd”                ...
Prior Course Q & A Summary Is there any troubleshooting skill for SCTP?   – Using Tools      • Iperf over SCTP           ...
Prior Course Q & A Summary How to capture packet by tcpdump from TWO or more  NICs at the same time?   A. Use “any” as “-...
Prior Course Q & A Summary How to flush DNS cache manually?   – With BIND 9.2.0 or newer      • # rndc flush             ...
Prior Course Q & A Summary How to execute ping by different interface?   – Windows platform      • Use „-S‟ parameter to ...
Q&A38     WWW.COMMVERGE.COM
Upcoming SlideShare
Loading in...5
×

FEGTS IP Training - Network Diagnostic Introduction

446

Published on

FEGTS IP training material for 2011/10/28, 2011/11/4 and 2011/11/11

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
446
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "FEGTS IP Training - Network Diagnostic Introduction"

  1. 1. c o m m Ve r Ge • Hong Kong S O L U T I O N S • Bangkok FEGTS IP Training • Beijing 2011/11/11, Taipei • Brunei • Kuala Lumpur • Manila • San Jose Network Diagnostic • Seoul Introduction • Shanghai • Singapore • TaipeiKae HsuCommverge Solutions, Taiwan
  2. 2. Object Course Object – By the course, the students could understand basic network troubleshooting concept, principle and relative WWW.COMMVERGE.COM tools Course Information – 2.5 hours lecture & hand-on practice – 30 minutes Q & A 2
  3. 3. Agenda Network diagnostic concept Hostname resolution verification WWW.COMMVERGE.COM Network connection verification Application condition verification Low level traffic investigation Friendly tools Hands-on practice 3
  4. 4. Network diagnostic concept  Regular Internet connection concept DNS WWW.COMMVERGE.COM www.abc.com = 203.47.56.180 www.abc.com = ?Client Server 4
  5. 5. Network diagnostic concept Regular troubleshooting sequence – Hostname resolution verification • nslookup & dig WWW.COMMVERGE.COM – Network connection verification • ping & traceroute – Application condition verification • telnet 5
  6. 6. Hostname resolution verification – nslookup • Name/IP address query WWW.COMMVERGE.COM 6
  7. 7. Hostname resolution verification – nslookup • Mail Exchange (MX) query WWW.COMMVERGE.COM 7
  8. 8. Hostname resolution verification – dig • Name/IP address query WWW.COMMVERGE.COM 8
  9. 9. Hostname resolution verification – dig • Mail Exchange (MX) query WWW.COMMVERGE.COM 9
  10. 10. Network connection verification – ping • Check network connection status – concept WWW.COMMVERGE.COM Are you Are you there? there? Are you Are you“Server” is alive there? there? Are you Are you there? there?Client Server I am I am I am here here here I am I am here here I am I am here here 10
  11. 11. Network connection verification – ping • ICMP packet – ICMP echo-request & echo-reply WWW.COMMVERGE.COM – Identify reachability & round-trip time echo echo request request echo echo“Server” is alive request request echo echo request requestClient Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 11
  12. 12. Network connection verification – ping • ICMP identifier & sequence number – match reply & request WWW.COMMVERGE.COM echo echo request request echo echo request request echo echo request requestClient Server echo echo echo reply reply reply echo echo reply reply echo echo reply reply 12
  13. 13. Network connection verification – ICMP block by network filter WWW.COMMVERGE.COM echo echo request request echo echo request ICMP timeout packet dropped request echo requestClient Server 13
  14. 14. Network connection verification – traceroute • Check packet forwarding path information – concept (in forwarding path) WWW.COMMVERGE.COM • router will drop packet with TTL=1 – “ICMP time exceeded” message sent to source with router inbound interface TTL=1 ICMP TTL=2 TTL=1 ICMP TTL=3 TTL=2 TTL=1 ICMP 14
  15. 15. Network connection verification – concept (arrive destination) • destination will NOT check TTL status • different response with different probe packet WWW.COMMVERGE.COM – ICMP echo-request – response ICMP echo-reply – UDP with high destination port – response ICMP port unreachable • ICMP TTL=4 TTL=3 TTL=2 TTL=1 ICMP echo reply • UDP TTL=4 TTL=3 TTL=2 TTL=1 ICMP port unreachable 15
  16. 16. Network connection verification – Multiple path in a single traceroute task • router load-share the traffic by flow information • identify different flow by WWW.COMMVERGE.COM – different ICMP echo-request identifier – different UDP port number ICMP Time Exceed ICMP TTL=3 Time Exceed ICMP Time Exceed ICMP Time Exceed 16
  17. 17. Application condition verification Internet application communication concept – TCP 3 way handshaking WWW.COMMVERGE.COM • Verify TCP connection first during troubleshooting From "Figure 211: TCP “Three-Way Handshake” Connection Establishment Procedure" in TCP/IP Guide 17
  18. 18. Application condition verification – telnet • To verify the destination site service status – example WWW.COMMVERGE.COM • A WEB service • check correct IP information • check network connection status • check service response 18
  19. 19. Application condition verification – example WWW.COMMVERGE.COM 19
  20. 20. Low level traffic investigation “Sniffer” the traffic – TCPDUMP WWW.COMMVERGE.COM 20
  21. 21. Friendly Tools WinMTR – Probe target & provide path information together • Download: http://winmtr.net/download-winmtr/ WWW.COMMVERGE.COM 21
  22. 22. Friendly Tools Looking glass – Execute ping/traceroute from different sites WWW.COMMVERGE.COM 22
  23. 23. Friendly Tools Looking glass WWW.COMMVERGE.COM 23
  24. 24. Friendly Tools Looking glass list WWW.COMMVERGE.COM 24
  25. 25. Friendly Tools Wireshark WWW.COMMVERGE.COM 25
  26. 26. Friendly Tools – Wireshark reference guide • “Wireshark Network Analysis, The Official Wireshark Certified Network Analyst Study Guide” by Laura Chappell WWW.COMMVERGE.COM 26
  27. 27. Hands-on practice  Lab environment WWW.COMMVERGE.COM Sniffer box 192.168.4.X 192.168.2.X 192.168.1.X 192.168.5.X 192.168.7.X 192.168.3.X 192.168.6.X J4350 C3750-1 C3750-2 192.168.7.6SSID: WL-330gEPWD: 0123456789 .3 .1 .2192.168.1.0/24 27
  28. 28. Hands-on practice Install Wireshark – Download: http://www.wireshark.org/download.html WWW.COMMVERGE.COM 28
  29. 29. Hands-on practice – Use Wireshark to monitor DNS message WWW.COMMVERGE.COM 29
  30. 30. Hands-on practice – Use Wireshark to monitor ICMP message WWW.COMMVERGE.COM 30
  31. 31. Hands-on practice ping WWW.COMMVERGE.COM 31
  32. 32. Hands-on practice traceroute WWW.COMMVERGE.COM 32
  33. 33. Hands-on practice DNS – nslookup – 開始 -> WWW.COMMVERGE.COM 執行 -> “cmd” 33
  34. 34. Prior Course Q & A Summary Is there any troubleshooting skill for SCTP? – Using Tools • Iperf over SCTP WWW.COMMVERGE.COM – Adapted version of Iperf(version 1.6.5), runs on lksctp – Use iperf with –z to open SCTP connection to test target • Windows SCTP library – Bundle some SCTP application for simple test – Useful link • http://www.sctp.be/ – SCTP research and simulation page – SCTP Software page – SCTP application Software production page • http://sigtran.org – SCTP Test Tool (stt) – SCTP Performance Test 34
  35. 35. Prior Course Q & A Summary How to capture packet by tcpdump from TWO or more NICs at the same time? A. Use “any” as “-i” parameter on Linux WWW.COMMVERGE.COM a) From tcpdump man page: -I Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match.On Linux systems with 2.2 or later kernels, an interface argument of ``any can be used to capture packets from all interfaces. Note that captures on the ``any device will not be done in promiscuous mode.If the -D flag is supported, an interface number as printed by that flag can be used as the interface argument. 35
  36. 36. Prior Course Q & A Summary How to flush DNS cache manually? – With BIND 9.2.0 or newer • # rndc flush WWW.COMMVERGE.COM – With older BIND • Kill BIND process and restart it • # rndc restart – For detail information, please refer • “Flushing (Clearing) a Name Servers Cache” from “DNS & Bind Cookbook” by Cricket Liu, O‟Reilly 36
  37. 37. Prior Course Q & A Summary How to execute ping by different interface? – Windows platform • Use „-S‟ parameter to identify source IP address WWW.COMMVERGE.COM – Linux • Use „-I interface/IP_address‟ to identify source IP address – IOS • Enter extended command to identify source IP or interface • Use “source” parameter to identify source IP address (newer) – Junos • Use “source” parameter to identify source IP address 37
  38. 38. Q&A38 WWW.COMMVERGE.COM
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×