Skip to content
December 3, 2011 / fandypw

Tutorial Trouble Shooting Networking LAN / WAN

Trouble Shooting Networking LAN / WAN.

Without the ability to monitor the network, administrators can only react to problems when they arise, rather than first in order to prevent the problem does not occur. Running and maintaining the function of a network can be a nightmare if you do not know which ones work well and which ones are not. Especially if the network is spread over hundreds of square kilometers, in which some device is almost impossible access, such as a PC placed in a variety of Automatic Telephone Central (STO / Local Exchange), the Central Trunk. (Trunk Exchange) and Site-Site Repeater scattered various cities
LAN-WAN Corporate Intranet

Monitoring Connections

One of the most basic form of the monitoring connection takes place every day on the network. The process of user login to the network will ensure that the connection was working properly or if it is not part of the network will be contacted immediately. However, this is not the best way or efficient in monitoring the existing network. There is a simple program that can be used by administrators to create a list of host IP addresses and periodically ping the address. If there is a connection problem, the program will warn the administrator through the ping output. This is the most ancient and inefficient, but it is still better than not doing anything at all. Another aspect of monitoring this way is that he only told that somewhere between the monitoring station and the target device have communication disorders. Disturbance can be routers, switches, network part is not good, or indeed his host is down. Ping tests only say that the connection is down, but do not know where to run down.

Check out all the hosts on the WAN by using this kind of monitoring requires a lot of resources. If the network has the 3000 host, ping all network devices and host systems resource consuming y
ang is very large. Way more bai

is just pinging multiple hosts, servers, routers, and switches that are important to ensure their connectivity. Ping test will not provide the actual data unless the workstation is always turned on. Again, how such monitoring should be used where there is no other way available.

Traffic Monitoring

Monitoring network traffic is a way of monitoring a much more sophisticated and can see the actual packet traffic and create reports based on network traffic. Programs such as flukes Network Analyzer software is an example of this type. The program not only detects device failure, but also detects if there are components that charge excessive or configuration is less good.
The weakness of this type of program is that they usually only see one segment at a time and if you need data from other segments, the program should be transferred to the segment. This can be overcome by using the agent on the remote network segment. Devices such as switches and routers can create and send traffic statistics. So, how data is collected and organized in one central location so that could be used by the network administrator? The answer is: Simple Network Monitoring Protocol.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is the standard network management in TCP / IP. The idea behind SNMP is how to make the information required for network management can be sent m
enggunakan TCP / IP. The Protocol

allows network administrators to use a dedicated network device associated with the other network devices to gather information from them, and regulate how they operate.

There are two types of SNMP devices. First is the Managed Nodes which is a common node on the network that has been equipped with software so that they can be set using SNMP. They usually are the TCP / IP, they are also sometimes called managed devices. The second is a Network Management Station (NMS) which is a specialized network device that is running certain software in order to regulate the managed nodes. On the network there should be one or more NMS because they are the devices that actually “run” SNMP.

Managed nodes can be any network device that can communicate using TCP / IP, all programmed with SNMP software. SNMP was designed so that normal host can be set, as well as den
gan smart devices such as routers, bridges, hubs, and switches. Devices that “unconventional” can also be arranged along

they are connected to the network TCP / IP: printers, scanners, and others.

Each device in the network management using SNMP running

a software that is generally called a SNMP entity. SNMP entity responsible for implementing all the diverse functions of SNMP. Each entity consists of two main components. SNMP entity component on a device depending on whether the device is managed nodes or network management station.

SNMP entity on the managed nodes consist of SNMP Agent: which is a program which implements the SNMP protocol and allows the managed nodes provide information to the NMS and take orders from him, and SNMP Management Information Base (MIB) that specifies the type of information stored on the nodes that can be collected and used to control the managed nodes. Information sent using SNMP is an object of the MIB.

On larger networks, the NMS can be separated and the computer TCP / IP-powered dedicated to network management. However, it is the software that actually makes a device into the NMS, thus an NMS can not separate hardware. He could serve as NMS and also perform other functions. SNMP entity on the NMS consists of an SNMP Manager: which is a program that implements SNMP so that NMS can collect information from managed nodes and send commands to them, and SNMP Application: which is one or more application that allows network administrators to use SNMP to manage network.

Thus, the overall SNMP consists of a number of NMS associated with the TCP / IP commonly known as managed nodes. SNMP manager on the NMS and the SNMP agent on the managed nodes and implements SNMP enables network management of information transmitted. SNMP applicat
ion runs on NMS and provides interfaces for

administrator, and allows the information gathered from each of the MIB on an SNMP agent.

Remote Monitoring (RMON)

General model that used SNMP is a network management station (NMS) that sends requests to the SNMP agent. SNMP Agent can also communicate by sending trap messages to notify the management station when certain events. This model works well, which is why SNMP become very popular. However, one fundamental problem of the protocol and the model used is that it is oriented on the communication from the SNMP agent that is usually the TCP / IP such as hosts and routers. The amount of information collected by these devices is usually limited, because it is definitely the host and the router has a “real job to do”-that is, doing duty as a host and a router. They can not dedicate themselves to perform network management tasks.

Therefore, in situations where network information is needed more than that collected by the usual devices, administrators often use specialized hardware called a network analyzer, monitor, or probes. They just collect statistics and monitor the event desired by the administrator. Obviously it would be useful if the device can use SNMP to collect information that they can be accepted, and let them issue a trap message when there is something important.

To do that, they invented the Remote Network Monitoring (RMON). RMON is often referred to as a protocol, and you will sometimes see SNMP and RMON referred to as “network management protocol of TCP / IP”. However, RMON was not a separate protocol, it does not do the operational protocol. RMON is actually part of SNMP, and RMON module is only a management information base (MIB) that determines the MIB objects used by the probe. In architecture, RMON MIB module is only one of which became part of the SNMP.

Troubleshooting Methods

Network Troubleshooting is a systematic process that is applied to solve the problem on the network.
Elimination techniques and Divide and Conquer

is the most successful method for network troubleshooting.

Users on the network you call the help desk to inform them that their computers can no longer to the Internet. Help desk filling out the form error report and give it to you, the network support. You call and talk to the user and they said that they did not do anything different than they always did for the Internet. You check the logs and found that computer users have been upgraded overnight. Your first solution is that the computer network driver configuration is definitely wrong. You go to that computer and check the network configuration. Appear to be correct, so you pinging the server. Not connected. The next solution is to check whether the computer cable is connected. You check both ends of the cable and then try to ping the server again.

Next you ping 192.168.9.1, loopback address of the computer. Ping succeeded, so this eliminates the possibility of a problem between the computer, configuring drivers, and NIC cards. You then decide that there may be problems with the server for that network segment. There are other computers connected to the network at the next table, then you are pinging the server address and the results were successful. This eliminates the server, backbone and server connections to the backbone as a problem.

You then go to the IDF (intermediate distribution facilities) and move the workstation port, back to the workstation and try to ping the server again. However, the solution does not work. This expands your search to wiring or patch cables
workstations. You return to the IDF, return the cable to the port of origin, looking for new worksation patch cable and back to worksation. Replace the cable workstations, and tried to ping the server again. This time it worked, then you already fix the problem. The final step is to document the problem solution.

Divide and Conquer

Suppose you have two networks that work well, but when both are connected to the network fails. The first step is to re-divide the network into two separate jarigan and verify that they still operate properly when separated. If yes, move all the network segment to another. Check to see if it still works properly.

If the network is still functioning, enter each segment until the entire net
the failure. Eliminate the last connection

added and see if the whole network returned to normal operation. If so, disconnect all devices from these segments and insert them one by one, then check it again when the network fails. At the time you find a suspicious device, disconnect and check whether the network back to normal. If the network is still functioning normally, it means that you have found the device that caused the problem.

Now you can analyze your utility to find out why he could cause the entire network to crash. If there is not anything wrong, such devices may be connected with devices with problems on the network side. To find the other end of the problem, you must repeat the process carried out previously.

The process is as follows: first connect the device that caused the network fails. Then disconnect all the other segments on the network. Verify that the network back in operation. If the network is functioning again, re-enter the segment until the entire network fails. Remove the last segment that is inserted before the failure and see if the whole network returned to normal operation. If so, disconnect all devices from these segments and insert them one by one, check back to see when the network fails. When you find a suspicious device, remove and check whether the network back to normal.

If the network is still functioning normally, it means you have found the cause of the problem. Now you can analyze your utility to find out why he could cause the entire network to crash. If nothing is wrong, compare the two hosts find out the cause of their conflict. By solving this conflict, you will be able to connect the two devices into the network and will function normally.

Software Tool

Together with the process described earlier, there are software tools for network administrators can use to resolve network connectivity problems. This tool can help

Local Area Network troubleshooting, but especially on the Wide Area Network. We will see the commands available on most client software. This command includes Ping, Tracert (traceroute), Telnet, Netstat, ARP, and Ipconfig (winipcfg)

Ping
Verifying connection to another computer by sending Internet Control Message Protocol messages (ICMP) Echo Request. Receipt of the Echo Reply message is displayed, along with round-trip time. Ping is the primary command TCP / IP is used to troubleshoot connectivity, coverage, and name resolution. Ping syntax is: ping [-t] [-a] [-n Count] [-l Size] [-f] [-i TTL] [-v TOS] [-r Count] [-s Count] [{- hostlist j |-k} hostlist] [-wTimeout] [TargetName].

Tracert (Traceroute)
Shows the route through which the packet to reach its destination. This is done by sending Internet Control Message Protocol (ICMP) Echo Request to the destination with Time to Live values ​​are increasing. The route shown is a list of router interfaces (closest to the host) contained in the path between the host and
the purpose. Syntax is the tracert: tracert [-d] [-h MaximumHops] [-j hostlist] [-wTimeout] [TargetName].

Telnet
Telnet Client and Telnet Server work together so that users can communicate with remote computers. Telnet Client allows the user to contact the remote computer and interact with your computer through a terminal window. Telnet Client Telnet Server allows users to log into the computer running Telnet Server and run the application on that computer. Telnet Server serves as the gateway to use Telnet client to communicate. Suitable for testing telnet login to a remote host. Syntax telnet is: telnet [\ \ RemoteServer].

Netstat
Displays active TCP connections, ports listen to the computer, Ethernet statistics, the IP routing table, IPv4 statistics (protocols IP, ICMP, TCP, and UDP), and IPv6 statistics (protocol IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6) . S

t [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval].

ARP
View and change the entries in the cache Address Resolution Protocol (ARP), which contains one or more tables used to store the IP addresses and physical addresses of Ethernet and Token Ring IP address in question. Each card is an Ethernet or Token Ring network is installed on your computer has a separate table. Arp syntax is: arp [-a [InetAddr] [-NIfaceAddr]] [-g [InetAddr] [-N
IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]].

Ipconfig (winipcfg)
Showing all network configuration TCP / IP settings and renew Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all network cards. Ipconfig is a commandline equivalent to the winipcfg MilleniumEdition contained in Windows, Windows 98 and Windows 95. Although Windows XP does not include an equivalent graphical utility winipcfg, you can use Network Connections to view and update the IP address. Syntax ipconfig is: ipconfig [/ all] [/ renew [Adapter]] [/ release [Adapter]] [/ flushdns] [/ displaydns] [/ registerdns] [/ showclassid Adapter] [/ setclassid adapter [classid]].

TOOL SNMP

Many network management tool that uses SNMP to gather information and network statistics. Some of them are:

  • SNMP Graph-Collect data and create graphs in real-time.
  • SNMP SNMP Sweep-Do a search in a short time on each network segment.
  •  IP Network Browser-Conduct a comprehensive search of various data networks.
  • SNMP Brute Force Attack-Attack an IP address with SNMP queries to try and know the community string  read-onlyandreadwrite.
  •  SNMP Dictionary Attack-Use dictionary hackers to attack network devices.
  • Network Sonar-Perform a search network and stores the result indatabase.

TIPS
Network Troubleshooting
1. Identification of network problems / user.
2. Collect data about the network / user.
3. Analysis of the data to find solutions to problems.
4. Impementasi solutions to improve the system.
5. If the problem is not resolved, undo changes and modifications to previous data.
6. Return to step 3.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: