Network diagnostic software. LAN testing and diagnostics

Murom Institute (branch) of Vladimir State University

Methods for solving problems of design and diagnostics of local computer networks

A.E. Lashin, D.O. Maltsev

Scientific supervisor – V.V. Chekushkin, Professor of the Department of CAD, Doctor of Technical Sciences

A local area network (LAN) is a joint connection of individual computers or workstations through a data transmission channel. The concept of LAN refers to geographically limited implementations in which a certain number of computers are connected to each other using modern and technological means of communication.

A LAN includes: a cable local network, active network equipment and computers for various purposes. Advantages of using a local area network:

The ability to receive and send any information from any computer on the network.

Freely add, delete and move employee workstations within the office/building.

Rapid expansion (modernization) of the equipment system without the cost of a cable network.

When building a LAN, the main task is to effectively design its structure (Fig. 1). Thanks to the correctly chosen local network structure, you can significantly increase the speed and functionality of the system and reduce further costs for its creation and subsequent service.

Rice. 1 – Local area network structure

Let's consider a network in which there is access to the Internet and to any computer connected to the network. Access to the Internet is provided through a router to which a dedicated line is connected, mac addresses are disabled. Router – used to connect networks with different types of software and hardware. Bridge – divides the network into sections, so data passes through the bridge only if it is really necessary, i.e. if the recipient is not on the same segment as the sender. A switch (network hub) differs from a bridge only in that it has a processor for each socket, while a bridge has one processor unit for all sockets. This structure improves productivity. Connector – installed at the ends of a network cable (twisted pair) using a crimping tool, serves as a twisted pair plug.

The network is formed using switches and twisted pair cables, crimped according to the T568A standard. Internet access is provided via a router. The Internet network (dedicated line) is connected to the input of the router, and its output is connected to the input of the splitter. The splitter, in turn, is connected either directly or through other splitters to the computer. Thus, all computers are connected into a single local area network (LAN).

In order for individual computers to appear in a network environment within a LAN, each computer must be configured properly. That is, install the network card driver and set the network connection settings. In this case, you need to disable the mac address, enter the IP address and subnet mask, and if Internet access is required, then enter the gateway address (IP address of the router).

If in such a network, one of the machines, or a group of machines has a problem, then the problem can be determined using the following diagnostic methods:

local network router

1. Initially, you need to check the integrity of the twisted pair line. If a break is detected, it must be repaired;

2. Check the quality of the twisted pair connector contact, both in the network card connector and in the switch connector. Remove the connector from the connector and insert it again until a characteristic click is heard;

3. Check that the entered settings are correct (for example, 2 machines on the LAN cannot have the same IP address). Enter the correct settings for a specific machine;

4. If this is not the problem, then you need to try connecting the network cable to another connector in the switch (it happens that one of the connectors burns out, and not the entire switch). Remove the connector from the connector and attach it to another connector;

5. Check the status of the mac address (it may change when installing some operating systems on the machine). In this case, disable the mac address in the settings;

6. If the problem is not resolved, then you need to reinstall the network card drivers, but then you will have to enter all the settings again. Insert the driver disk and start the driver installation using a standard utility, then enter all the settings for a specific machine;

7. If all of the above does not solve the problem, then you should replace the network card (if possible), after which you will need to install the drivers again and enter all the settings. If the network card is built into the motherboard, then insert the network card into a special connector on the motherboard. If the network card has already been installed, then change it to a known working one. This is an extreme measure, but it is not uncommon for the built-in network card to burn out.

These are the main 7 problems that may arise. But there are cases of absolutely specific problems: for example, very dusty conditions, failure of the router or its power supply, a problem with the 220 V power outlet, etc. Some problems may be completely unusual and require a different solution to the problem (for example, incorrect wiring of connecting wires, in which case you need to correct the incorrectly routed end of the wire).

Before you write “nothing works for me,” try to find out what specifically doesn’t work for you.

If you decide to leave a message on the forum/VKontakte, please note that the message is not considered an official request to the technical support service; contacts for the technical support service are located on the main page of the site.

Please read at least a few thread messages on the last page before writing - it is possible that this problem has already been solved or is already being solved!

Diagnostic commands:

*Executed in a previously opened “command line” window. (Start -> All Programs -> Accessories -> Command Prompt)
For Windows Vista/7: Win+R ===> cmd ===> Enter
For Windows NT/2000/XP/VISTA: "Start" - "Run" - "cmd"
For Windows 95/98: "Start" - "Run" - "command".

Copying text: right-click on this window - “edit” - “select” and “edit” - “copy”.

ipconfig /all
nslookup
ping [host address (for example, ya.ru) ] [-n 20]
pathping [host address]
tracert [host address]

ipconfig /all shows network interface settings.
Everything that is indicated there must be checked with the user manual (if the manual is old, then check it with the data that was issued by technical support). See how to set up a connection on the website.

ping [-t] shows the response time from the specified host. Large delays can indirectly serve as an indicator of a slow resource (loaded channel, weak resource hardware, and similar problems). The [-t] key is used to execute a command before the user interrupts it by pressing "Ctrl+C". By default, without this key, ping will only be executed four times, which is not always enough.

pathping Shows the response time and the number of missing packets along the entire route to the host.

tracert
To graphically display problems, you can download the PingPlotter program from the local network

nslookup
Check DNS operation.

Check algorithm: Error "Network cable is not connected"

1. Check the cable connection in the network card
2. Check the integrity of the cable to the shield.
3. Call Tech. support.

The network cable is connected, but there are no incoming packets.

1. Check the cable connection in the network card (you can remove and insert the cable into the socket).
2. Disable all firewalls (firewalls), if you have them.
3. Ping the gateway (take the address from the connection settings or from the connection information in the control panel).
4. Call Tech. support.

The network cable is connected, there are incoming packets, but you cannot access internal services:

1. Disable all firewalls (firewalls), if you have them.
2. Check the operation of DNS (nslookup).
3. Check connection with these servers (ping)
4. Check connection with central servers. (ping online.vo, ping 192.168.0.250, ping_your_gateway_address)
5. Check your browser settings
5.1. Internet Explorer -> "Tools" menu -> "Internet Options" -> "Connection" -> "Network Settings" -> check if the "use proxy server" checkbox is disabled
6. Call Tech. support.

DNS check:

The nslookup server command should return the IP address of this server. For example, the command "nslookup vo47.ru" should return the address "193.106.108.68"

Diagnostic commands

Whenever you encounter a network problem, the most common solution is to run a diagnostic program to detect and fix errors. However, the most common network problems can be resolved using simple commands such as ping, tracert, ipconfig, etc.

Do you know that?
Team "ipconfig" can be used to find a computer by IP address on both Windows and Linux/Unix machines.

All of the following commands must be entered at the command prompt. To open the command prompt in Windows, do any of the following:

• Start -> All Programs -> Accessories -> Command Prompt.
• Start -> Run and enter the program name cmd.exe
• Press keys Win +R and enter the program name cmd.exe

Anyone with basic knowledge of networking knows about the ipconfig command. This command gives information about the computer's IP address, along with DNS, DHCP, gateway, and subnet mask. The IP address is required to perform further troubleshooting commands. If this command returns a default gateway of 0.0.0.0, then you have a problem with your router. You can try another variation of this command to resolve your network issues. The next extension of this command is the ipconfig/flushdns command. It clears the DNS cache on any unauthorized IP address or technical failure.

Team "ping"

Ping is one of the most important commands used on the web. This command is used to test the connection between the host and the destination. The main advantage of using this command is to find out the problem area on the network. If you ping from any computer on the network, you will get the router status. You will also receive four responses to the ping request. If you do not receive responses, this indicates problems with the network card.

Another advantage of using the ping command is the ability to test your connection to any website/internet. To do this, you need to enter the name of the website after the ping command. If you get responses from the website, then there is virtually no problem. But if you don't get a response, there's a chance that you have a faulty cable, DSL modem, or ISP connection problem. To further narrow down the possibility and find the root cause of the problem, enter ping 4.2.2.1. If you get responses on the command line but still can't access the website, then you have a problem with your DNS configuration.

The tracert command returns the entire path of data that is required to get to the destination. The response will be a list of transit points through which the data passes to get to its destination. If you look closely, you will see that with each point the network changes. This means that each network passes data to another network until it reaches its destination. However, you may see asterisks at some points, these asterisks represent a network that has problems.

Domain Name System (DNS addresses) are basically the root cause of many network problems. These IP addresses are required for the functioning of network devices to connect to the internet or network. If there are problems with these addresses, the functions of the entire network are hampered. The nslookup command returns a list of IP addresses associated with a domain name. If you cannot get any information regarding the IP address, there are problems with DNS.

In the case of networks, a large number of hosts are connected to a single router. This creates a herculean task of verifying the connectivity of each node in case of network problems. However, at the same time, it is important to check whether the connections (TCP, UDP ports) are active or not. The Netstat command returns a list of all computers connected to the router and their status. By knowing this state, you will know the port number (and IP address) of the TCP/UDP connection that is faulty or in a closed or idle state.

The "arp" command is an external command that is used to identify problems related to IP to local network address resolution. The most common problem that can be found in the arp table is when two systems share the same IP address. Two hosts (one of which is definitely the wrong one) are using the same IP address, and the chances of the wrong host responding to the IP in this case are high. This will affect your entire network. You must check the presence of paired local networks and the correctness of the registered IP addresses. To do this, you must make a list of the network addresses of each host. By comparing your list and the "arp" command table, you can easily identify the problematic host.

Laboratory work No. 15

15.1 The purpose of the work is to acquire practical knowledge and skills in
construction of PC software to ensure functionality
nization as part of a local computer network.

15.2 Theoretical foundations.

ping utility

The ping utility tests a network connection by sending ICMP type 8 (echo request) packets, to which the recipient responds with an ICMP type 0 (echo reply) packet. Using this utility, it is convenient to check the existence of a path to a given node and determine the timing characteristics of this path. The ping utility only needs to specify an IP address or DNS name, but there are a number of parameters that allow you to fine-tune its operation. The ping utility displays the result of each request/response on a separate line, and before shutting down it displays statistics: minimum, maximum and average packet transmission time, number and proportion of lost packets. In fact, ping is the workhorse of network connection testing.

The general format for using the utility (as always, the parameters in square brackets are optional): ping [-t] [-a] [-n number] [-l size] [-f] [-i TTL] [-v TOS] [ -r number] [-s number] [[-j Nodelist] | [-k list of Nodes]] [-w timeout] finalName. To receive such a hint, just run ping without parameters; to display the hint in the ping_test.txt file, use ping > ping_test.txt (the same applies to most other utilities).

The "-t" option enables continuous ping until Ctrl+C is pressed. When you press Ctrl+Break, the statistically accumulated information is displayed and the work continues (usually this parameter is used to find out as quickly as possible about the presence of a connection with a given node).

The "-a" parameter requires determining the IP address from the host name (not performed by default).

Option "-n"<число>" allows you to set the number of requests (default is four requests).

Option "-l"<число>" allows you to set the packet size (the default packet size is 64 bytes).

The "-f" parameter allows you to set the "do not fragment" flag in requests. Used in combination with the -1 parameter to detect networks with a small frame size, through which IP packets must be fragmented for transmission.

Option "-i"<число>" sets the packet time to live (TTL); by default, ICMP packets have a time to live of 255.

Option "-r<число>" makes it possible to obtain the route along which the request and response were transmitted (show routing). The numeric parameter can be from 1 to 9 and determines the maximum number of nodes that will be shown in the route.

Option "-w"<число>" allows you to set the timeout for each packet (in milliseconds), the default is 1"000 milliseconds.

tracert utility

The tracert utility makes it possible to trace the route of packets to a given host and obtain timing characteristics for each intermediate router along this path. This utility, like the previously described ping, sends a series of ICMP type 8 packets, but with different TTL values: first, three packets are sent with TTL=1 (the nearest router will respond to these packets with ICMP type 11 packets (transmission timed out), of which its address is extracted), then with TTL=2 (the second router will respond to these packets), and so on until the specified node is reached or the TTL value exceeds the threshold. For each TTL, the utility displays one line with the router address (and, possibly, its domain name - if it was resolved) and three values ​​​​of the time it took to transmit the packet. Formal syntax: tracert [-d] [-h maxNumber] [-j Nodelist] [-w interval] name.

The "-d" parameter allows you to (force) not resolve routers' IP addresses into domain names; this allows you to speed up the operation of the utility by canceling calls to the DNS service.

Option "-h<число>" makes it possible to set the threshold to which the TTL will increase (default - 30).

Option "-w"<число>" allows you to set the timeout for each packet (in milliseconds), default is 1"000 milliseconds.

Pathping utility

The pathping utility actually combines the functionality of the ping and tracert utilities and is executed in two phases: first, like tracert, the route to a given node is collected and displayed (only IP addresses and names) and then, like ping, for some time (the longer the trace was performed , the longer this time will be) statistics are collected on packet transmission times, quantities and relative shares of lost packets for each of the intermediate routers (and not just for a given node, like ping).

Formal syntax: pathping [-g List] [-h Number of hops] [-i Address] [-n] [-p Pause] [-q Number of requests] [-w Timeout] [-P] [-R] [-T] [-4] [-6] node

The most useful result of the second phase of the pathping utility is that it clearly shows which router has problems transmitting packets. For Windows there is a powerful visual (shows the movement of packets on a map of the Planet) router VisualRoute from Visu-alWare ( http://visualware.com).

Agr utility

The agr utility makes it possible to view and change the ARP table, which stores “MMAC address - IP address” pairs for those nodes with which data has recently been exchanged. This table is generated automatically when the network node is running, but the network administrator can make entries into it manually. The formal syntax is arp -s inet_addr eth_addr or ARP -d inet_addr or ARP -a [-N if_addr]. Here if_addr essentially specifies the interface number.

The "-a" parameter allows you to display the entire ARP table on the screen.

Parameter "-a"<1Р-адрес>" requests that a record about a node with a given address be displayed on the screen.

Option "-S"<1Р-адрес> <МАС-адрес>" allows you to add an entry about a host with specified addresses to the ARP table.

Option "-d<1Р-адрес>" serves to remove an entry about a host with a given address from the ARP table.

The "-d *" option clears the ARP table.

hostname utility

The hostname utility simply displays the hostname. Can be used in script files for batch processing.

ipconfig utility

The ipconfig utility displays and configures TCP/IP protocol settings. Without additional parameters, the IP address, subnet mask and default gateway for all network interfaces are displayed. With the "/all" parameter, in addition to the above, the MAC addresses of network interfaces, host name, DNS and WINS server addresses and some other information are displayed. Formal syntax: ipconfig | /renew [adapter] | /flushdns | displaydns /registerdns | /showclassid adapter | /setclassid adapter [set_dhcp_class_code]].

The "/flushdns" option flushes the cache of resolved DNS names.

The "/displaydns" option displays a cache of resolved DNS names on the screen.

The "/release [adapter]" parameter releases the IP address leased via DHCP (Dynamic Host Configuration Protocol) (if an adapter is specified, then only for this adapter, otherwise for all adapters).

The "/renew [adapter]" parameter requests a DHCP lease renewal of the EP address (if an adapter is specified, then only for this adapter, otherwise for all adapters).

The "/registerdns" parameter requests that the DHCP lease of all addresses be renewed and they be re-registered in DNS.

route utility

The route utility displays the route table and allows you to change it. Formal syntax: route [-f] [-p] [command [node]] [gateway] . When using route, the “metric” parameter determines the quality of this route (in hops - the number of intermediate routers, the time it takes for a packet to travel along communication lines, the reliability characteristics of the communication line on this route, etc.) in accordance with the criterion specified in the network packet (i.e. n. class of service).

The "PRINT" command displays the route table: network address; netmask; gateway address; interface; metric, the "ADD" command allows you to add a new route, "DELETE" - delete a route, "CHANGE" - change an (existing) route).

netstat utility

The netstat utility displays current connections, ports, pending connections, and TCP/IP protocol statistics. Without additional parameters, a list of current connections is displayed (protocol: TCP or UDP; local address and port; external address and port; connection status). Formal syntax: netstat [-a] [-e] [-n] [-s] [-p name] [-r] [interval]

The "-a" option additionally displays the ports waiting for connections; listening TCP ports are indicated by the "LISTENING" state, and UDP ports are indicated by the external address

The "-n" option requires all addresses and port numbers to be listed in numeric format, since by default netstat tries to resolve IP addresses and names and replace the port number with its name.

The "-r" parameter displays the route table (network address; netmask; gateway address; interface; metric). Similar information can be obtained using the route utility.

The -e option allows you to get Ethernet statistics.

The "-s" option displays statistics for the TCP, UDP and IP protocols.

Parameter "-e"<протокол>" is used in conjunction with the "-s" option to limit the statistics output to the specified protocol (TCP, UDP or IP).

nbtstat utility

The nbtstat utility displays protocol and current TCP/IP connection statistics when using NetBIOS over TCP/IP technology. Formal syntax: nbtstat [-a Host] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval].

The -c option allows you to view the contents of the resolved name cache.

The "-n" parameter allows you to view a list of local NetBIOS names registered by this computer.

Parameter "-a"<имя удаленного компьютера>" displays the contents of the name table for the remote computer specified by name.

Parameter "-A" " displays the contents of the name table for a remote computer specified by IP address.

The "-r" option allows you to view name resolution statistics.

The "-interval" parameter specifies cyclic output of statistics at a specified interval in seconds (stop output - Ctrl+C).

15.3 Necessary equipment - IBM PC-compatible computer, connected
connected to a computer network using an Ethernet network card.

15.4 Work procedure. Checking the functionality of the network connection using standard Windows utilities. In this case, you should check that at least one DNS server address is specified correctly (recommended, for example, 192.190.241.65) when setting up the network software, otherwise it will be impossible to match the IP address to the specified domain name. Typical tasks are:

View and analyze the settings of the TCP/IP protocol stack using the ipconfig utility.

Testing the network connection using the ping utility (the final address is indicated by the teacher - it could be, for example, the IP address of a local Proxy server, the address of one of the machines on the network, the domain name of some node on the Network, etc.).

Tracing the route of packets to a given node using the tracert utility.

Display and change the MAC and IP address mapping storage table using the arp utility.

View current network connections, ports, TCP/IP statistics using the netstat utility.

Displaying protocol statistics and current TCP/IP connections when using NetBIOS over TCP/IP with the nbtstat utility.

Displaying and changing the route table using the route utility (the teacher can specify changes or additions to routes).

2.5 Preparation of a work report. The report indicates the parameters of the network used (PC type, MAC and IP addresses of the network card, type and number of switch ports, local network topology).

When using the ping, tracert or pathping utilities, it is necessary to note the packet transmission time (usually the average), the number and proportion of lost packets (using this to draw a conclusion about the correct operation of each intermediate router).

When using the netstat utility, it is necessary to record the assignment of TCP and UDP ports to the PC name, local address and their state (parameter "-a"). General exchange statistics can be obtained using the "-e" parameter; using the "-s" parameter, you should record and analyze statistics for all protocols of the TCP/IP stack (including

When using the nbtstat utility, the first step is to view the NetBIOS name tables on the local computer (the "-n" parameter) and then on other computers on the network (the "-a" or "-A" parameters).

When using the route utility (with the PRINT parameter for display), both the list of interfaces and the list of active routes are viewed. Deleting a route is achieved by entering route DELETE node (where node is the IP address of the node being removed from the route), adding - route ADD node MASK mask gateway METRIC metric IF interface (where node is the IP address of the node being added, mask is the mask value, gateway is IP -gateway address, metric - metric value of the added route, interface - network interface number can be omitted, then the most suitable one for the specified gateway is selected).

There may be several main reasons for unsatisfactory network operation: damage to the cable system, defects in active equipment, overload of network resources (communication channel and server), errors in the application software itself. Often some network defects mask others. And in order to reliably determine the reason for unsatisfactory performance, the local network must be subjected to comprehensive diagnostics. Comprehensive diagnostics involves performing the following work (stages).

Detection of defects in the physical layer of the network: cable system, power supply system of active equipment; presence of noise from external sources.

Measuring the current load of the network communication channel and determining the influence of the load value of the communication channel on the response time of the application software.

Measuring the number of collisions in the network and finding out the reasons for their occurrence.

Measuring the number of data transmission errors at the communication channel level and identifying the causes of their occurrence.

Identifying network architecture defects.

Measuring the current server load and determining the impact of its load on the response time of application software.

Identification of application software defects, which result in inefficient use of server and network bandwidth.

We will dwell in more detail on the first four stages of complex diagnostics of a local network, namely, diagnostics of the network link level, since the diagnostic task is most easily solved for a cable system. As already discussed in the second section, the network cable system can only be fully tested with special devices - a cable scanner or tester. AUTOTEST on a cable scanner will allow you to perform a full range of tests to determine whether your network cable system complies with the selected standard. When testing a cable system, I would like to draw attention to two points, especially since they are often forgotten.

The AUTOTEST mode does not allow you to check the noise level created by an external source in the cable. This could be noise from a fluorescent lamp, power wiring, a cell phone, a powerful copy machine, etc. Cable scanners usually have a special function to determine the noise level. Since the network cabling system is fully tested only at the installation stage, and noise in the cable can occur unpredictably, there is no full guarantee that noise will appear during a full-scale network test at the installation stage.

When checking a network with a cable scanner, instead of active equipment, a scanner is connected to the cable at one end, and an injector at the other. After checking the cable, the scanner and injector are turned off, and active equipment is connected: network cards, hubs, switches. However, there is no complete guarantee that the contact between the active equipment and the cable will be as good as between the scanner equipment and the cable. There are often cases when a minor defect in the RJ-45 plug does not appear when testing the cable system with a scanner, but was detected when diagnosing the network with a protocol analyzer.

Diagnostics of network devices (or network components) also has its own subtleties. When carrying it out, various approaches are used. The choice of a particular approach depends on what is chosen as the criterion for good device performance. As a rule, three types of criteria and, therefore, three main approaches can be distinguished.

The first is based on monitoring the current values ​​of parameters characterizing the operation of the device being diagnosed. The criteria for good device performance in this case are the recommendations of its manufacturer, or the so-called de facto industrial standards. The main advantages of this approach are simplicity and convenience in solving the most common, but, as a rule, relatively uncomplicated problems. However, there are cases when even an obvious defect does not appear most of the time, but makes itself felt only in certain, relatively rare operating modes and at unpredictable times. It is very difficult to detect such defects by monitoring only the current parameter values.

The second approach is based on studying the baseline parameters (so-called trends) characterizing the operation of the device being diagnosed. The basic principle of the second approach can be formulated as follows: “a device works well if it works as it always has.” This principle is the basis for proactive network diagnostics, the purpose of which is to prevent the onset of its critical states. The opposite of proactive diagnostics is reactive diagnostics, the goal of which is not to prevent, but to localize and eliminate the defect. Unlike the first, this approach allows you to detect defects that appear not constantly, but from time to time. The disadvantage of the second approach is the assumption that the network initially worked well. But “as always” and “good” do not always mean the same thing.

The third approach is carried out by monitoring integral indicators of the quality of functioning of the device being diagnosed (hereinafter referred to as the integral approach). It should be emphasized that from the point of view of network diagnostic methodology, there is a fundamental difference between the first two approaches, which we will call traditional, and the third, integral. With traditional approaches, we observe individual characteristics of the network and, in order to see it “as a whole,” we must synthesize the results of individual observations. However, we cannot be sure that we will not lose important information during this synthesis. The integral approach, on the contrary, gives us a general picture, which in some cases is not detailed enough. The task of interpreting results with an integral approach is essentially the opposite: by observing the whole, identify where and in what particulars the problem lies.

From the above it follows that the most effective approach is one that combines the functionality of all three approaches described above. It should, on the one hand, be based on integral indicators of the quality of network operation, but, on the other hand, it should be supplemented and specified with data obtained from traditional approaches. It is this combination that allows you to make an accurate diagnosis of a network problem.