Checking the local network in various modes of use. Checking and testing the local network. Help for vendors and consultants - these people's services are usually quite expensive, if they need to know any details of the network infrastructure, then

Before we begin to describe the methodology for identifying “hidden defects,” we would like to define the terms: what, in fact, is meant by a local network, diagnostics local network and which network should be considered “good”.

Very often, diagnostics of a local network means testing only its cable system. This is not entirely true. The cable system is one of the most important components of a local network, but it is far from the only one and not the most difficult from a diagnostic point of view. In addition to the condition of the cable system, the quality of network operation is significantly influenced by the condition of the active equipment (network cards, hubs, switches), the quality of the server equipment and the settings of the network operating system. In addition, the functioning of the network significantly depends on the operating algorithms of the application software used in it.

By the term “local network” we will understand the entire complex of the above hardware and software; and the term “local network diagnostics” is the process of determining the reasons for the unsatisfactory operation of application software on the network. It is the quality of application software on the network that is decisive from the point of view of users. All other criteria, such as the number of data transmission errors, the degree of congestion of network resources, equipment performance, etc., are secondary. A “good network” is one whose users do not notice how it works.

There can be several main reasons for the unsatisfactory operation of application software on a network: damage to the cable system, defects in active equipment, overload of network resources (communication channel and server), errors in the application software itself. Often some network defects mask others. Thus, in order to reliably determine the reason for the unsatisfactory operation of the application software, the local network must be subjected to comprehensive diagnostics. Complex diagnostics involves performing next works(stages).

Defect detection physical level networks: cable system, power supply systems for active equipment;

Measuring the current load of the network communication channel and determining the influence of the load value of the communication channel on the response time of the application software.

Measuring the number of collisions in the network and finding out the reasons for their occurrence.

Measuring the number of data transmission errors at the communication channel level and identifying the causes of their occurrence.

Identification of network architecture defects.

Measuring the current server load and determining the impact of its load on the response time of application software.

Identification of application software defects, which result in inefficient use of server and network bandwidth.

In this article, we will consider the first four stages of complex diagnostics of a local network, namely: diagnostics of the network link level.

We will not describe in detail the methodology for testing a network cable system. Despite the importance of this problem, its solution is trivial and unambiguous: a fully-fledged cable system can only be tested with a special device - a cable scanner. There is no other way. There is no point in going through the labor-intensive procedure of identifying network defects if they can be localized with one press of the AUTOTEST key on the cable scanner. In this case, the device will perform a full range of tests to ensure that the network cable system complies with the selected standard.

I would like to draw your attention to two points, especially since they are often forgotten when testing a network cable system using a scanner.

The AUTOTEST mode does not allow you to check the noise level created by an external source in the cable. It could be noise from fluorescent lamp, power wiring, cell phone, powerful copy machine, etc. To determine the noise level, cable scanners usually have a special function. Since the network cabling system is fully tested only at the installation stage, and noise in the cable can occur unpredictably, there is no full guarantee that noise will appear during a full-scale network test at the installation stage.

When checking a network with a cable scanner, instead of active equipment, a scanner is connected to the cable at one end, and an injector at the other. After checking the cable, the scanner and injector are turned off, and the active equipment is connected: network cards, hubs, switches. However, there is no complete guarantee that the contact between the active equipment and the cable will be as good as between the scanner equipment and the cable. We have repeatedly encountered cases where a minor defect in the RJ-45 plug did not appear when testing the cable system with a scanner, but was detected when diagnosing the network with a protocol analyzer.

Within the framework of the proposed methodology, we will not consider the now textbook method of proactive network diagnostics (see sidebar “Methodology of proactive network diagnostics”). Without questioning the importance of proactive diagnostics, we only note that in practice it is rarely used. Most often (although this is incorrect), the network is analyzed only during periods of its unsatisfactory performance. In such cases, existing network defects need to be localized and corrected quickly. The technique we propose should be considered as a special case of the proactive network diagnostics technique.

This article is especially for those who understand what an IP address, DNS and the main network gateway are, and are also familiar with the terms provider, network card, etc. An overview of these terms may be published separately.

Since the article is written for a large audience from a simple Windows user to a novice UNIX administrator or MacOS user, I decided to highlight 2 parts. In the first part of the article I will talk about detection and elimination methods network errors means operating system Windows, in the second part - using UNIX-like operating systems, such as Linux, FreeBSD, MacOS. And so, the Internet does not work for you, unlike your colleagues, neighbors, wife, who work through the same router/server, etc. What to do?

Diagnostics and elimination of network errors using standard Windows OS tools

First we need a working tool. I repeat, none third party programs We will not install, we will only use what is included in the OS. So, let's launch the Command Line. For those who don't know, this is a black window with white letters. It is located in the Start menu->All Programs->Accessories->Command Prompt. You can also quickly call it by searching in Windows7/Windows8 using the phrase cmd or Start->Run->cmd in WindowsXP.

A blinking cursor tells us that the program is ready to enter commands. We will enter all these commands without paying attention to what is written before this cursor.

Step 1: check the condition of the equipment and the presence of a connection (cable)

The ipconfig command is responsible for all this. Type ipconfig /all and press Enter. We will recruit the rest of the teams in the same way. Please note that the ipconfig command itself is launched with the all parameter, which must be separated by a space and a forward slash /. After responding to the ipconfig command, the system presented us with several screens of information that we have to delve into in order to correctly diagnose and fix the network problem.

As you can see in the screenshot, the system has returned the settings for each network adapter. If you only have the phrase Setting up the IP protocol for Windows , this means that no network adapters are detected in the system at all: here the possible options are hardware failure, lack of drivers, or hardware shutdown, for example, a button on a laptop that turns off wireless networks.

Since I have a laptop, several available network adapters were detected. I will especially highlight

If, for example, in my case, it applies to a dedicated wired network in the line Environment state the phrase appears Transmission medium not available This means there is an unconnected or damaged cable/socket/switch port, etc. If there is a physical connection, as for example in my Wi-Fi network, the main settings will be displayed (we will consider only a few of them):

Description: This typically indicates the system-defined network adapter ( virtual adapters, such as Microsoft Virtual, etc. does not make sense to consider at all, we need only physical ones);
DHCP enabled: an important parameter that indicates how the address was obtained: automatically via DHCP (there will be a value Yes) or set manually (the value will be No);
IPv4 address: The IP address in the TCP/IP network is one of the three most important parameters that we will need in the future;
Subnet mask: Another important parameter;
Main gate: 3rd important parameter – the address of the provider’s router/gateway, as a rule, coincides with the DHCP server if the settings are received automatically;
DNS servers: Addresses of servers that resolve hostnames to IP addresses.

Step2: check that the IP address is correct

If your settings are received automatically (DHCP option is enabled - Yes), but the parameter is not filled in Main gate And DNS servers, the DHCP service is not working on the router or server. In this case, you need to make sure that the router is turned on (maybe try rebooting it), in the case of the server, that the DHCP service is running and assigning addresses.

After rebooting the router, you need to update the settings. To do this, you can restart your computer or simply run 2 commands:

ipconfig /release – to reset all automatic settings
ipconfig /renew – to get automatic settings

As a result of both commands, we will get output similar to the output of the ipconfig /all command. Our task is to ensure that the IPv4 address, Subnet Mask, Default Gateway, and DNS servers are filled in. If the settings are assigned manually, make sure that the IPv4 address, Subnet mask, Default gateway, and DNS servers are filled in. When home internet these settings may be specified in the agreement with the provider.

Step 3: check the availability of your equipment and the provider’s equipment

After all the settings have been received, it is necessary to check the functionality of the equipment. By the way, the entire network is a chain of gateways. The first one is the one Main gate , which the ipconfig command gave us, the next one is the gateway, which is the main one for the provider, and so on until we reach the desired node on the Internet.

And so, to check network devices in Windows, use ping command and in order to correctly diagnose a problem in the network, you need to ping the following addresses in the sequence:

Your computer (IPv4 address). The presence of a response indicates that the network card is working;
A router or server that acts as an Internet gateway (Primary Gateway). The presence of a response indicates that the computer is correctly configured to work in the local network and the gateway is accessible; the absence of a response indicates either incorrect settings or a non-functioning router/server.
Your IP is with the provider (usually specified in the agreement with the provider - settings, IP address). The presence of a response indicates the correct configuration of your computer, router/server; the absence of a response indicates either an incorrect router configuration or an inaccessible provider gateway/problems on the provider’s side.
DNS (DNS servers). The presence of a response indicates correct operation network protocol - if the Internet does not work in this case, most likely the problem is in the operating system itself, virus infection, software blocking, both on the part of the provider and the computer/gateway itself.
The IP address of any working host on the network, for example, I use the Google DNS server - 8.8.8.8. The response indicates correct operation network equipment both on your part and on the part of the provider. The lack of response indicates errors, which are additionally diagnosed by tracing.
URL of any site, for example yandex.ru. The lack of response may indicate that the address recognition service is not working if the URL could not be converted to an IP address. This is most likely a problem with the DNS client service, which is disabled in Windows on your PC, or is not working correctly.

For this example, the following commands will be executed.

If the test is positive, the number of packets sent and received will be displayed, as well as the time it took for the packet to reach the network node.

Typical errors look like this.

Step 4: Trace Testing

You can also get the overall picture if you use tracing. The essence of the test is that the packet passes through all gateways from the computer being tested to the network node. The network node can be a provider's gateway, a server, or simply a site url.

To run, you need to use the tracert command. In the example, I will test the site yandex.ru:

The first step resolves the host to an IP address, which indicates that DNS services are working correctly and the network is configured correctly. Next, in order, the packet passes through all network gateways until its destination:

1-Main gateway
2.3-Provider gateways (can be 1 or several)
4.6-Intermediate gateways
5-One of the gateways is not accessible
7-The website we need is yandex.ru

Diagnosing a network fault in this test helps determine which node has a fault. So, for example, if the packet does not go further than the 1st line (Main gateway), then there is a problem with the router or restrictions on the provider’s side. 2nd line – problem on the provider’s side, etc.

Step 5: Testing Individual Protocols

If all of the above tests are successfully passed, we can confirm that the network is properly configured and the provider is operating. However, even in this case, some client programs may not work correctly, for example Email or browser.

This may be due to problems on the computer itself (for example, virus infection or incorrect settings the program or its inability to work at all), and with restrictive measures applied by the provider (blocking port 25 for sending mail).

The telnet program is used to diagnose these problems. By default, in Windows 7 and higher, this component is not installed. To install, you need to go to Start-Control Panel->Programs (Programs and Features, Add or Remove Programs depending on the OS version), go to Turn Windows components on and off (this requires administrator rights) and check the box next to Telnet Client, click OK.

Now we can start testing the network ports. For example, let's check the functionality of the mail protocol.

I have a corporate Mailbox, which is hosted by RU-CENTER. Server address: mail.nic.ru, messages stopped arriving via the POP3 protocol, so port 110 (I took the server address and port number from Outlook settings). Thus, in order to check whether my computer has access to the mail.nic.ru server on port 110 on the command line, I will write:

telnet mail.nic.ru 110

Next, the server gave me the status of my request +OK, which indicates the correct operation of both the network in general and the postal service in particular, and the mail client is most likely to blame for non-working mail.

After making sure of this, I type the command quit, to which the server answered me again +OK and thereby ended the telnet command session.

Thus, using standard Windows operating system tools, we can diagnose and fix the network problem. In the next part of the article, I will talk about standard diagnostic tools in UNIX-like operating systems, such as Linux, FreeBSD and MacOS.

The tools used to diagnose and monitor CS can be divided into several large classes:

- Network Management Systems- centralized software systems built in accordance with the TMN model, which collect data on the state of nodes and communication devices networks, as well as data on traffic circulating on the network. These systems not only monitor and analyze the network, but also perform network management actions in automatic or semi-automatic mode - enabling and disabling device ports, changing bridge parameters, address tables of bridges, switches and routers, etc. Examples of control systems include the popular HP OpenView, Sun NetManager, IBM NetView, and Tivoli systems. In accordance with ISO recommendations, the following functions of network management systems can be distinguished:

Network configuration and naming management - consists of configuring network components, including their location, network addresses and identifiers, managing network operating system parameters, maintaining the network diagram. These functions are also used to name objects.

Error handling - identifying, determining and eliminating the consequences of failures and failures in the network.

Performance analysis - helps, based on accumulated statistical information, to evaluate the system response time and the amount of traffic, as well as plan network development.

Security management - includes access control and maintaining data integrity. The functions include an authentication procedure, privilege checks, support for encryption keys, and authority management. This group also includes important mechanisms for managing passwords, external access, and connections to other networks.

Network accounting - includes registration and management of used resources and devices. This function operates on such concepts as usage time and resource fees.

- System Management Tools) - often perform functions similar to those of control systems, but in relation to other objects. In the first case, the control object is the software and hardware of network computers, and in the second - communication equipment. The main functions of the controls are listed below:

Accounting for used hardware and software. The system automatically collects information about scanned computers and creates database entries about hardware and software resources. The administrator can then quickly figure out what he has and where it is located. For example, find out which computers need to update printer drivers, which PCs have enough memory and disk space, etc.

Software distribution and installation. Once the survey is completed, the administrator can create software distribution packages - a very effective way to reduce the cost of such a procedure. The system may also allow centralized installation and administration of applications that run from file servers, and also enable end users to run such applications from any workstation networks.

Remote analysis of performance and emerging problems. The administrator can remotely control the mouse, keyboard and see the screen of any PC running on the network running one or another network operating system. The management system database typically stores detailed configuration information about all computers on the network so that problems can be analyzed remotely.

Examples of system management tools include products such as System Management Server Microsoft or LANDeskManager from Intel, and typical representatives of network management tools are HPOpenView, SunNetManager and IBMNetView systems.

- Embedded systems - These systems are implemented in the form of software and hardware modules installed in communication equipment, as well as in the form of software modules built into operating systems. They perform the diagnostic and control functions of only one device, and this is their main difference from centralized control systems. An example of tools of this class is the Distributed 5000 hub management module, which implements the functions of auto-segmentation of ports when faults are detected, assigning ports to internal segments of the hub, and some others. As a rule, built-in management modules double as SNMP agents that supply device status data to management systems.

- Protocol analyzers- They are software or hardware-software systems that, unlike management systems, are limited to the functions of monitoring and analyzing traffic in networks, including wireless ones. There are a number of evaluation criteria for protocol analyzers:

− Ability to decode network protocols and support physical interfaces.

− Quality of the software interface (capture buffer, filters, switches, post-filter search, range of statistical data).

− Availability of multi-channel.

− Traffic generation.

− Possibility of integration with PC.

− Size and weight.

− Value for money and services provided.

- Equipment for diagnostics and certification of cable systems- Conventionally, this equipment can be divided into four main groups: network monitors, devices for certification of cable systems, cable scanners and testers (multimeters).

Network monitors (also called network analyzers) are reference measurement tools for diagnosing and certifying cables and cabling systems. An example is the HewlettPackard network analyzers - HP 4195A and HP 8510C. Network analyzers contain a high-precision frequency generator and a narrow-band receiver. By transmitting signals of different frequencies into the transmitting pair and measuring the signal in the receiving pair, attenuation and NEXT can be measured. Network analyzers are precision, large-sized and expensive (costing more than $20,000) instruments intended for use in laboratory conditions by specially trained technical personnel.

The purpose of devices for certification of cable systems follows directly from their name. Certification is carried out in accordance with the requirements of one of the international standards for cable systems.

Cable scanners are used to diagnose copper cable systems. These devices allow you to determine cable length, NEXT, attenuation, impedance, wiring diagram, electrical noise level and evaluate the results. The price of these devices varies from $1,000 to $3,000. There are quite a lot of devices of this class, for example, scanners from MicrotestInc., FlukeCorp., DatacomTechnologiesInc., ScopeCommunicationInc. Unlike network analyzers, scanners can be used not only by specially trained technical personnel, but even by novice administrators.

Testers are designed to check cables for the absence of physical breaks. These are the simplest and cheapest devices for cable diagnostics. They allow you to determine the continuity of the cable, but do not answer the question of where the failure occurred.

Multifunctional analysis and diagnostic devices. In recent years, due to the ubiquity of local networks, there has been a need to develop inexpensive portable devices that combine the functions of several devices: protocol analyzers, cable scanners, and even some network management software capabilities. An example of this type of device is Compas from Microtest Inc. or FlukeCorp's 675 LANMeter.

Due to the widespread proliferation of fiber optic communication networks, fiber-optic communication testing tools are becoming increasingly important.

A VFL (Visual Fault Locator) can be used to check polarity and also to detect abnormal bends or cable breaks. VFL is a high-power infrared laser that sends its output to one end of the cable. In this case, VFL determines continuity and identifies the correct connection of connectors.

The optical loss analyzer - OLTS (Optical Loss Test Set) includes two components: a light source and an optical signal power meter. Using this type of diagnostic tool can verify fiber integrity and verify that the cable meets established standards. Many devices make this comparison automatically.

The third type of devices for testing optical cables is optical system certification devices - CTS (Certifying Test Set) - a complicated OLTS. This equipment can measure and calculate signal loss, check polarity, determine cable length, compare them with the built-in standards library, provide a connection map. It is also possible to save all the information received for later transfer to a computer, which will help make an in-depth analysis and draw up a report. The CTS consists of a main device and several remote devices (at each end of the cable being tested), including an optical signal power meter and a dual wavelength source.

Optical Domain Reflectometers (OTDR) are diagnostic tools that are used to characterize the loss of optical signal power by sending a short pulse of light from one end of the fiber and analyzing the light reflected from the other end of the fiber. By recording the readings, the OTDR determines the optical power, signal transit time and displays this data in the form of a graph. These devices allow you to measure elements included in the network, including the length of fiber parts, signal attenuation uniformity, and the location of connectors. In this way, you can visually locate reflexive events (ties, fiber breaks) and non-reflective events (splices, bad or stressed bends) by analyzing a graph, or by using an event table that can be generated by OTDR devices.

Fig.1.3 - Optical reflectometer

Reflectometer MTS 8000 - is a new multi-module test platform for fiber optic systems. This device simultaneously installs a reflectometer, an optical tester, an optical power meter, a visual defect locator, an optical microscope, an optical headset, and an OTDR. The design solution developed by Acterna specialists allows simultaneous installation of a large number of replaceable optical modules in the MTS 8000, allowing the user to measure all the necessary characteristics depending on the type of work. The processor installed in the MTS 8000 allows you to test the network using predefined test sets. The internal memory of the device is 8MB. An interesting new feature is the ability to install a hard drive with a capacity of up to 6 GB. For convenience and the ability to quickly work, the MTS 8000 is equipped with FDD drives, CD-RW drives, and USB ports.

- Expert systems- this type of system accumulates human knowledge about identifying the causes of abnormal operation of networks and possible ways to bring the network into an operational state. Expert systems are often implemented as separate subsystems various means network monitoring and analysis: network management systems, protocol analyzers, network analyzers. The simplest version of an expert system is a context-sensitive help system. More complex expert systems are so-called knowledge bases that have elements of artificial intelligence. An example is the expert network analysis system Expert Analysis from the Distributed Sniffer System product family.

The system is based on a unique knowledge base accumulated by Network General specialists since 1986 and based on experience working with users of various networks and developments of groups at Stanford and Massachusetts universities, as well as Nippon Telephone and Telegraph (NTT).

The main purpose of the system is to reduce downtime and eliminate network bottlenecks through automatic identification of anomalous phenomena and automatic generation of methods for their resolution. The expert analysis system provides diagnostic information in three categories:

A symptom is an event on the network that the network administrator should pay additional attention to (for example, a physical error when accessing a network node or a single file retransmission). Does not necessarily mean the occurrence of partial loss of performance, but at a high level of frequency it requires the attention of the administrator.

The diagnosis is the repeated repetition of a symptom, requiring mandatory analysis by the network administrator. Typically, the diagnosis describes situations that characterize serious network faults (for example, a duplicate network address). At the diagnosis stage, the event leading to partial loss of network functionality is translated into a language understandable to the operator and administrator.

Explanation - the context-sensitive expert analysis system's conclusion for each symptom or diagnosis. The explanation contains a description of several possible reasons for the current situation, the rationale for such a conclusion and recommendations for eliminating them.

The Expert Analysis automatic analysis system is based on a unique multi-tasking packet analysis technology, which consists of the following steps.

Packets circulating in the network are continuously captured and placed in a circular capture buffer (first task).

At the same time, several protocol analyzer tasks (one for each protocol family) scan the capture buffer and generate information in a single internal format.

Standardized information is sent to a group of task experts. Each of these programs is an expert only in its own narrow field, for example, in knowledge of the protocol for interaction between a client and a NetWare server. If an expert finds an event related to his area of interest, he generates some corresponding object (for example, "IBSO Guest server user") in an object-oriented network database called BlackboardKnowledgeBase and associates it with corresponding lower-level objects. The result is a complex structure that displays all network objects related to a certain protocol and all possible connections between them at all seven levels of the ISO/OSI model.

There is a second group of expert tasks that constantly analyze the state of the database and issue messages about abnormal network functioning (symptoms or diagnoses). IN total The ExpertAnalysis system handles more than 200 different events that lead to partial loss of network functionality.

Such a multi-tasking analysis system is unique in the analyzer market and meets the requirements for expert systems diagnostics, repair and monitoring, guarantees the reliability of the diagnosis. However, the considered ES belongs to the category of expensive high-class systems and, therefore, is not available to a wide range of users.

Another example of an ES with elements of artificial intelligence is the program OptiView Protocol Expert, developed by Fluke Networks and is a member of a family of distributed analysis and monitoring systems for 10/100/1000 Ethernet computer networks. The purpose of the system, like Expert Analysis, is aimed at reducing downtime and eliminating network bottlenecks.

The system in question classifies all detected events by levels network model OSI:

Application level: Excessive ARP, Excessive BOOTP, NFS retransmission, all ICMP errors, HTTP Get Response, Slow Server Connect, Slow Server Response;

Transport layer: TCP/IP checksum error, TCP/IP retransmission, TCP/IP fast retransmission, TCP/IP zero window, TCP/IP frozen window, TCP/IP long ack, TCP/IP SYN attack;

Network level: duplicate IP or IPX address, IP TTL expiring, IP illegal source address, ISL Illegal VLAN ID, unstable MST, HSRP coup/resign;

Data link layer: illegal MAC source address, broadcast/multicast storms, physical errors.

The system in question recognizes a wide range of problems that may indicate the presence of a hidden defect or bottleneck in a network component, displays messages about their occurrence, but does not provide recommendations for correcting it. Thus, to guarantee the correctness of the diagnosis, a necessary condition is a high level of knowledge in the network area of the user of this system. Also, the high cost of the system does not contribute to its widespread implementation in most computer networks.

Under diagnostics It is generally accepted to understand the measurement of characteristics and monitoring of network performance indicators during its operation, without interrupting the work of users.

Network diagnostics is, in particular, measuring the number of data transmission errors, the degree of load (utilization) of its resources or the response time of application software.

Testing is a process of actively influencing a network in order to check its performance and determine potential opportunities for transmitting network traffic. As a rule, it is carried out to check the condition of the cable system (quality compliance with standard requirements), find out the maximum throughput, or evaluate the response time of application software when changing the settings of network equipment or the physical network configuration.

Troubleshooting the network using hardware.

Conventionally, equipment for diagnostics, troubleshooting and certification of cable systems can be divided into four main groups:

1. Cable certification instruments that perform all necessary tests for cable certification, including determination of attenuation, signal-to-noise ratio, impedance, capacitance and active resistance.

2. Network analyzers are the reference measurement tools for diagnosing and certifying cables and cabling systems. Network analyzers contain a high-precision frequency generator and a narrow-band receiver. By transmitting signals of different frequencies into the transmitting pair and measuring the signal in the receiving pair, line attenuation and line characteristics can be measured.

3. Cable scanners allow you to determine cable length, attenuation, impedance, wiring diagram, electrical noise level and evaluate the results. To determine the location of a cable system fault (break, short circuit, etc.), the “cable radar” method, or Time Domain Reflectometry (TDR), is used. The essence of this method is that the scanner emits a short electrical pulse into the cable and measures the delay time before the reflected signal arrives. The polarity of the reflected pulse determines the nature of the cable damage ( short circuit or break). In a correctly installed and connected cable there is no reflected pulse.

4. Testers (ohmmeters) are the simplest and cheapest devices for cable diagnostics. They allow you to determine the continuity of the cable, however, unlike cable scanners, they do not indicate where the failure occurred. Checking the integrity of communication lines is carried out by sequential “dialing” twisted pairs using an ohmmeter.

Connection personal computer to local network

The first thing you need to do is make sure that the network card of your computer/laptop is working and that the drivers are installed. Another important detail required for a local network is a switch (switch) and the network cable itself. Instead of a switch, you can use a Wi-Fi router. But the number of ports will be limited, but as a bonus there will be access to the Internet.

Connecting to the local network occurs in the following sequence.

Network cable are connected to the switch and the computer's network card. Next, the computer and switch turn on. The OS will boot, during approximately the same time the switch router will blink its lights, and you can start setting up network parameters: go to “Control Panel” – “View network status and tasks” – “Change adapter settings” – “RMB” – “Properties” " - "Configure the computer's IP address" - "Internet Protocol version 4" - "Properties". Enter the IP address in the format “192.168.YYY.ХХХ”. Click on the network mask once, it will be installed automatically. Please note that the last two blocks of numbers and the network mask must match the addresses of the network to which the connection is being configured. For example, if the network is “192.168.1.ХХХ”, then “1” is the subnet number, and “ХХХ” is any number from 1 to 254. After setting, you need to click “OK”.

Next, you need to set the workgroup, this is necessary to display the computer in the appropriate group. In an office, for example, in the “Accounting” group there will be working machines only from the “Accounting” department. Next, you need to go to the properties of “My Computer” - “Change Settings”. In the system properties, click “Change” to join the computer to the workgroup. Enter the computer name and workgroup. Click “OK” and restart the PC for the changes to take effect.

Another connection option is wireless. This method is only suitable if you have a Wi-Fi router. To do this, you will need a Wi-Fi adapter (for installation inside or a USB port) and a Wi-Fi router. You need to connect the adapter. The system will automatically recognize it, install drivers for it, or ask you to insert a driver disc. A wireless icon will appear in the system tray next to the clock. Next, you need to click on it, a list of networks available for connection will appear, in which you need to find yours and connect. In this case, you just need to set a home group, the IP address will be assigned automatically. The laptop already has a built-in network card and Wi-Fi adapter.

Connecting a personal computer to the Internet

To connect your computer to a PC, you must do the following: “Start” – “Control Panel” – “Network and Internet” – “Network and Sharing Center” – “Changing adapter settings” – “Network connections” – “Local Area Connection” – “RMB” – “Properties” – “Network” – “Internet Protocol version 4 (TCP/IPv4)” – “Properties”. In the next window, you need to check the boxes next to the “Obtain an IP address automatically” and “Obtain DNS server address automatically” functions.

When connecting your computer to a Wi-Fi wireless network, you need to do the following: go to “Network and Sharing Center” – “Connect to a network.” A window will pop up on the right showing the network connection settings. You need to make sure that the airplane mode is not active - it should be turned off. Below you will find a list of available connections. You need to select a network and connect. You can also check the box next to “Connect automatically” - the computer will automatically connect to this network if it is available. Typically, checking the network requirements requires you to enter a password, but sometimes there is free Wi-Fi.

Studying the enterprise automated control system

Automated control system(abbreviated as ACS) is a complex of hardware and software, as well as personnel, designed to manage various processes within the framework of a technological process, production, or enterprise. ACS are used in various industries, energy, transport, etc. The term “automated”, in contrast to the term “automatic”, emphasizes the retention of certain functions by the human operator, either of the most general, goal-oriented nature, or not amenable to automation. ACS with a decision support system (DSS) are the main tool for increasing the validity of management decisions.

The most important task of the automated control system is to increase the efficiency of facility management based on increased labor productivity and improved methods of planning the management process. There are automated control systems for objects (technological processes - automated control systems, enterprises - automated control systems, industry - automated control systems) and functional automated systems, for example, design of planned calculations, logistics, etc.

In general, a management system can be considered as a set of interrelated management processes and objects. The general goal of control automation is to increase the efficiency of using the potential capabilities of the control object. Thus, a number of goals can be identified:

providing the decision maker (DM) with relevant data for decision making;

acceleration of individual operations for collecting and processing data;

reducing the number of decisions that the decision maker must make;

increasing the level of control and performance discipline;

increasing management efficiency;

reducing the costs of decision makers for performing auxiliary processes;

increasing the degree of validity of decisions made.

The ACS includes the following types support: information, software, technical, organizational, metrological, legal and linguistic.

The main classification criteria that determine the type of automated control system are:

sphere of operation of the control object (industry, construction, transport, Agriculture, non-industrial sphere, etc.);

type of controlled process (technological, organizational, economic, etc.);

level in the public administration system.

The AC functions are set to terms of reference to create a specific automated control system based on an analysis of management goals, specified resources to achieve them, the expected effect of automation and in accordance with the standards applicable to this type ACS. Each ACS function is implemented by a set of task complexes, individual tasks and operations. The functions of the automated control system generally include the following elements (actions):

planning and (or) forecasting;

accounting, control, analysis;

coordination and (or) regulation.

The required composition of elements is selected depending on the type of specific automated control system. ACS functions can be combined into subsystems based on functional and other characteristics.

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

The analysis methodology can be presented in the following six stages:

1. Data capture.

2. View captured data.

3. Data analysis.

4. Search for errors. (Most analyzers make this job easier by detecting error types and identifying the station from which the error packet came.)

5. Performance research. The network bandwidth utilization rate or the average response time to a request is calculated.

6. Detailed study of individual sections of the network. The content of this stage is specified as the analysis proceeds.

Typically, the process of analyzing protocols takes relatively little time - 1-2 business days.

Most modern analyzers allow you to analyze several global network protocols at once, such as X.25, PPP, SLIP, SDLC/SNA, frame relay, SMDS, ISDN, bridge/router protocols (3Com, Cisco, Bay Networks and others). Such analyzers allow you to measure various protocol parameters, analyze network traffic, conversion between local and global network protocols, delay on routers during these conversions, etc. More advanced instruments provide the ability to simulate and decode global network protocols, “stress” testing, and measurement maximum throughput, testing the quality of services provided. For the sake of versatility, almost all WAN protocol analyzers implement testing functions for the LAN and all major interfaces. Some devices are capable of analyzing telephony protocols. And the most modern models can decode and present all seven OSI layers in a convenient way. The advent of ATM led manufacturers to equip their analyzers with tools for testing these networks. Such devices can conduct full testing ATM networks of level E-1/E-3 with support for monitoring and modeling. The set of service functions of the analyzer is very important. Some of them, such as the ability to remotely control the device, are simply irreplaceable.

Thus, modern WAN/LAN/ATM protocol analyzers can detect errors in the configuration of routers and bridges; set the type of traffic sent over the global network; determine the speed range used, optimize the ratio between throughput and number of channels; localize the source of incorrect traffic; Perform serial interface testing and full ATM testing; carry out full monitoring and decoding of the main protocols on any channel; analyze statistics in real time, including analysis of local network traffic through global networks.

2. 4 general characteristicsprotocolsmonitOring

2. 4 .1 ProtocolSNMP

SNMP (Simple Network Management Protocol) is a communication network management protocol based on the TCP/IP architecture.

Based on the TMN concept in 1980-1990. Various standardization bodies have developed a number of protocols for managing data networks with a different range of implementation of TMN functions. One type of such management protocol is SNMP. SNMP protocol was developed to test the functioning of network routers and bridges. Subsequently, the scope of the protocol covered other network devices, such as hubs, gateways, terminal servers, LAN Server Manager, machines running Windows NT, etc. In addition, the protocol allows for the possibility of making changes to the functioning of these devices.

This technology is designed to provide management and control over devices and applications in a communication network by exchanging control information between agents located on network devices and managers located at control stations. SNMP defines a network as a collection of network management stations and network elements (hosts, gateways and routers, terminal servers) that together provide administrative communications between network management stations and network agents.

When using SNMP, there are managed and control systems. The managed system includes a component called an agent that sends reports control system. Essentially, SNMP agents pass management information to management systems as variables (such as “free memory”, “system name”, “number of running processes”).

An agent in the SNMP protocol is a processing element that provides managers located at network control stations with access to the values of MIB variables, and thereby enables them to implement functions for managing and monitoring the device.

A software agent is a resident program that performs management functions and also collects statistics for transferring them to the information base of a network device.

Hardware agent is built-in hardware (with a processor and memory) in which software agents are stored.

Variables available through SNMP are organized in a hierarchy. These hierarchies and other metadata (such as variable type and description) are described by Management Information Bases (MIBs).

Today there are several standards for management information databases. The main ones are the MIB-I and MIB-II standards, as well as the RMON MIB remote control database version. In addition, there are standards for specific MIBs for devices of a specific type (for example, MIBs for hubs or MIBs for modems), as well as proprietary MIBs for specific equipment manufacturers.

The original MIB-I specification only defined operations for reading variable values. Operations for changing or setting object values are part of the MIB-II specifications.

Version MIB-I (RFC 1156) defines up to 114 objects, which are divided into 8 groups:

· System - general data about the device (for example, vendor ID, time of last system initialization).

Interfaces - describes the parameters network interfaces devices (for example, their number, types, exchange rates, maximum size package).

· AddressTranslationTable - describes the correspondence between network and physical addresses (for example, via the ARP protocol).

· InternetProtocol - data related to the IP protocol (addresses of IP gateways, hosts, statistics about IP packets).

· ICMP - data related to the ICMP control message exchange protocol.

· TCP - data related to the TCP protocol (for example, about TCP connections).

· UDP - data related to the UDP protocol (number of transmitted, received and erroneous UPD datagrams).

· EGP - data related to the ExteriorGatewayProtocol routing information exchange protocol used on the Internet (the number of messages received with errors and without errors).

From this list of variable groups, it is clear that the MIB-I standard was developed with a strict focus on managing routers that support TCP/IP stack protocols.

In version MIB-II (RFC 1213), adopted in 1992, the set of standard objects was significantly expanded (up to 185), and the number of groups increased to 10.

2. 3 .2 RMON Agents

The newest addition to SNMP functionality is the RMON specification, which allows for remote interaction with a MIB.

The RMON standard dates back to November 1991, when the Internet Engineering Task Force released RFC 1271, "Remote Network Monitoring Management Information Base." This document described RMON for Ethernet networks.

RMON -- monitoring protocol computer networks, an extension of SNMP, which, like SNMP, is based on the collection and analysis of information about the nature of information transmitted over the network. As in SNMP, information is collected by hardware and software agents, the data from which is sent to the computer where the network management application is installed. The difference between RMON and its predecessor lies, first of all, in the nature of the information collected - if in SNMP this information characterizes only events occurring on the device where the agent is installed, then RMON requires that the received data characterize the traffic between network devices.

Before RMON, SNMP could not be used remotely; it only allowed for local management of devices. The RMON MIB has an improved set of properties for remote management, since it contains aggregated information about the device, which does not require large amounts of information to be transmitted over the network. RMON MIB objects include additional packet error counters, more flexible graphical trending and statistical analysis, more powerful filtering tools for capturing and analyzing individual packets, and more sophisticated alert conditions. RMON MIB agents are more intelligent than MIB-I or MIB-II agents and perform much of the device information processing work that was previously done by managers. These agents can be located inside various communication devices, and can also be implemented as separate software modules running on universal PCs and laptops (LANalyzerNovell is an example).

The intelligence of RMON agents allows them to perform simple steps for diagnosing faults and warning about possible failures - for example, within the framework of RMON technology, you can collect data on the normal functioning of the network (i.e., perform the so-called baselining), and then set warning signals when the network operating mode deviates from the baseline - this may indicate , in particular, about incomplete serviceability of equipment. By combining information received from RMON agents, a management application can help a network administrator (located, for example, thousands of kilometers from the network segment being analyzed) to localize the problem and develop the optimal action plan to resolve it.

RMON information is collected by hardware and software probes connected directly to the network. To complete the task of collecting and primary data analysis, the probe must have sufficient computing resources and RAM. There are currently three types of probes on the market: integrated, computer-based, and stand-alone. A product is considered RMON-capable if it implements at least one RMON group. Of course, the more RMON data groups are implemented in this product, the more expensive it is, on the one hand, and on the other, the more complete information it provides about the operation of the network.

Embedded probes are expansion modules for network devices. Such modules are produced by many manufacturers, in particular, such large companies as 3Com, Cabletron, Bay Networks and Cisco. (By the way, 3Com and Bay Networks recently acquired Axon and ARMON, recognized leaders in the development and production of RMON management tools. Such interest in this technology from major network equipment manufacturers once again shows how necessary remote monitoring is for users.) The most The decision to integrate RMON modules into hubs seems natural, because it is from observing these devices that one can get an idea of the operation of the segment. The advantage of such probes is obvious: they allow you to obtain information on all main groups of RMON data at a relatively low cost. The disadvantage, first of all, is that the performance is not very high, which is manifested, in particular, in the fact that the built-in probes often do not support all RMON data groups. Not long ago, 3Com announced its intention to release RMON-supporting drivers for Etherlink III and Fast Ethernet. As a result, it will be possible to collect and analyze RMON data directly from workstations on the network.

Computer-based probes are simply computers connected to a network with the RMON software agent installed on them. These probes (such as Network General's Cornerstone Agent 2.5) have higher performance than built-in probes and typically support all RMON data groups. They are more expensive than built-in probes, but much less expensive than stand-alone probes. In addition, computer-based probes are quite large, which can sometimes limit their applications.

Autonomous probes offer the highest performance; As is easy to understand, these are at the same time the most expensive products of all those described. Typically, a standalone probe is a processor (i486 class or RISC processor) equipped with sufficient RAM and a network adapter. The leaders in this market sector are Frontier and Hewlett-Packard. Probes of this type are small in size and very mobile - they are very easy to connect to and disconnect from the network. When solving the problem of managing a global network, this is, of course, not very important property, however, if RMON tools are used for performance analysis corporate network medium-sized, then (taking into account the high cost of devices) the mobility of the probes can play a very positive role.

The RMON object is numbered 16 in the MIB object set, and the RMON object itself, as defined in RFC 1271, consists of ten data groups.

· Statistics - current accumulated statistical data on packet characteristics, number of collisions, etc.

· History - statistical data saved at certain intervals for subsequent analysis of trends in their changes.

· Alarms - threshold values of statistical indicators, when exceeded, the RMON agent sends a message to the manager. Allows the user to define a range of threshold levels (these thresholds may range from the most different things- any parameter from the statistics group, the amplitude or rate of its change and much more), upon exceeding which an alarm is generated. The user can also determine under what conditions exceeding the threshold value should be accompanied by an alarm signal - this will avoid generating a signal “for nothing”, which is bad, firstly, because no one pays attention to a constantly burning red light, and secondly , because the transfer of unnecessary alarms over the network leads to excessive load on communication lines. An alarm is usually sent to an event group, where it is determined what to do with it next.

· Host - data about network hosts, including their MAC addresses..

· HostTopN - table of the busiest hosts on the network. The N top hosts table (HostTopN) contains a list of the top N hosts that have the maximum value of a given statistical parameter for a given interval. For example, you can request a list of 10 hosts that have been observed maximum amount errors within the last 24 hours. This list will be compiled by the agent itself, and the management application will receive only the addresses of these hosts and the values of the corresponding statistical parameters. It is clear to what extent this approach saves network resources

· TrafficMatrix - statistics on traffic intensity between each pair of network hosts, organized in the form of a matrix. The rows of this matrix are numbered in accordance with the MAC addresses of the message source stations, and the columns are numbered in accordance with the addresses of the recipient stations. Matrix elements characterize the traffic intensity between the corresponding stations and the number of errors. By analyzing such a matrix, the user can easily find out which pairs of stations generate the most intense traffic. This matrix, again, is generated by the agent itself, so there is no need to transfer large amounts of data to the central computer responsible for managing the network.

· Filter - packet filtering conditions. The criteria by which packets are filtered can be very diverse - for example, you can request that all packets whose length is less than a certain value be filtered out as erroneous. set value. We can say that installing a filter corresponds to organizing a channel for transmitting a packet. Where this channel leads is determined by the user. For example, all erroneous packets can be intercepted and sent to the appropriate buffer. In addition, the appearance of a packet that matches the installed filter can be considered as an event to which the system must react in a predetermined manner.

· PacketCapture - conditions for capturing packets. A packet capture group contains capture buffers to which packets whose attributes satisfy the conditions specified in the filter group are sent. In this case, it is not the entire packet that can be captured, but, say, only the first few tens of bytes of the packet. The contents of the capture buffers can subsequently be analyzed using various software tools, revealing whole line very useful characteristics of the network. By rebuilding filters for certain characteristics, it is possible to characterize different parameters of network operation.

· Event - conditions for registering and generating events. The events group determines when to send an alarm to the management application, when to intercept packets, and in general how to react to certain events occurring on the network, for example, when threshold values specified in the alarms group are exceeded: whether to set notify the control application, or you just need to log this event and continue working. Events may not be associated with raising alarms - for example, sending a packet to the capture buffer is also an event.

These groups are numbered in order, so for example the Hosts group has the numeric name 1.3.6.1.2.1.16.4.

The tenth group consists of special objects of the TokenRing protocol.

In total, the RMON MIB standard defines about 200 objects in 10 groups, documented in two documents - RFC 1271 for Ethernet networks and RFC 1513 for TokenRing networks.

A distinctive feature of the RMON MIB standard is its independence from the network layer protocol (unlike the MIB-I and MIB-II standards, which are focused on TCP/IP protocols). Therefore, it is convenient to use in heterogeneous environments using different network layer protocols.

2. 5 Review of popular snetwork management systems

Network management system - hardware and/or software for monitoring and managing network nodes. Network management system software consists of agents that reside on network devices and transmit information to the network management platform. The method of information exchange between control applications and agents on devices is determined by protocols.

Network management systems must have a number of qualities:

· true distribution in accordance with the client/server concept,

· scalability,

· openness, allowing to cope with heterogeneous - from desktop computers to mainframes - equipment.

The first two properties are closely related. Good scalability is achieved due to the distribution of the control system. Distribution means that the system can include several servers and clients. Servers (by managers) collect data about the current state of the network from agents (SNMP, CMIP or RMON) built into the network equipment and accumulate them in their database. Clients are graphical consoles operated by network administrators. The management system client software accepts requests from the administrator to perform any actions (for example, building detailed map parts of the network) and applies for necessary information to the server. If the server has the necessary information, then it immediately transmits it to the client; if not, then it tries to collect it from the agents.

Early versions of control systems combined all functions in one computer, which was operated by an administrator. For small networks or networks with a small amount of managed equipment, this structure turns out to be quite satisfactory, but large quantities managed equipment, the only computer to which information from all network devices flows becomes a bottleneck. And the network cannot cope with the large flow of data, and the computer itself does not have time to process it. In addition, a large network is usually managed by more than one administrator, therefore, in addition to several servers, a large network must have several consoles at which network administrators work, and each console must provide specific information that meets the current needs of a particular administrator.

Support for heterogeneous equipment is a desirable rather than an actual feature of today's control systems. Four of the most popular network management products include Cabletron Systems' Spectrum, Hewlett-Packard's OpenView, IBM's NetView, and SunSoft's Solstice, a division of SunMicrosystems. Three out of four companies produce communications equipment themselves. Naturally, Spectrum works best with Cabletron equipment, OpenView with Hewlett-Packard equipment, and NetView with IBM equipment.

When building a network map, which consists of equipment from other manufacturers, these systems begin to make mistakes and mistake some devices for others, and when managing these devices, they only support their basic functions, and many useful additional functions, which distinguish this device from others, the control system simply does not understand and, therefore, cannot use them.

To correct this shortcoming, control system developers include support not only for standard MIB I, MIB II and RMON MIB, but also for numerous proprietary MIBs from manufacturers. The leader in this area is the Spectrum system, which supports about 1000 MIBs from various manufacturers.

Another way to better support specific equipment is to use an application based on some management platform from the company that produces this equipment. Leading manufacturing companies communication equipment- have developed and supply highly complex and multifunctional control systems for their equipment. The most well-known systems of this class include Optivity from BayNetworks, CiscoWorks from CiscoSystems, and Transcend from 3Com. Optivity, for example, allows you to monitor and manage networks consisting of BayNetwork routers, switches and hubs, taking full advantage of all their capabilities and properties. Equipment from other manufacturers is supported at the level of basic control functions. Optivity runs on Hewlett-Packard's OpenView and SunSoft's SunNetManager (predecessor to Solstice) platforms. However, running a multi-system management platform like Optivity is too complex and requires the computers running it to be very capable. powerful processors and large RAM.

However, if the network is dominated by equipment from a single manufacturer, then the availability of management applications from that manufacturer for any popular management platform allows network administrators to successfully solve many problems. Therefore, management platform developers provide tools that make application development easier, and the availability and quantity of such applications is considered a very important factor when choosing a management platform.

The openness of the management platform also depends on the form of storage of the collected data on the state of the network. Most leading platforms allow you to store data in commercial databases such as Oracle, Ingres or Informix. The use of universal DBMSs reduces the speed of the control system compared to storing data in operating system files, but it allows this data to be processed by any applications that can work with these DBMSs.

The table shows the most important characteristics of the most popular management platforms

Table 2.1 - Characteristics of popular diagnostic platforms

Characteristics	OpenView Network Node Manager 4.1 (Hewlett-Packard)	Spectrum Enterprise Manager (Cabletron Systems)	NetView forAIX SNMPManager (IBM)	Solstice Enterprise Manager (SunSoft)
Auto discovery
Limit on the number of intermediate routers
Determining a hostname from its address via a DNS server
Ability to modify the assigned hostname
Recognition of network topologies	Any networks running over TCP/IP	Ethernet, TokenRing, FDDI, ATM, distributed networks, switched networks	recognition by device interfaces	Ethernet, Token-Ring, FDDI, distributed networks
	200 - 2000, highest known - 35000		There are no software restrictions
Database support			Own, Oracle, Sybase, ...	Informix, Oracle, Sybase
Distributed Control
One server /		clients
Number of clients		No software limitation	More than 30 tested	No software limitation
The client is using X-Window
The GUI system runs on the client
Client's own network map
Specifying network objects available for viewing	Using an Operations Center (HP) add-on product
Many servers /		clients
Current state
planned
Number of third party applications
Number of third party MIBs supported				No data
SNMP protocol support:


Support for IETF approved MIBs	Most but no RMON
CMIP protocol support	Additional paid product - Open View HP Distributed Management Platform	Additional paid product
Interfacing with mainframes	Using third party applications	By SNA via Blue Vision	Can access NetView on mainframe
OS support	HPUX, SunOS, Solaris	IBM AIX, Sun OS, HP UX, SGI IRIX, Windows NT	AIX, OSF/1, Windows NT

3 Organization of computer network diagnostics

There may be several main reasons for unsatisfactory network operation: damage to the cable system, defects in active equipment, overload of network resources (communication channel and server), errors in the application software itself. Often some network defects mask others. And in order to reliably determine the reason for unsatisfactory performance, the local network must be subjected to comprehensive diagnostics. Comprehensive diagnostics involves performing the following work (stages).

- Detection of defects in the physical layer of the network: cable system, power supply system of active equipment; presence of noise from external sources.

- Measuring the current load of the network communication channel and determining the influence of the load value of the communication channel on the response time of the application software.

- Measuring the number of collisions in the network and finding out the reasons for their occurrence.

- Measuring the number of data transmission errors at the communication channel level and identifying the causes of their occurrence.

- Identification of network architecture defects.

- Measuring the current server load and determining the impact of the degree of its load on the response time of the application software.

- Identification of application software defects, which result in inefficient use of server and network bandwidth.

We will dwell in more detail on the first four stages of complex diagnostics of a local network, namely, diagnostics of the network link level, since the diagnostic task is most easily solved for a cable system. As already discussed in the second section, the network cable system can only be fully tested with special devices - a cable scanner or tester. AUTOTEST on a cable scanner will allow you to perform a full range of tests to determine whether your network cable system complies with the selected standard. When testing a cable system, I would like to draw attention to two points, especially since they are often forgotten.

The AUTOTEST mode does not allow you to check the noise level created by an external source in the cable. This could be noise from a fluorescent lamp, power wiring, a cell phone, a powerful copy machine, etc. Cable scanners usually have a special function to determine the noise level. Since the network cabling system is fully tested only at the installation stage, and noise in the cable can occur unpredictably, there is no full guarantee that noise will appear during a full-scale network test at the installation stage.

When checking a network with a cable scanner, instead of active equipment, a scanner is connected to the cable at one end, and an injector at the other. After checking the cable, the scanner and injector are turned off, and active equipment is connected: network cards, hubs, switches. However, there is no complete guarantee that the contact between the active equipment and the cable will be as good as between the scanner equipment and the cable. There are often cases when a minor defect in the RJ-45 plug does not appear when testing the cable system with a scanner, but was detected when diagnosing the network with a protocol analyzer.

Diagnostics of network devices (or network components) also has its own subtleties. When carrying it out, various approaches are used. The choice of a particular approach depends on what is chosen as the criterion for good device performance. As a rule, three types of criteria and, therefore, three main approaches can be distinguished.

The first is based on monitoring the current values of parameters characterizing the operation of the device being diagnosed. The criteria for good device performance in this case are the recommendations of its manufacturer, or the so-called de facto industrial standards. The main advantages of this approach are simplicity and convenience in solving the most common, but, as a rule, relatively uncomplicated problems. However, there are cases when even an obvious defect does not appear most of the time, but makes itself felt only in certain, relatively rare operating modes and at unpredictable times. It is very difficult to detect such defects by monitoring only the current parameter values.

The second approach is based on studying the baseline parameters (so-called trends) characterizing the operation of the device being diagnosed. The basic principle of the second approach can be formulated as follows: “a device works well if it works as it always has.” This principle is the basis for proactive network diagnostics, the purpose of which is to prevent the onset of its critical states. The opposite of proactive diagnostics is reactive diagnostics, the goal of which is not to prevent, but to localize and eliminate the defect. Unlike the first one, this approach allows you to detect defects that appear not constantly, but from time to time. The disadvantage of the second approach is the assumption that the network initially worked well. But “as always” and “good” do not always mean the same thing.

The third approach is carried out by monitoring integral indicators of the quality of functioning of the device being diagnosed (hereinafter referred to as the integral approach). It should be emphasized that from the point of view of network diagnostic methodology, there is a fundamental difference between the first two approaches, which we will call traditional, and the third, integral. With traditional approaches, we observe individual characteristics of the network and, in order to see it “as a whole,” we must synthesize the results of individual observations. However, we cannot be sure that we will not lose important information during this synthesis. The integral approach, on the contrary, gives us a general picture, which in some cases is not detailed enough. The task of interpreting the results when integral approach, essentially the opposite: by observing the whole, identify where and in what particulars the problem lies.

From the above it follows that the most effective approach is one that combines the functionality of all three approaches described above. It should, on the one hand, be based on integral indicators of the quality of network operation, but, on the other hand, it should be supplemented and specified with data obtained using traditional approaches. It is this combination that allows you to make an accurate diagnosis of a network problem.

3.1 Documenting the network

Maintaining network documentation provides a number of benefits to the network administrator. Network documentation can be:

- Troubleshooting tool - when something goes wrong, documentation can serve as a guide to troubleshooting. It will save time and money.

- Assistance in training new personnel - a new employee will be more likely to be ready to work if documentation is available for the area of work where he will work, which will again save time and money.

- Help for suppliers and consultants - these people tend to be quite expensive, if they need to know any details of the network infrastructure, then having documentation will allow them to get the job done faster, which, again, saves time.

Each network has its own unique features, but also has many common elements that should be included in the documentation:

Network topology- This information is usually presented in the form of diagrams that show the main network nodes such as routers, switches, firewalls, servers and how they are interconnected. Printers and workstations are usually not included here.

Server Information- that is, the information that you need to manage and administer servers, such as name, functions, IP addresses, disk configuration, OS and service packs, date and place of purchase, warranty, etc...

Port assignment switches and routers - this includes detailed information about the configuration of the WAN, VLANs, or even the assignment of ports to network nodes through the patch panel.

Network Services Configuration-- Network services such as DNS, WINS, DHCP, and RAS are critical to network operations, and how they are structured should be described in detail. This information can always be obtained from servers, but documenting it in advance in an easy-to-read format saves time.

Domain Policies and Profiles- you can limit user capabilities using the Policy Editor in Windows NT or using Group Policies in Windows 2000. In this case, it is possible to create user profiles that are stored on the server rather than on the local machine. If such capabilities are used, such information should be documented.

Mission Critical Applications- it is necessary to include in the documentation how such applications are supported, what often goes wrong with them, and how to solve such problems.

Procedures-- that in itself could be a big project. Basically, procedures are a means of implementing policies and can be quite extensive. Specifically, the policy may state that "The network must be protected from unauthorized users." However, implementing such a policy will require a lot of effort. There are procedures for firewalls, network protocols, passwords, physical security, etc. You can also have separate procedures for handling problems reported by users and procedures for regular server maintenance.

As practice shows, most medium-sized enterprises, especially government agencies, use the manual method of documenting the network, i.e. Excel lists and the knowledge of the IT specialist responsible are quite enough for them. However, the use of special network documentation systems will significantly reduce risks in the event of component failure or physical damage to the infrastructure as a result of construction work, fire or flood, sudden dismissal or disappearance of the responsible specialist, and reduce the time required to restore the infrastructure.

The network infrastructure documentation system (CMS) is an integrated system that allows you to store in a single place and have convenient access to information about all network objects (be it individual computers, connecting cables, television surveillance systems, fire alarms, etc.) and connections between them.

The main goal of modern software-based network documentation systems is to achieve flexible and accurate documentation and network management at low cost and minimal complexity. The network documentation system stores data on all passive (cables, connectors, switch panels, distribution cabinets) and active (routers, switches, servers, PCs, PBX) network components, including information about connections and their status (Connectivity) in a central relational database data (eg Oracle, SQL, DB2), and visualizes the entire system in both alphanumeric and graphical form. In addition, based on building and land plans, you can display the location individual components and cable routes Component information and images are stored in a component library that is constantly updated. Many modern systems already offer Web clients that allow you to access documentation over a network via the Internet. Thus, service technicians can directly request work orders on site via mobile devices and, once completed, acknowledge them in the production system. Some network documentation systems even have a Discovery function to automatically detect new active components via SNMP and include them in the documentation.

With a network documentation system in place, the user can obtain an up-to-date and holistic overview of all network resources in the organization's infrastructure at any time. According to calculations by the International IT Service Management Forum (ITSMF), throughout the entire life cycle of an IT system, maintenance costs are reduced by 80%. The network documentation system allows you to carry out a greater number of actions (than with manual processing) necessary for the functioning of the network infrastructure, and at the same time significantly saves time on their implementation. In addition, data entry errors or duplication are prevented. Automated processes for infrastructure changes (Change Requests) can be introduced into the system and, finally, work orders can be automatically created, for example, when repair work or moving. The activities of field service personnel become much more efficient, due to which the processes of maintaining and changing the computer network are significantly simplified. Calculations have shown that the reduction in effort and, accordingly, financial costs for planning and documenting the necessary changes in the network can reach 90%.

According to statistics from Network Operating Centers (NOC), about 80% of all network problems are caused by faulty wiring. By using a network documentation system, enterprises can quickly localize the problem area and thus quickly resolve problems. Moreover, through a network documentation system, redundant signal transmission routes can be planned and organized so that in case of problems they can be simply connected.

Currently, network documentation systems are used primarily by large companies, as well as energy suppliers and municipal enterprises with extensive and complex IT infrastructure. Manual documentation would become an overwhelming burden for them. Documentation systems are also used by telecommunications companies, which are required to ensure the availability of infrastructure for their customers and actually confirm this. Increasingly, hospitals and other institutions are relying on network documentation systems for which the availability and reliability of the network structure is a vital necessity. For daily activities Operating organizations and building owners providing a network for several enterprises in the same territory, network documentation systems are also of great importance.

As an example, consider some of these systems.

Friendly Pinger is a powerful and convenient application for administering, monitoring and inventorying computer networks. Presents the following features:

· Visualization of a computer network in a beautiful animated form, showing which computers are turned on and which are not;

· Notification about stopping/starting servers;

· View who is accessing which files on a computer over the network;

· Automatic collection of information about the software and hardware of computers on the network.

· Figure 3.1 - Network map

10-Strike LANState- a program for administrators and ordinary users of Microsoft Windows networks. Using LANState, you can monitor the current state of the network in graphical form, manage servers and workstations, monitor remote devices by periodically polling computers, monitor connections to network resources, and receive timely notifications about various events.

LANState contains many useful functions for administrators and network users, for example, sending messages, rebooting and shutting down remote computers, ping, determining a name by IP address, route tracing, scanning ports and hosts. It is also possible to receive various information about remote computers(without installing the server part on them). For example, viewing the registry over the network, viewing a remote event log, viewing a list of installed programs. Windows 95/98/Me/NT/2000/XP are supported.

For network users: the program allows you to clearly see which computers on the network are turned on and which are not. At any time, the program can be called from the Windows tray and quickly access the resources of the desired computer (replacing the Network Neighborhood window). You can configure alarms to turn on/off certain computers and servers on the network, for the availability of files and folders, for the launch of web and FTP servers, and for other events. LANState monitors connections to shared resources and monitors file accesses from the network. It is possible to find out who is accessing which files on a computer over the network, including through administrative resources.

For administrators: managing computers on a network, obtaining various information about remote computers (lists of users, running services and applications, installed programs, access to the registry and event log), remote administration, reboot, turn on/off, etc. Alarms allow you to promptly learn about computers and servers on the network being turned on/off, VPN connections being interrupted, or changes in the size or availability of files and folders.

Let's consider the process of creating a local network diagram using this program. LANState supports SNMP device scanning and can draw a network diagram automatically, creating lines connecting hosts. In this case, the switch port numbers are indicated in the line captions. To automatically build a network diagram:

1. SNMP must be enabled on the switches. The program must be allowed in the firewall to work successfully using the SNMP protocol.

2. Launch the Network Map Creation Wizard.

3. Select network scanning by IP address range. Specify ranges. SNMP devices must be within the specified ranges.

Figure 3.2 - Setting the address range

4. Select scanning methods and configure their parameters. Check the box next to the "Search for devices with SNMP..." option and specify the correct community strings to connect to the switches.

Figure 3.3 - Scanning parameters and methods

5. After scanning, the program should draw a network diagram. If the SNMP scan is successful, connections between network devices will be drawn automatically.

The network diagram can be uploaded to a picture or to a Microsoft Visio diagram

Figure 3.4 - Enlarged network diagram

3. 2 Predictive diagnostics technique

The method of proactive diagnostics is as follows. The network administrator must monitor the network operation continuously or over an extended period of time. It is advisable to carry out such observations from the moment of its installation. Based on these observations, the administrator must determine, firstly, how the values of the observed parameters affect the work of network users and, secondly, how they change over a long period of time: a working day, week, month, quarter, year, etc. .

Observable parameters are usually:

- operating parameters of the network communication channel - utilization of the communication channel, the number of frames received and transmitted by each network station, the number of errors in the network, the number of broadcast and multicast frames, etc.;

- server operating parameters - utilization of the server processor, the number of deferred (waiting) requests to the disk, the total number of cache buffers, the number of “dirty” cache buffers, etc.

Knowing the relationship between the response time of the application software and the values of the observed parameters, the network administrator must determine the maximum parameter values allowed for a given network. These values are entered as thresholds into the diagnostic tool. If during network operation the values of the observed parameters exceed the threshold values, the diagnostic tool will inform the network administrator about this event. This situation indicates that there is a problem in the network.

By observing the operation of the communication channel and server for a sufficiently long time, it is possible to establish a trend of changes in the values of various network operating parameters (resource utilization, number of errors, etc.). Based on such observations, the administrator can draw conclusions about the need to replace active equipment or change the network architecture.

If a problem appears on the network, the administrator must write a dump of the channel trace into a special buffer or file at the moment it manifests itself and, based on an analysis of its contents, draw conclusions about the possible causes of the problem.

3.2 Organization of the diagnostic process

Without questioning the importance of proactive diagnostics, we have to admit that in practice it is rarely used. Most often (although this is incorrect), the network is analyzed only during periods of its unsatisfactory performance. And usually in such cases it is necessary to localize and correct existing network defects quickly. The technique we propose can even be considered as a special case of the proactive network diagnostics technique.

Any network testing technique significantly depends on the tools available to the system administrator. According to some administrators, in most cases a necessary and sufficient tool for detecting network defects (except for a cable scanner) is a network protocol analyzer. It should connect to the collision domain where failures are observed, in maximum proximity to the most suspicious stations or server

If the network has a collapsed backbone architecture and a switch is used as the backbone, then the analyzer must be connected to those switch ports through which the analyzed traffic passes. Some programs have special agents or probes that are installed on computers connected to remote switch ports. Typically, agents (not to be confused with SNMP agents) are a service or task that runs in the background on the user's computer. As a rule, agents consume few computing resources and do not interfere with the work of the users on whose computers they are installed. Analyzers and agents can be connected to the switch in two ways.

In the first method (see Figure 3.5), the analyzer is connected to a special port (monitoring port or mirror port) of the switch, if there is one, and traffic from all the switch ports of interest is sent to it in turn.

Figure 3.5 - First method of connecting the analyzer

If the switch does not have a special port, then the analyzer (or agent) should be connected to the ports of the network domains of interest in maximum proximity to the most suspicious stations or server (see Figure 3.6). Sometimes this may require the use of an additional hub. This method is preferable to the first. The exception is when one of the switch ports operates in full duplex mode. If this is the case, then the port must first be switched to half-duplex mode.

Figure 3.6 - Second method of connecting the analyzer

There are many different protocol analyzers on the market - from pure software to firmware. Despite the functional identity of most protocol analyzers, each of them has certain advantages and disadvantages. In this regard, it is necessary to pay attention to two important functions, without which it will be difficult to conduct effective network diagnostics.

Firstly, the protocol analyzer must have a built-in traffic generation function. Secondly, the protocol analyzer must be able to “thin out” received frames, i.e., not accept all frames in a row, but, for example, every fifth or every tenth with mandatory subsequent approximation of the received frames. results. If this function is missing, then when the network is heavily loaded, no matter how powerful the computer on which the analyzer is installed, the latter will freeze and/or lose frames. This is especially important when diagnosing fast networks such as Fast Ethernet and FDDI.

We will illustrate the proposed methodology using the purely software-based Observer protocol analyzer from Network Instruments, a powerful network protocol analyzer and tool for monitoring and diagnosing Ethernet networks, 802.11 a/b/g wireless networks, Token Ring and FDDI networks. Observer allows you to measure network performance characteristics in real time, decode network protocols (more than 500 protocols are supported), create and analyze trends in network performance characteristics.