Read an Excerpt
Chapter 3: Generic Troubleshooting ToolsMany different tools exist for network troubleshooting. Although a majority of them are not Cisco-specific or proprietary, many of these tools can help to troubleshoot problems with Cisco equipment as well as with networks in general.
Troubleshooting tools can be used to analyze several aspects of a net-work, such as the physical connectivity and the protocols, as well as the applications running on the network. Each area requires a different set of tools and procedures. Often, troubleshooting tools and test equipment are used only when there is a network failure or problem. It is important to recognize that many tools can be used in a proactive method, such as monitoring. Certainly, some tools are not able or not designed to provide monitoring functions. Many are capable of this task, however.
We begin this chapter by discussing the tools designed for physical media troubleshooting, and then move on to protocol analyzers. After a thorough discussion of these two types of instruments, we will discuss using some of these tools in monitoring applications. Cisco has several software packages that provide excellent network monitoring using SNMP (Simple Network Management Protocol) and TCP/IP protocol debugging tools.
Some tools are part of the TCP/IP protocol stack, others are systems that capture frames and decode them using software, and yet others are used to test physical media. The use of all these types of tools provides coverage for many of the seven layers of the OSI model.
Physical Media Test EquipmentStarting at the bottom and working up, we begin with Layer 1 connectivity testing. It is amazing how many network problems can actually be solved by testing and then resolving wiring problems.
In this section you will learn about several different types of physical media testing equipment. These include:
- Cable testers
- Time domain reflectors and optical TDRs
- Digital interface testing tools
Multimeters and Cable TestersThere is a large variety of physical media testing equipment. The most basic tools are multimeters and cable testers.
Multimeters measure voltage, resistance, and current. They work with electrical-based cabling and can be used to test for physical connectivity.
Cable testers can be very general or they can be made for a specific type of cable. Some cable testers have adapters that allow them to test a wide range of cables. Cable testers are made for electrical and optical cable.
Different from multimeters, cable testers can give the user much more information regarding the cable being tested. Here are some examples of the attributes that are reported by a cable tester:
- Electrical connectivity
- Open pairs
- Crossed pairs
- Out of distance specification
- Out of decibel specification (for optical cable), meaning signal/noise is out of acceptable specifications
- Cross talk
- Wiring maps
- MAC information
- Line utilization
- Time domain reflector (TDR)
It is important to realize that not all cable testers provide all of this information. A given tester may provide only some of these attributes.
Time Domain Reflectors (TDRs) and Optical TDRs (OTDRs)Time domain reflectors (TDRs) are complex cable testers. They are used to locate physical problems in a cable. They can detect where an open circuit, short circuit, crimped wire, or other abnormality is located in a cable.
TDRs and Optical TDRs (OTDRs) work on the same principle: a signal is sent down the cable and the unit waits for the reflected signal to come back. Different abnormalities in cabling cause this signal to be reflected at different amplitudes. Based on the signal strength, or amplitude, the meter distinguishes between opens, shorts, crimps, or other failures in the cable. These meters measure the time between the sending of the signal and the arrival of the reflected signal at the unit. This time interval is used to calculate where the failure is occurring in the cable. Optical TDRs can also provide information, such as signal attenuation, fiber breaks, and losses through connectors.
Digital Interface Testing ToolsDigital Interface Testing tools consist of several different tools, such as breakout boxes, used to verify pin-outs (e.g., TD—transmit data, RD—receive data, CTS—clear to send) for all types of serial and parallel interfaces, and bit/block error rate testers, used for testing the quality of a communication link based on deviance from a known bit pattern. These tools are used to measure signals sent from computer and communication equipment. They are also able to test connections and communication between data terminal equipment and data communications equipment.
Although monitoring line conditions is an option with these types of tools, they are not capable of analyzing protocol information on a line. Their primary use is to verify that digital communication is sent and received by the two devices that are connected to the ends of the cable. A few exam-ples: testing between a PC and a printer, a router and CSU/DSU, or even a modem and a PC.
Software Test EquipmentThere are many programs available that help to troubleshoot network problems. We begin by talking about generic programs that can provide troubleshooting capabilities, and then we will move on to Cisco-specific solutions. There are basically two types of software used for aiding network troubleshooting: network monitoring and network analyzing.
Network MonitorsAs the word monitor describes, this software-based tool simply monitors the network. It can do this in several ways, including the Simple Network Management Protocol (SNMP) and the Internet Control Message Protocol (ICMP).
The Simple Network Management Protocol (SNMP) is the most widely used method of gathering network statistics. Once a machine has sufficient information about a network, it continually monitors the availability and connectivity of each device that is specified in its configuration.
No packet analysis is performed by network monitors. It is simply used to gather and keep statistical information about the network. The historical data that monitoring provides can be used to create a network baseline.
A baseline is a very important tool. How can you effectively troubleshoot a new problem on a network if you don't know what the network used to be like or how it was configured? By keeping a baseline, you can compare previous performance and traffic levels to what you are currently seeing. Perhaps your problem is a new application that was introduced into your network.
SNMP is not the only method of monitoring a network, however. There are tools that use protocol tools to isolate network problems. For instance, the Internet Control Message Protocol (ICMP) can be used to ping a list of hosts. If a host does not respond, the program adds the host to a list and displays it to a monitor.
Network AnalyzersNetwork analyzers are also known as protocol analyzers. Examples of protocol analyzers are EtherPeek (used in the CCNA: Cisco Certified Network Associate Study Guide, CCNP: Advanced Cisco Router Configuration Study Guide, and in this book), Network Associate's Sniffer, and RADCOM's PrismLite.
These tools must be connected to the network or broadcast domain that you are interested in troubleshooting. Figure 3.1 depicts a subnetwork. If there is a fault within the 172.16.1.0 subnetwork, the protocol analyzer must be placed on that segment of the subnetwork.
Otherwise, you will not see the packets transiting the subnetwork. As you can see in Figure 3.1, the protocol analyzer is connected to the 172.16.1.0 subnetwork. Some analyzers can monitor in-line, but most just act as an additional node on the subnetwork.
FIGURE 3.1 Placement of a protocol analyzer...
To better handle the data that is captured by an analyzer, different filters may be used. Most programs allow filters to be placed before or after the packet is copied. After a full capture, display filters may be used to help narrow the field of troubleshooting. If you are trying to troubleshoot an Ethernet problem, you probably don't want to look at all of the routing packets that were also captured. To save memory, filters can be applied before the packet is captured into memory. The analyzer looks at each packet and compares it to user-defined filters. If the necessary criteria are met, the packet is then copied to memory; otherwise, it is dropped....