FEGTS IP training material for 2011/10/28, 2011/11/4 and 2011/11/11

1. c o m m Ve r Ge • Hong Kong
S O L U T I O N S
• Bangkok
FEGTS IP Training • Beijing
2011/11/11, Taipei • Brunei
• Kuala Lumpur
• Manila
• San Jose
Network Diagnostic • Seoul
Introduction • Shanghai
• Singapore
• Taipei
Kae Hsu
Commverge Solutions, Taiwan

2. Object
 Course Object
– By the course, the students could understand basic
network troubleshooting concept, principle and relative
WWW.COMMVERGE.COM
tools
 Course Information
– 2.5 hours lecture & hand-on practice
– 30 minutes Q & A
2

3. Agenda
 Network diagnostic concept
 Hostname resolution verification
WWW.COMMVERGE.COM
 Network connection verification
 Application condition verification
 Low level traffic investigation
 Friendly tools
 Hands-on practice
3

4. Network diagnostic concept
 Regular Internet connection concept
DNS
WWW.COMMVERGE.COM
www.abc.com =
203.47.56.180
www.abc.com = ?
Client Server
4

5. Network diagnostic concept
 Regular troubleshooting sequence
– Hostname resolution verification
• nslookup & dig
WWW.COMMVERGE.COM
– Network connection verification
• ping & traceroute
– Application condition verification
• telnet
5

6. Hostname resolution verification
– nslookup
• Name/IP address query
WWW.COMMVERGE.COM
6

7. Hostname resolution verification
– nslookup
• Mail Exchange (MX) query
WWW.COMMVERGE.COM
7

8. Hostname resolution verification
– dig
• Name/IP address query
WWW.COMMVERGE.COM
8

9. Hostname resolution verification
– dig
• Mail Exchange (MX) query
WWW.COMMVERGE.COM
9

10. Network connection verification
– ping
• Check network connection status
– concept
WWW.COMMVERGE.COM
Are you Are you
there? there?
Are you
Are you
“Server” is alive there?
there?
Are you Are you
there? there?
Client Server
I am
I am I am
here
here here
I am
I am here
here
I am
I am here
here 10

11. Network connection verification
– ping
• ICMP packet
– ICMP echo-request & echo-reply
WWW.COMMVERGE.COM
– Identify reachability & round-trip time
echo echo
request request
echo
echo
“Server” is alive request
request
echo echo
request request
Client Server
echo
echo echo
reply
reply reply
echo
echo reply
reply
echo
echo reply
reply 11

12. Network connection verification
– ping
• ICMP identifier & sequence number
– match reply & request
WWW.COMMVERGE.COM
echo echo
request request
echo
echo request
request
echo echo
request request
Client Server
echo
echo echo
reply
reply reply
echo
echo reply
reply
echo
echo reply
reply 12

13. Network connection verification
– ICMP block by network filter
WWW.COMMVERGE.COM
echo echo
request request
echo
echo request
ICMP timeout packet dropped
request
echo
request
Client Server
13

14. Network connection verification
– traceroute
• Check packet forwarding path information
– concept (in forwarding path)
WWW.COMMVERGE.COM
• router will drop packet with TTL=1
– “ICMP time exceeded” message sent to source with router
inbound interface
TTL=1
ICMP
TTL=2 TTL=1
ICMP
TTL=3 TTL=2 TTL=1
ICMP
14

15. Network connection verification
– concept (arrive destination)
• destination will NOT check TTL status
• different response with different probe packet
WWW.COMMVERGE.COM
– ICMP echo-request – response ICMP echo-reply
– UDP with high destination port – response ICMP port unreachable
• ICMP
TTL=4 TTL=3 TTL=2 TTL=1
ICMP
echo reply
• UDP
TTL=4 TTL=3 TTL=2 TTL=1
ICMP port
unreachable
15

16. Network connection verification
– Multiple path in a single traceroute task
• router load-share the traffic by flow information
• identify different flow by
WWW.COMMVERGE.COM
– different ICMP echo-request identifier
– different UDP port number
ICMP
Time Exceed
ICMP
TTL=3 Time Exceed
ICMP
Time Exceed
ICMP
Time Exceed 16

17. Application condition verification
 Internet application communication concept
– TCP 3 way handshaking
WWW.COMMVERGE.COM
• Verify TCP connection first during troubleshooting
From "Figure 211: TCP “Three-Way Handshake” Connection Establishment Procedure" in TCP/IP Guide
17

18. Application condition verification
– telnet
• To verify the destination site service status
– example
WWW.COMMVERGE.COM
• A WEB service
• check correct IP information
• check network connection status
• check service response
18

19. Application condition verification
– example
WWW.COMMVERGE.COM
19

20. Low level traffic investigation
 “Sniffer” the traffic
– TCPDUMP
WWW.COMMVERGE.COM
20

21. Friendly Tools
 WinMTR
– Probe target & provide path information together
• Download: http://winmtr.net/download-winmtr/
WWW.COMMVERGE.COM
21

22. Friendly Tools
 Looking glass
– Execute ping/traceroute from different sites
WWW.COMMVERGE.COM
22

23. Friendly Tools
 Looking glass
WWW.COMMVERGE.COM
23

24. Friendly Tools
 Looking glass list
WWW.COMMVERGE.COM
24

25. Friendly Tools
 Wireshark
WWW.COMMVERGE.COM
25

26. Friendly Tools
– Wireshark reference guide
• “Wireshark Network Analysis, The Official Wireshark Certified
Network Analyst Study Guide” by Laura Chappell
WWW.COMMVERGE.COM
26

27. Hands-on practice
 Lab environment
WWW.COMMVERGE.COM
Sniffer box
192.168.4.X
192.168.2.X
192.168.1.X 192.168.5.X 192.168.7.X
192.168.3.X 192.168.6.X
J4350 C3750-1 C3750-2 192.168.7.6
SSID: WL-330gE
PWD: 0123456789 .3 .1 .2
192.168.1.0/24
27

28. Hands-on practice
 Install Wireshark
– Download: http://www.wireshark.org/download.html
WWW.COMMVERGE.COM
28

29. Hands-on practice
– Use Wireshark to monitor DNS message
WWW.COMMVERGE.COM
29

30. Hands-on practice
– Use Wireshark to monitor ICMP message
WWW.COMMVERGE.COM
30

31. Hands-on practice
 ping
WWW.COMMVERGE.COM
31

32. Hands-on practice
 traceroute
WWW.COMMVERGE.COM
32

33. Hands-on practice
 DNS –
nslookup
– 開始 ->
WWW.COMMVERGE.COM
執行 ->
“cmd”
33

34. Prior Course Q & A Summary
 Is there any troubleshooting skill for SCTP?
– Using Tools
• Iperf over SCTP
WWW.COMMVERGE.COM
– Adapted version of Iperf(version 1.6.5), runs on lksctp
– Use iperf with –z to open SCTP connection to test target
• Windows SCTP library
– Bundle some SCTP application for simple test
– Useful link
• http://www.sctp.be/
– SCTP research and simulation page
– SCTP Software page
– SCTP application Software production page
• http://sigtran.org
– SCTP Test Tool (stt)
– SCTP Performance Test
34

35. Prior Course Q & A Summary
 How to capture packet by tcpdump from TWO or more
NICs at the same time?
A. Use “any” as “-i” parameter on Linux
WWW.COMMVERGE.COM
a) From tcpdump man page:
-I
Listen on interface. If unspecified, tcpdump searches the system
interface list for the lowest numbered, configured up interface
(excluding loopback). Ties are broken by choosing the earliest
match.On Linux systems with 2.2 or later kernels,
an interface argument of ``any'' can be used to capture packets from
all interfaces. Note that captures on the ``any'' device will not be done
in promiscuous mode.If the -D flag is supported, an interface number
as printed by that flag can be used as the interface argument.
35

36. Prior Course Q & A Summary
 How to flush DNS cache manually?
– With BIND 9.2.0 or newer
• # rndc flush
WWW.COMMVERGE.COM
– With older BIND
• Kill BIND process and restart it
• # rndc restart
– For detail information, please refer
• “Flushing (Clearing) a Name Server's Cache”
from “DNS & Bind Cookbook” by Cricket Liu, O‟Reilly
36

37. Prior Course Q & A Summary
 How to execute ping by different interface?
– Windows platform
• Use „-S‟ parameter to identify source IP address
WWW.COMMVERGE.COM
– Linux
• Use „-I interface/IP_address‟ to identify source IP address
– IOS
• Enter extended command to identify source IP or interface
• Use “source” parameter to identify source IP address (newer)
– Junos
• Use “source” parameter to identify source IP address
37

38. Q&A
38
WWW.COMMVERGE.COM