This comprehensive handbook provides the latest protocol information and troubleshooting strategies to help you keep your network running at peak performance. Network Analysis and Troubleshooting features proven network analysis techniques and experience-based strategies for isolating and solving network problems. This useful guide cuts to the chase by focusing on the most pertinent protocol packet formats you need to know to troubleshoot and optimize networks.
Network Analysis and Troubleshooting uses a proven "bottom-up" troubleshooting methodology that examines in detail each network layer--physical, data link, network, transport, session, presentation, and application--revealing the problems and solutions specific to each layer. This book also discusses the role of the protocol analyzer to measure and baseline throughput and latency, identify bottlenecks, and determine server and client response times. Numerous practical tips, diagrams, case studies, and trace file snapshots illustrate important concepts and techniques.
You will find essential information on such topics as:
(Most chapters begin with an Introduction.)
Building a Foundation.
The OSI Reference Model Revisited.
The Seven Layers.
Identifying Problems by Layer.
The Protocol Analyzer.
Basic Protocol Analyzer Operation.
Analysis Essentials’What Differentiates One Analyzer from Another?
Packet Filtering, Slicing, and Triggering Tips and Tricks.
Proactive Performance and Upgrade Analysis.
Expert Systems--Helpful or Hindrance?
Last But Not Least: Document Your Network!
The EIA 586-A Wiring Standard.
An End to Wiring Problems?
Basic Cable Testing.
Smart Cable Testers.
The Cable Tester as a Mini-SNMP Console and Mini-Web Server.
Ethernet Wiring Issues.
Case Study: An Ethernet Wiring Violation.
How Collisions Are Detected.
Fast Ethernet Wiring.
Token Ring Wiring.
Encoding the Bits onto the Media.
IEEE MAC Layer 48-Bit Addressing.
Impact of Different types of Broadcast Traffic.
Transparent Bridging and Switching Operation and Troubleshooting.
Switches as Multiport Bridges.
Troubleshooting in Bridged and Switched Environments.
Case Study: A Switched Network Meltdown.
Ethernet History in a Nutshell.
Ethernet Access Mechanism.
Ethernet Frame Formats.
Calculating Network Utilization and Bandwidth Efficiency in Ethernet.
Case Study: Analyzing Excessive Ethernet Collisions.
Case Study: A Slow Server on an Ethernet Segment.
Token Ring/IEEE 802.5.
The Token Passing Process.
Frame and Token Format.
Insertion Phases and the Ring Poll Process.
Roles of the Active Monitor and Standby Monitor.
Access Priority and Early Token Release.
Case Study: High Rate of Packet Retransmissions.
Token Ring Soft and Hard Errors.
Fault Isolation and Recovery.
Calculation Network Utilization and Bandwidth Efficiency in Token Ring.
Source Route Bridging.
IEEE 802.2/Logical Link Control (LLC).
Network Layer Protocols.
Case Study: AppleTalk Users Lose Server Visibility.
IP RIP Operation.
Case Study: Locally Routed IP Packets.
Internet Control Message Protocol (ICMP) Packet Format and Operation.
Case Study: Troubleshooting Using Traceroute.
Case Study: Troubleshooting Using PING and ICMP.
IPX Propagated Broadcast Packets.
Case Study: The Extra Hop.
IPX RIP Operation.
Case Study: IPX MTU Mismatch.
User Datagram Protocol (UDP).
Transport Control Protocol (TCP).
Case Study: Dropped Terminal Sessions.
Case Study: Tuning Side Effects.
Transport Layer Components of the NetWare Core Protocol (NCP).
NetWare Sequenced Packet Exchange (SPX) and SPX II Protocols.
Domain Name System (DNS).
NetBIOS over LLC.
NetBIOS over IPX.
NetBIOS over TCP/IP.
NetWare Service Advertising Protocol (SAP).
Abstract Syntax Notation 1 (ASN.1).
Introduction and Common Problems at the Application Layer.
TCP/IP Related Protocols.
Dynamic Host Control Protocol (DHCP).
Case Study: A User Is Unable to Obtain an IP Address.
File Transfer Protocol (FTP).
Sun Network File System (NFS).
Hypertext Transfer Protocol (HTTP).
NetWare Core Protocol (NCP).
Case Study: The Network Is Slow.
Case Study: The Network Is Slow II.
Case Study: Degraded Login Response Time.
Case Study: Dropped Server Connections.
Server Message Block (SMB) Protocol.
SMB Logon and Packet Format.
Case Study: Poor Response Time.
Case Study: Poor Throughput.
The MS Browser Protocol.
Case Study: Non-broadcast Packet Storm Melts Network.
Characterizing the Application.
Areas of Latency in WANs and LANs.
The “Latency Wedge”.
Case Study: The Slow Remote.
A Case Study Revisited.
Case Study: The Slow Remote II.
What qualifications do you need to become a good network analyst? Numerous Engineering or Computer Science degrees? A vast knowledge of UNIX or Windows 95/98/NT/2000/...? Fifty years of industry experience? Being able to recite the OSI seven-layer reference model?
The best qualification is to simply have a real passion for problem solving. Sure it helps to have a background in data communications, but nothing beats logical thinking with a "detective" bent when it comes to analyzing and troubleshooting networks.
To identify the culprit, you need to be resourceful and sift through clues provided by cable testers, protocol analyzers, Simple Network Management Protocol (SNMP) probes and consoles, router tables, switch and hub statistics, network documentation, and even empirical observations from end-users.
In my eighteen years in the networking industry, I have learned far more over the past six years by "doing" rather than "observing" and critiquing (a.k.a. my early consulting years). The insights and case studies presented in this book are based on my experiences and adventures in solving real problems on real networks, mainly at Fortune 1000 companies with large networks. Although there is no substitute for hands-on experience, this book is intended to help you learn the operational details of many of today's popular protocols and enhance your skills in troubleshooting networks using proven protocol analysis techniques.
Sometimes working with networks can be hazardous to your health. My favorite story of all time is from a network support person working with me at an on-site troubleshooting job. As I recall, it went something like this:
We had completed an upgrade of our workstation wiring, making sure that Category 5 cable ran everywhere. During the process, we found a large wooden spool (like the kind the Telcos would discard and you could turn into a cheap table) containing several hundred feet of the old thick Ethernet coax. Unlike a spool of Cat 5, this baby was big and heavy. In the process of moving the spool of cable from one of our wiring closets to permanent cold storage, we proceeded to load it into the back of a pickup truck. Needless to say, the spool slipped off and began rolling down an incline. Imagine the look on the face of one of my colleagues who was approaching the truck and saw this big spool of wire hurtling down on him!
True story. Or so I've been told.
I should note that even though I mention a few commercial products from time to time, the emphasis of this book is on learning analysis fundamentals as well as techniques in solving problems. To avoid bias, I've intentionally used screen shots from a variety of protocol analyzers to show that the techniques can be applied using different analyzers. While conducting training classes, I really don't care what analyzer is used as long as there's some flexibility in the tool.
This book is aimed at those responsible for maintaining the efficiency and integrity of their network infrastructure on a day-to-day basis. This includes:
The reader is assumed to have a basic understanding of data communications, especially in local area networks. Rather than simply rehash standards information and packet formats, this book presents the most pertinent information contained in packets along with the protocol operation details necessary to understand how to troubleshoot and optimize mission-critical networks. Even the "seasoned pro" will benefit from the generous analysis and troubleshooting tips, diagrams, and trace file snapshots that accompany the text throughout the book.
Although not covering every conceivable networking topology and protocol, the book offers a general approach for readers to focus on to identify and solve problems at the various layers of infrastructure. This book uses a "bottom-up" approach structured around the seven-layer OSI model that can be generalized and applied to many different situations.
Network Analysis and Troubleshooting begins with a look at the layered methodology to network analysis and why a protocol analyzer is the tool of choice for solving complex problems.
Chapter 2 looks at issues specific to the physical layer, including cabling types, Time Domain Reflectometry (TDR), and transmission encoding techniques.
Chapter 3 focuses on the data link layer. Topics covered include details on the IEEE 48-bit address format, the impact of different types of broadcast traffic, the role of the Cyclic Redundancy Check (CRC), operational details and analysis consideration for layer 2 switches, Ethernet and Token Ring operation and troubleshooting, and an in-depth look at the IEEE 802.2 Logical Link Control (LLC) protocol.
Chapter 4 concentrates on the network layer, beginning with a discussion of datagram concepts and router operation. The addressing schemes of various protocols are discussed, including details on IP classes and subnetting. IP specifics such as the role of the Internet Control Message Protocol (ICMP) are analyzed. Other topics include IPX operation and analysis, and local routing problems.
Chapter 5 analyzes the transport layer by examining the operation of the NetWare Sequenced Packet Exchange (SPX), SPX II, User Datagram Protocol (UDP), and the Transmission Control Protocol (TCP). Specifically for TCP, the concepts of block size, segment size, and sliding window are covered in detail.
Chapter 6 covers the session layer, including how some session services are actually embedded in other layers, how different protocols operate to find resources via DNS, NetWare Services Advertising Protocol (SAP), or NetBIOS. The three major NetBIOS implementations--NetBIOS over LLC (NetBEUI), NetBIOS over IPX, and NetBIOS over TCP/IP--are covered.
Chapter 7 covers the presentation layer by examining presentation protocols that are specific to certain protocol families and why there is no general-purpose presentation protocol in widespread use today.
Chapter 8 examines the application layer, beginning with a discussion of networked application characteristics, followed by a discussion of logon sequencing for different protocol stacks. Then specific protocols are covered in depth, including the Dynamic Host Control Protocol (DHCP), NetWare Core Protocol (NCP), Microsoft/IBM Server Message Block (SMB) Protocol, Sun Network File System (NFS), and the File Transfer Protocol (FTP). As a bonus, the NT Browse protocol (not to be confused with Internet browsing!) is discussed.
Chapter 9 shows how to use your protocol analyzer to measure and baseline throughput and latency, identify bottlenecks in your network, and determine server and client response times.
Several reviewers provided excellent technical feedback from the rough draft. These people include Robert Bullen, Phil Koenig, Phillip Scarr, Howard Lee Harkness, Ehud Gavron, Glen Herrmannsfeldt, Louis Breit, Doug Hughes, Bob Vance, Barry Margolin, and William Welch.
I'd also like to thank those wonderful folks at Addison Wesley Longman who worked with me during the various stages of developing this book, including Mary Hart, Karen Gettman, Lorraine Ferrier, and Tracy Russ.
And last, but not least, my family, Nancy, Daniel, and Matthew. I love you guys!
Have any great troubleshooting experiences? Feel free to drop me a line at firstname.lastname@example.org.
All the best,
J. Scott Haugdahl, August 1999