Home > Store

Network Analysis and Troubleshooting

Register your product to gain access to bonus material or receive a coupon.

Network Analysis and Troubleshooting


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2000
  • Dimensions: 7-1/4" x 9-1/4"
  • Pages: 384
  • Edition: 1st
  • Book
  • ISBN-10: 0-201-43319-2
  • ISBN-13: 978-0-201-43319-7

This comprehensive handbook provides the latest protocol information and troubleshooting strategies to help you keep your network running at peak performance. Network Analysis and Troubleshooting features proven network analysis techniques and experience-based strategies for isolating and solving network problems. This useful guide cuts to the chase by focusing on the most pertinent protocol packet formats you need to know to troubleshoot and optimize networks.

Network Analysis and Troubleshooting uses a proven "bottom-up" troubleshooting methodology that examines in detail each network layer--physical, data link, network, transport, session, presentation, and application--revealing the problems and solutions specific to each layer. This book also discusses the role of the protocol analyzer to measure and baseline throughput and latency, identify bottlenecks, and determine server and client response times. Numerous practical tips, diagrams, case studies, and trace file snapshots illustrate important concepts and techniques.

You will find essential information on such topics as:

  • Wiring and cable testing issues
  • Transmission encoding techniques
  • Dissecting the IEEE 48-bit MAC address
  • The impact of different types of broadcast traffic
  • Operational details and analysis considerations for switches
  • Ethernet and Token Ring operational details and analysis
  • The IEEE 802.2 LLC protocol (explored in full)
  • Datagrams and routing
  • IP specifics, including addressing, subnets, and the role of ICMP
  • IPX operation and analysis
  • UDP, TCP, SPX, and SPX II protocol analysis
  • How different protocols find resources via NetBIOS, SAP, and DNS
  • Logon sequencing for various protocol stacks
  • DHCP, SMB, NCP, NFS, FTP, HTTP, and NT Browse protocol analysis and troubleshooting
  • Baselining throughput and latency, including understanding the "latency wedge"



CD Contents

Untitled Document This file contains the CD Contents from the book Network Analysis and Troubleshooting

Sample Content

Table of Contents

(Most chapters begin with an Introduction.)


1. Introduction.

Building a Foundation.

The OSI Reference Model Revisited.

The Seven Layers.

Packet Construction.

Identifying Problems by Layer.

The Protocol Analyzer.

Basic Protocol Analyzer Operation.

Analysis Essentials’What Differentiates One Analyzer from Another?

Packet Filtering, Slicing, and Triggering Tips and Tricks.

Proactive Performance and Upgrade Analysis.

Multi-LAN/WAN Analysis.

Remote Analysis.

Traffic Generation.

Expert Systems--Helpful or Hindrance?

Last But Not Least: Document Your Network!

2. Analyzing and Troubleshooting the Physical Layer.

The EIA 586-A Wiring Standard.

An End to Wiring Problems?

Basic Cable Testing.

Smart Cable Testers.

The Cable Tester as a Mini-SNMP Console and Mini-Web Server.

Ethernet Wiring Issues.

Case Study: An Ethernet Wiring Violation.

How Collisions Are Detected.

Fast Ethernet Wiring.

Token Ring Wiring.

Encoding the Bits onto the Media.

3. Analyzing and Troubleshooting the Data Link Layer.

Error Detection.

IEEE MAC Layer 48-Bit Addressing.

Functional Addresses.

Impact of Different types of Broadcast Traffic.

Transparent Bridging and Switching Operation and Troubleshooting.

Switches as Multiport Bridges.

Spanning Tree.

Troubleshooting in Bridged and Switched Environments.

Case Study: A Switched Network Meltdown.

IEEE 802.3/Ethernet.

Ethernet History in a Nutshell.

Ethernet Access Mechanism.

Full-Duplex Ethernet.

Ethernet Frame Formats.

Calculating Network Utilization and Bandwidth Efficiency in Ethernet.

Case Study: Analyzing Excessive Ethernet Collisions.

Case Study: A Slow Server on an Ethernet Segment.

Token Ring/IEEE 802.5.

The Token Passing Process.

Frame and Token Format.

Insertion Phases and the Ring Poll Process.

Roles of the Active Monitor and Standby Monitor.

Access Priority and Early Token Release.

Case Study: High Rate of Packet Retransmissions.

Token Ring Soft and Hard Errors.

Fault Isolation and Recovery.

Calculation Network Utilization and Bandwidth Efficiency in Token Ring.

Source Route Bridging.

IEEE 802.2/Logical Link Control (LLC).

4. Analyzing and Troubleshooting the Network Layer.

Router Operation.

Network Layer Protocols.


Case Study: AppleTalk Users Lose Server Visibility.



IP Fragmentation.

IP RIP Operation.

Case Study: Locally Routed IP Packets.

Internet Control Message Protocol (ICMP) Packet Format and Operation.

Case Study: Troubleshooting Using Traceroute.

Case Study: Troubleshooting Using PING and ICMP.


IPX Propagated Broadcast Packets.

Case Study: The Extra Hop.

IPX RIP Operation.

Case Study: IPX MTU Mismatch.

5. Analyzing and Troubleshooting the Transport Layer.

User Datagram Protocol (UDP).

Transport Control Protocol (TCP).

TCP Header.

TCP Retransmissions.

Case Study: Dropped Terminal Sessions.

Case Study: Tuning Side Effects.

Transport Layer Components of the NetWare Core Protocol (NCP).

NetWare Sequenced Packet Exchange (SPX) and SPX II Protocols.


SPX Timers.

6. Analyzing and Troubleshooting the Session Layer.

Domain Name System (DNS).


Packet Format.



NetBIOS over LLC.

NetBIOS over IPX.

NetBIOS over TCP/IP.

NetWare Service Advertising Protocol (SAP).

7. Analyzing and Troubleshooting the Presentation Layer.

Abstract Syntax Notation 1 (ASN.1).

X Windows.

8. Analyzing and Troubleshooting the Application Layer.

Introduction and Common Problems at the Application Layer.

TCP/IP Related Protocols.

Dynamic Host Control Protocol (DHCP).

Case Study: A User Is Unable to Obtain an IP Address.

File Transfer Protocol (FTP).


Sun Network File System (NFS).

Hypertext Transfer Protocol (HTTP).

NetWare Core Protocol (NCP).

Case Study: The Network Is Slow.

Case Study: The Network Is Slow II.

Case Study: Degraded Login Response Time.

Case Study: Dropped Server Connections.

Server Message Block (SMB) Protocol.

SMB Logon and Packet Format.

Case Study: Poor Response Time.

Case Study: Poor Throughput.

The MS Browser Protocol.

Case Study: Non-broadcast Packet Storm Melts Network.

9. Measuring and Analyzing Throughput and Latency.

Characterizing the Application.

Areas of Latency in WANs and LANs.

The “Latency Wedge”.

Case Study: The Slow Remote.

Analyzing Latency.

Analyzing Throughput.

A Case Study Revisited.

Case Study: The Slow Remote II.

Appendix A: Resources and References.

Appendix B: Hex-Decimal-Binary Conversion Table.


Index. 0201433192T04062001



What qualifications do you need to become a good network analyst? Numerous Engineering or Computer Science degrees? A vast knowledge of UNIX or Windows 95/98/NT/2000/...? Fifty years of industry experience? Being able to recite the OSI seven-layer reference model?

The best qualification is to simply have a real passion for problem solving. Sure it helps to have a background in data communications, but nothing beats logical thinking with a "detective" bent when it comes to analyzing and troubleshooting networks.

To identify the culprit, you need to be resourceful and sift through clues provided by cable testers, protocol analyzers, Simple Network Management Protocol (SNMP) probes and consoles, router tables, switch and hub statistics, network documentation, and even empirical observations from end-users.

In my eighteen years in the networking industry, I have learned far more over the past six years by "doing" rather than "observing" and critiquing (a.k.a. my early consulting years). The insights and case studies presented in this book are based on my experiences and adventures in solving real problems on real networks, mainly at Fortune 1000 companies with large networks. Although there is no substitute for hands-on experience, this book is intended to help you learn the operational details of many of today's popular protocols and enhance your skills in troubleshooting networks using proven protocol analysis techniques.

Sometimes working with networks can be hazardous to your health. My favorite story of all time is from a network support person working with me at an on-site troubleshooting job. As I recall, it went something like this:

We had completed an upgrade of our workstation wiring, making sure that Category 5 cable ran everywhere. During the process, we found a large wooden spool (like the kind the Telcos would discard and you could turn into a cheap table) containing several hundred feet of the old thick Ethernet coax. Unlike a spool of Cat 5, this baby was big and heavy. In the process of moving the spool of cable from one of our wiring closets to permanent cold storage, we proceeded to load it into the back of a pickup truck. Needless to say, the spool slipped off and began rolling down an incline. Imagine the look on the face of one of my colleagues who was approaching the truck and saw this big spool of wire hurtling down on him!

True story. Or so I've been told.

I should note that even though I mention a few commercial products from time to time, the emphasis of this book is on learning analysis fundamentals as well as techniques in solving problems. To avoid bias, I've intentionally used screen shots from a variety of protocol analyzers to show that the techniques can be applied using different analyzers. While conducting training classes, I really don't care what analyzer is used as long as there's some flexibility in the tool.

Who Should Read This Book

This book is aimed at those responsible for maintaining the efficiency and integrity of their network infrastructure on a day-to-day basis. This includes:

  • Network Engineers: These are professionals involved in the analysis and troubleshooting of problems that escalate beyond the help desk. This includes network analysts, support specialists, senior technicians as well as independent consultants who are called in to assist in troubleshooting their client's networks. This book teaches a proven approach to troubleshooting and will help these users to become more comfortable and proficient when using the protocol analyzer to help solve those tough networking problems as well as to proactively analyze their networks.
  • Technical Managers: Managers will benefit from reading this book in that they will gain a better understanding of the kinds of problems that their network support staff can diagnose with the help of protocol analyzers. Such information can be used to better allocate tasks ranging from identifying the reason for poor response time or throughput to baselining the current network infrastructure for future expansion and rearchitecting.

The reader is assumed to have a basic understanding of data communications, especially in local area networks. Rather than simply rehash standards information and packet formats, this book presents the most pertinent information contained in packets along with the protocol operation details necessary to understand how to troubleshoot and optimize mission-critical networks. Even the "seasoned pro" will benefit from the generous analysis and troubleshooting tips, diagrams, and trace file snapshots that accompany the text throughout the book.

Although not covering every conceivable networking topology and protocol, the book offers a general approach for readers to focus on to identify and solve problems at the various layers of infrastructure. This book uses a "bottom-up" approach structured around the seven-layer OSI model that can be generalized and applied to many different situations.

A Brief Organization of This Book

Network Analysis and Troubleshooting begins with a look at the layered methodology to network analysis and why a protocol analyzer is the tool of choice for solving complex problems.

Chapter 2 looks at issues specific to the physical layer, including cabling types, Time Domain Reflectometry (TDR), and transmission encoding techniques.

Chapter 3 focuses on the data link layer. Topics covered include details on the IEEE 48-bit address format, the impact of different types of broadcast traffic, the role of the Cyclic Redundancy Check (CRC), operational details and analysis consideration for layer 2 switches, Ethernet and Token Ring operation and troubleshooting, and an in-depth look at the IEEE 802.2 Logical Link Control (LLC) protocol.

Chapter 4 concentrates on the network layer, beginning with a discussion of datagram concepts and router operation. The addressing schemes of various protocols are discussed, including details on IP classes and subnetting. IP specifics such as the role of the Internet Control Message Protocol (ICMP) are analyzed. Other topics include IPX operation and analysis, and local routing problems.

Chapter 5 analyzes the transport layer by examining the operation of the NetWare Sequenced Packet Exchange (SPX), SPX II, User Datagram Protocol (UDP), and the Transmission Control Protocol (TCP). Specifically for TCP, the concepts of block size, segment size, and sliding window are covered in detail.

Chapter 6 covers the session layer, including how some session services are actually embedded in other layers, how different protocols operate to find resources via DNS, NetWare Services Advertising Protocol (SAP), or NetBIOS. The three major NetBIOS implementations--NetBIOS over LLC (NetBEUI), NetBIOS over IPX, and NetBIOS over TCP/IP--are covered.

Chapter 7 covers the presentation layer by examining presentation protocols that are specific to certain protocol families and why there is no general-purpose presentation protocol in widespread use today.

Chapter 8 examines the application layer, beginning with a discussion of networked application characteristics, followed by a discussion of logon sequencing for different protocol stacks. Then specific protocols are covered in depth, including the Dynamic Host Control Protocol (DHCP), NetWare Core Protocol (NCP), Microsoft/IBM Server Message Block (SMB) Protocol, Sun Network File System (NFS), and the File Transfer Protocol (FTP). As a bonus, the NT Browse protocol (not to be confused with Internet browsing!) is discussed.

Chapter 9 shows how to use your protocol analyzer to measure and baseline throughput and latency, identify bottlenecks in your network, and determine server and client response times.

Throughout these chapters you'll find many helpful Tips that will be presented in this format.


Several reviewers provided excellent technical feedback from the rough draft. These people include Robert Bullen, Phil Koenig, Phillip Scarr, Howard Lee Harkness, Ehud Gavron, Glen Herrmannsfeldt, Louis Breit, Doug Hughes, Bob Vance, Barry Margolin, and William Welch.

I'd also like to thank those wonderful folks at Addison Wesley Longman who worked with me during the various stages of developing this book, including Mary Hart, Karen Gettman, Lorraine Ferrier, and Tracy Russ.

And last, but not least, my family, Nancy, Daniel, and Matthew. I love you guys!

Have any great troubleshooting experiences? Feel free to drop me a line at scott@net3group.com.

All the best,

J. Scott Haugdahl, August 1999

I can do all things through Him, who strengthens me. Phil. 4:13.




Click below for Errata related to this title:

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership