ChApTEr 11: Network Troubleshooting Tools 548 Notice that you’re not returned to the command prompt, but instead you remain at the nslookup command’s interactive prompt which is represen
Trang 1ChApTEr 11: Network Troubleshooting Tools
546
the most up-to-date DNS information The command ipconfig /displaydns
will show you the contents of the local DNS cache After typing ipconfig /
displaydns at the command prompt, you’ll see output similar to what is
dis-played in Figure 11.19
The command ipconfig /registernds will refresh DHCP leases for all NICs
on the machine and will reregister the machine’s hostname and IP address with the DNS server The is a helpful switch to use when you’ve made changes to the local machine’s IP address configuration and need to quickly reregister the new information with the DNS server
utilizing the nslookup Command
The nslookup utility allows you to test and query the records stored in your DNS server You can use nslookup in command mode to perform a single query, or in interactive mode to perform multiple queries For example, if you enter the command nslookup www.smeekers.com, you’ll see the output
depicted in Figure 11.20 You can use any hostname in place of the one listed
in this example to see nslookup in action.
As you can see, you get returned to the command prompt once you receive
the information – this is typical of using nslookup in command mode To
enter interactive mode, just type nslookup at the command prompt, and
your output will look like the example in Figure 11.21
FIGurE 11.18 Ipconfig /all Output.
Trang 2FIGurE 11.19 Ipconfig /displaydns Output.
Trang 3ChApTEr 11: Network Troubleshooting Tools
548
Notice that you’re not returned to the command prompt, but instead you
remain at the nslookup command’s interactive prompt which is represented
with a “>” symbol Once you enter interactive mode, you can use the set commands to control the information that’s returned by your queries The
set commands available in nslookup are as follows:
■
■ set all Prints options, current server, and host.
■
■ set [no]debug Prints debugging information set debug turns debug-ging on, set no debug turns debugdebug-ging off.
■
■ set [no]d2 Prints the most exhaustive debugging information possible.
■
■ set domain=NAME Sets the default domain name for any queries.
■
■ set root=NAME Sets the root server being used.
■
■ set srchlist=N1[/N2/ /N6] Sets the DNS domains used to search
for a particular host
■
■ set retry=X Sets the number of retries.
■
■ set timeout=X Sets the initial timeout interval for DNS queries FIGurE 11.20 Nslookup Command Mode Example.
FIGurE 11.21 Nslookup Interactive Mode Example.
Trang 4When you’re ready to leave the interactive mode and return to the
command prompt, just type exit.
utilizing the route Command
You can use the route command to manipulate and display the routing table
for the local computer The route print command produces the same results
as the netstat –r command – it produces a copy of the local computer’s
rout-ing table, like the one shown in Figure 11.22
You can also use the route command to add, change, or delete routes that
are defined on the local computer To specify the route to a remote host using
the route command, you need to configure the following information:
■
■ Destination The destination that this route statement is designed
to reach This can be a single host, a network address, or the
default route for this computer, indicated by the syntax 0.0.0.0
The default route dictates where network packets will be sent if the
routing table doesn’t have a more specific entry for them
■
■ Mask This indicates the subnet mask for the route’s destination If the
destination is a single IP address, the mask will be 255.255.255.255
For a network address, this will be the subnet mask of the destination
network The mask for the default route is 0.0.0.0
■
■ Gateway The IP address that packets will be forwarded to for this
route This has to be an IP address that’s on the same subnet as the
local computer
■
■ Metric This specifies the metric or cost of a particular route, from
1 to 9999 The higher the metric, the less likely the computer is to
Test day Tip
Be sure that you’re familiar with the different query types that you can use with nslookup
In particular, be aware of how to search for mail server records using the MX option, and
DNS servers using the NS option.
Trang 5ChApTEr 11: Network Troubleshooting Tools
550
use a particular route This is particularly useful if you’re creating multiple routes to the same network as a fault tolerance measure; configure one route with a metric of 1 and another with a metric of
50 The local computer will use the first route unless it’s not avail-able, at which point it will revert to the second route
■
■ Interface This indicates the IP address of the NIC that should be
used to reach the destination specified in this route If you have two NICs installed that are attached to two different networks, you’ll
need to specify which NIC the route command should use to reach
its destination
To add a route to a remote network, issue the following command at the command line:
route add 172.16.1.0 255.255.0.0 192.168.1.101 1
FIGurE 11.22 Route print Command Example.
Exam warning
In most cases, you’ll only add routes in this fashion on a server that’s attached to multiple networks Workstations will simply rely on their default gateway to route network traffic.
Trang 6■ route –f will clear any routes to destination networks that are
cur-rently in the routing table If you use the –f switch while creating
or changing a route, the route command will clear the routing table
and then add the new route you specify
■
■ route –p will make the entry you’re adding to the routing table
persistent By default, any routes that you add manually will only
stay in the routing table until the computer reboots Using the
–p switch ensures that the route will remain in memory until you
manually delete it
Simple Network Management protocol
The Simple Network Management Protocol (SNMP) is a protocol used to
communicate status messages from computers and devices on your
net-work These messages are sent to machines configured to receive these
status messages Machines that send these messages run SNMP agent
software, and the machines that receive the status messages run SNMP
management software One way to remember how this works is to think
of the agent software as a “secret agent” that gets information about a
network device, and then reports the information to his “manager” at
headquarters
Although the name of the SNMP protocol would lead you to believe that
its primary function is to allow you to manage objects on your network, the
management that’s happening here has more to do with monitoring your
network, rather than actually making any changes to the devices themselves
SNMP allows you to audit the activities of servers, workstations, routers,
bridges, intelligent hubs, and just about any network-connected device that
supports SNMP agent software For example, the agent software available
with Windows 2003 allows you to monitor the Windows 2003 Server
operating system, as well as Windows services like DHCP, WINS, Routing
and Remote Access Service (RRAS), and others All of these Windows 2003
services can be monitored remotely by SNMP management software
Trang 7ChApTEr 11: Network Troubleshooting Tools
552
For the SNMP agent software to collect information regarding a particular service, a Management Information Base (MIB) must be created The MIB is
a database that describes which kinds of information should be gathered from
a particular device The MIBs included with Windows 2003 allow the agent software to communicate a wide range of information The agent software
is responsible for reporting the information gathered by the MIB However, agents rarely volunteer information spontaneously Rather, the SNMP agent
must be queried by an SNMP management system There is, however, an exception to this: a trap message A trap message is sent spontaneously by
an SNMP agent to the SNMP management system when an important event occurs For example, you could configure a trap message to indicate that the World Wide Web service has become unresponsive on a particular machine
We would then configure the agent to send a trap message to the IP address
of a computer running the SNMP management software so that an admin-istrator can quickly respond to this event SNMP trap messages are sent to UDP port 162
There are two other types of messages associated with SNMP A GET
message is a request that is sent from an SNMP management system that
requests information from an agent A SET message will allow the SNMP
management system to write changes to an MIB, and therefore extend its information-gathering abilities SNMP GET and SET messages communi-cate on UDP port 161
SNMP is a fairly open protocol that doesn’t have many security features
To control which machines receive SNMP trap messages, you will configure
an SNMP community name In addition, you’ll configure a trap destination,
which is the hostname or IP address of the computer running the SNMP management software For a system to report to an SNMP management system, you first need to install the agent software on the target computer
In Exercise 11.3, we’ll install and configure the SNMP agent software on a Windows XP machine
ExErcisE 11.3
Click
1 Start | Control Panel | Add/Remove Programs.
Click
2 Add/Remove Windows Components.
Scroll down to
3 Management and Monitoring Tools and select Details.
Enable the
4 Simple Network Management Protocol option.
Trang 8In the Community Name drop-down list, enter the name of the
9
SNMP community and click Add.
Under Trap Destinations, enter the
computer running the SNMP management software and click Add.
Click
11 OK to finish configuring the SNMP Agent.
lINux ToolS
Although you may be spending a great deal of your “real world”
troubleshoot-ing time worktroubleshoot-ing on Windows computers, you should also be aware of the
troubleshooting tools that are available for Linux- and UNIX-based
comput-ers This is especially important because large organizations often employ
these open-source operating systems as Web servers, firewalls, and other
components of the network infrastructure Many of the troubleshooting tools
available for Linux and UNIX are similar or even identical to tools we’ve
already covered for Windows For example, you can use the ping command
from both a Windows and a UNIX computer In this section, we’ll look at
some tools that are specific to Linux- and UNIX-based operating systems
utilizing the ifconfig Command
You’ll use the ifconfig command to configure the NICs installed in a Linux
computer, as well as to view information about any configured interfaces
Like most Linux tools, you’ll work with ifconfig from the command line
The most basic syntax and output for ifconfig is to simply type ifconfig,
which will produce the following output:
eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51
inet addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:190312 errors:0 dropped:0 overruns:0 frame:0
Trang 9ChApTEr 11: Network Troubleshooting Tools
554
TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100
RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb) Interrupt:9 Base address:0x5000
Lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb)
Even if you haven’t worked with Linux before, you should be able to recognize the two adapters that ifconfig is displaying information for: an Ethernet adapter called “eth0”, and the Loopback Adapter You can see the following information listed for the eth0 interface:
■
■ HWaddr 00:80:C8:F8:4A:50 is the MAC address of the Ethernet
adapter
■
■ addr:192.168.99.35 Bcast:192.168.99.255 Mask:255.255.255.0
indicates the IP address, broadcast address, and subnet mask
■
■ Interrupt:9 Base address:0x5000 give you information about the
hardware resources being used by the Ethernet adapter
■
■ RX packets indicate the number of packets received by this adapter
TX packets show the number of packets transmitted.
You can quickly disable the Ethernet NIC on this Linux computer by
typing ifconfig eth0 down If you reissue the ifconfig command after you’ve
brought the Ethernet adapter down, you’ll only see configuration informa-tion for the loopback adapter:
ifconfig
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0
RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb)
Bringing an adapter back online is slightly more complicated, as you need
to have the IP address and subnet mask ready to configure the adapter with
Trang 10eth0 Link encap:Ethernet HWaddr 00:80:C8:F8:4A:51
inet addr:192.168.99.35 Bcast:192.168.99.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:190312 errors:0 dropped:0 overruns:0 frame:0
TX packets:86955 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:30701229 (29.2 Mb) TX bytes:7878951 (7.5 Mb)
Interrupt:9 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29504 (28.8 Kb) TX bytes:29504 (28.8 Kb)
utilizing the dig Command
The dig command is the Linux equivalent to nslookup in Windows – it’s
used to send name resolution queries to DNS servers to troubleshoot name
resolution on a Linux-based client computer The syntax of the dig
com-mand is as follows:
Test day Tip
ifconfig will configure a NIC in a Linux machine at the command line in the same way
that the Network applet in Control Panel works on a Windows computer.
dig [@server] [-b address] [-c class] [-f filename] [-k filename] [ -n ][-p port#] [-t type] [-x addr] [-y name:key] [name] [type] [class] [queryopt ]
dig [-h]
dig [global-queryopt ] [query ]