TrouBlEShooTING ThE SESSIoN lAyEr The session layer handles the task of establishing a one-to-one session between the sending and the receiving computers.. ChApTEr 12 : Network Troublesh
Trang 1ChApTEr 12 : Network Troubleshooting Methodology
606
Table 12.1 Well-Known TCP Ports
port Number Application
layer Table 12.1 illustrates some of the more common TCP applications and the ports they use:
understanding udp
A connectionless transport protocol like UDP doesn’t provide the same
acknowledgment of receipt process as the connection-oriented TCP does Because UDP doesn’t sequence the packets that the data arrives in, an application program that uses UDP has to be able to make sure that the entire message has arrived and is in the right order To save processing time, network applications that have very small data units to exchange, and thus very little message reassembling to do, may use UDP instead of TCP For example, Domain Name System (DNS) hostname lookup messages that will always fit in a single datagram can effectively use UDP For these very short queries, you don’t need all the complexity of TCP; if you don’t receive an answer after a few seconds, you can just ask again
UDP doesn’t split data into multiple datagrams, as TCP does It also doesn’t keep track of what it has sent Data can be resent if needed, and UDP doesn’t guarantee delivery or protect against duplication However, it
is not completely irresponsible: it does provide for a checksum capability to ensure that data arrives intact, and it provides port numbers to distinguish between the requests sent by different user applications Examples of applications that use UDP for communication include Trivial File Transfer
Trang 2The Three-way handshake
Computers using TCP to communicate have both a
send window and a receive window At the
begin-ning of a TCP communication, the protocol uses
a three-way handshake to establish the session
between the two computers Because TCP (unlike its
transport layer sibling, UDP) is connection-oriented,
a session, or direct one-to-one communication link,
must be created prior to sending and receiving data
The client computer initiates the communication with
the server (the computer whose resources it wants
to access) The handshake includes the following
steps:
A SYN (synchronization request) segment is
1
sent by the client machine An initial
sequence number, sometimes just referred to as
the ISN, is generated by the client and
sent to the server, along with the port number
the client is requesting to connect to on the
server.
An ACK message and a SYN message are sent
2
back to the client from the server The ACK segment is the client’s original ISN plus 1, and the server’s SYN is an unrelated number generated
by the server itself The ACK acknowledges the client’s SYN request, and the server’s SYN indicates the intent to establish a session with the client The client and server machines must synchronize one another’s sequence numbers.
An ACK is sent from the client back to the
3
server, acknowledging the server’s request for synchronization This ACK from the client is, as you might have guessed, the server’s ISN plus 1
When both machines have acknowledged each other’s requests by returning ACK messages, the handshake has been successfully completed and a connection is established between the two.
You can see an example of this three-way hand-shake in Figure 12.6.
FIGurE 12.6 The TCP Three-Way Handshake.
hEAd oF ThE ClASS…
Trang 3ChApTEr 12 : Network Troubleshooting Methodology
608
Protocol (TFTP), RIP, RADIUS accounting, and some implementations of Kerberos authentication Table 12.2 illustrates some of the more common UDP-based applications and ports:
Table 12.2 Well-Known UDP Ports
port Number Application
53 DNS query
123 Network Time Protocol
Active Connections Proto Local Address Foreign Address State TCP IBM-A38375FF22E:epmap IBM-A38375FF22E:0 LISTENING TCP IBM-A38375FF22E:microsoft-ds IBM-A38375FF22E:0 LISTENING TCP IBM-A38375FF22E:netbios-ssn IBM-A38375FF22E:0 LISTENING TCP IBM-A38375FF22E:1202112.25.12.64.in-addr.arpa:5190 ESTABLISHED TCP IBM-A38375FF22E:1299workstation.office.com:3389 ESTABLISHED TCP IBM-A38375FF22E:1025IBM-A38375FF22E:0 LISTENING
TCP IBM-A38375FF22E:5180IBM-A38375FF22E:0 LISTENING UDP IBM-A38375FF22E:snmp*:*
UDP IBM-A38375FF22E:microsoft-ds *:*
UDP IBM-A38375FF22E:isakmp *:*
UDP IBM-A38375FF22E:1032*:*
UDP IBM-A38375FF22E:1033*:*
UDP IBM-A38375FF22E:1048*:*
UDP IBM-A38375FF22E:1300*:*
UDP IBM-A38375FF22E:2361*:*
UDP IBM-A38375FF22E:4500*:*
layer 4 Troubleshooting
Troubleshooting the transport layer is quite similar to working at the application layer, because the TCP and UDP protocols form the basis of the
ports that are used by all network applications So you can use the telnet
command to see if a particular port is listening on the destination machine,
and you can use the netstat utility to see a list of all ports that are listening
on a particular machine You should remember from Chapter 11 that you can
use netstat –a to view listening ports Here is an example of sample output:
Trang 4UDP IBM-A38375FF22E:ntp *:*
UDP IBM-A38375FF22E:netbios-ns *:*
UDP IBM-A38375FF22E:netbios-dgm *:*
UDP IBM-A38375FF22E:1900*:*
UDP IBM-A38375FF22E:ntp *:*
UDP IBM-A38375FF22E:1305*:*
UDP IBM-A38375FF22E:1311*:*
UDP IBM-A38375FF22E:1900*:*
UDP IBM-A38375FF22E:2242*:*
UDP IBM-A38375FF22E:2313*:*
UDP IBM-A38375FF22E:4519*:*
If you run the netstat –a command on a server that’s functioning as a Web
server, you should see at least one entry in the netstat output to indicate that it’s
listening on port 80; if it’s not, the WWW service might be stopped or disabled
Test day Tip
It’s important to remember that you can’t pick and choose which applications use TCP
versus UDP A test question might try to trip you up by talking about configuring HTTP to
use UDP to solve a troubleshooting issue This simply isn’t possible, as HTTP uses TCP
port 80 and not UDP Be very aware of the well-known ports listed throughout this guide
as you prepare for the exam.
TrouBlEShooTING ThE SESSIoN lAyEr
The session layer handles the task of establishing a one-to-one session
between the sending and the receiving computers The session layer sets up
and tears down application-to-application dialogs, and synchronizes the data
flow for the applications
The session layer also controls whether a transmission is established
as half-duplex or full-duplex Full-duplex is bidirectional communication in
which both sides can send and receive simultaneously Half-duplex is also
bidi-rectional communication, but the signals can flow in only one direction at a
time To illustrate the difference, think of how a telephone conversation works
Both parties can talk at the same time, and you can still hear the other person’s
voice while you’re talking That’s full-duplex But with most two-way radios
like walkie-talkies, when you key the microphone to speak, you can’t hear
any-thing the other person might be saying while you’re speaking This means that
only one of you can broadcast over the channel at a time That’s half-duplex
Another important responsibility of the session layer is to define the
rules for data exchange between the applications In this respect, you
Trang 5ChApTEr 12 : Network Troubleshooting Methodology
610
might think of the session layer as a referee or mediator who makes sure both parties, which are the sending and receiving computers, are aware
of and agree to follow the rules of the game for that particular session When two family members are at odds and seek counseling to help them communicate with one another, a good counselor or mediator will start the visit by getting both people to agree to certain rules These might include who gets to talk first, and for how long, as well as the format of the communication For example, no yelling, screaming, or name-calling may be a ground rule in a counseling session, whereas computers will have
to agree on things like a transmission rate and sliding window size before they can communicate effectively Part of what is negotiated includes all appropriate communications guidelines Otherwise, machines may bombard each other with too much data to be processed, or both try to
“talk” at the same time The session layer works to controls this flow of conversation so that the message will get through clearly In this way, the
session layer provides for flow control.
The most common protocols that exist at the session layer are usually application program interfaces, or APIs, that control how an application will set up, manage, and tear down sessions between two computers The most common APIs you’ll encounter are NetBIOS, TCP/IP sockets, and remote pro-cedure calls These three APIs make it easier for software developers to create
applications that can function over a network connection by standardizing how such an application should behave You’ve already heard of TCP/IP sock-ets as the combination of an IP address and port number that’s used by one
computer to communicate with another: this is the session layer at work
layer 5 Troubleshooting
Just as the functions of the presentation layer are often swallowed up by application layer protocols, the functions of TCP/IP from the session layer
up to the application layer will often span all three layers – the difference between them can sometimes get a bit fuzzy Because of this, it’s not
particularly common to perform troubleshooting that’s geared only toward
the session layer of the OSI model
The most common issues you’ll see at the session layer involve slow network transmissions between two computers, which is caused by one com-puter in a connection using a half-duplex connection instead of a full-duplex connection This is especially troublesome on Windows-based machines because they will normally default to using autodetect, where the NIC will attempt to automatically detect the duplex type that it should be using In Exercise 12.2, we’ll configure a NIC on a Windows XP workstation to use a full-duplex connection
Trang 6ExErcisE 12.2 configuring Full-Duplex
Click
1 Start | Connect To | Show All Connections.
Right-click the
2 Local Area Connection icon and select Properties.
On the General tab, click
3 Configure to configure the NIC.
Access the
4 Advanced tab and scroll to Link Speed & Duplex You’ll see the screen
shown in Figure 12.7 By default, this is set to auto detect Change the setting to
FIGurE 12.7 Configuring a Full-Duplex Connection.
Trang 7ChApTEr 12 : Network Troubleshooting Methodology
612
100 Mbps/full-duplex to force the NIC to use a 100 Mbps connection that allows the sending and receiving computers to communicate simultaneously.
Click
5 OK to save your changes.
TrouBlEShooTING ThE prESENTATIoN lAyEr
No, the presentation layer doesn’t turn your data into PowerPoint slides! However, as the name suggests, it is responsible for the way in which data
is presented, or formatted The presentation layer handles such things as encryption, which presents the data in such a way as to keep it from being readable by unauthorized persons, and compression which packages the data in such a way as to get more of it through at a time On the receiving side, the presentation layer is responsible for translating data into a format understandable by the application, and then presenting it to the application layer
Identifying the Cause of Client and Server Environment problems
Because the presentation layer handles the very important task of protocol
translation, this layer is where many gateways operate One of the purposes
of a network protocol is to provide a single language that different computers can use to talk to each other In this case, a gateway acts as a translator between two separate protocols, so that computers that are running different protocols can communicate with each other Gateways allow this process to take place transparently, so that Computer A doesn’t realize that it needs a translator to communicate with Computer B; from the end user’s perspective
it just works automatically Examples of gateways include:
■
■ E-mail gateway This software translates the messages from diverse,
noncompatible e-mail systems into a common Internet format such
as the Simple Mail Transfer Protocol (SMTP) Thus, Cousin Mary
is able to read your letter even though you were using Microsoft Outlook with an Exchange server and she is on a NetWare network using Groupwise mail
■
■ SNA gateway Systems Network Architecture (SNA) is a proprietary
IBM architecture used in mainframe computer systems such as the AS/400 An SNA gateway allows personal computers on a LAN to access files and applications on the mainframe computer
Trang 8■ Gateway Services for NetWare (GSNW) This software is included
with the Windows 2000 and Windows NT Server operating
systems to allow the Windows server’s clients to access files on a
Novell NetWare server It translates between the Server Message
Block (SMB) file sharing protocol used on Microsoft networks and
NetWare Core Protocol (NCP), the file sharing protocol used by the
NetWare networks
There are almost as many gateway products available as there are
different protocol combinations, and more are being developed all the time
as interoperability becomes increasingly important to connect the diverse
systems that are available For example, there are services that you can install
on a Windows server or client to allow access to the AppleTalk protocol for
Macintosh and OSX resources, UNIX and Linux servers and clients, as well
as the Gateway Services for NetWare
Another common function of the presentation layer is translating text and
graphics from one format to another So the presentation layer might translate
text from a computer using extended binary-coded decimal interchange
code (EBCDIC) encoding so that it can be understood by a computer using
American Standard Code for Information Interchange (ASCII) encoding, and
vice versa The following are some types of text and image encoding operate
at the presentation layer:
EBCDIC
■
■
ASCII
■
■
JPEG
■
■
MPEG
■
■
layer 6 Troubleshooting
You won’t run into a great many problems with troubleshooting at the
presen-tation layer, because most of the duties handled by this layer are stable
tech-nologies that have been around for decades Additionally, the functions of the
Exam warning
You should remember from the previous chapter that the Ethernet frame type is often a
common culprit when tracking down connectivity issues with a NetWare server Versions of
NetWare prior to version 4 used Ethernet 802.3 as their default frame type NetWare 4.0
and later use 802.2 as the default.
Trang 9ChApTEr 12 : Network Troubleshooting Methodology
614
presentation layer will often actually be performed by a protocol that you would normally think of as functioning at the application layer, so that troubleshoot-ing will all take place ustroubleshoot-ing the steps we’ll describe in the next section
Some examples of problems you may find at the presentation layer include:
An image file becomes garbled or corrupted when it’s sent via
■
■ e-mail from one person to another
E-mail messages between two different server types (exchange and
■
■ groupwise, for example) become scrambled or unreadable
You are unable to copy or move files between two different network
■
■ types, usually Microsoft and Novell, or you are unable to open a file once it’s been copied
In most cases, you can resolve these issues by restarting or re-installing the gateway service that’s creating these errors: restarting the Gateway Services for Netware on your Windows 2003 server, for example
TrouBlEShooTING ThE ApplICATIoN lAyEr
Especially where the application is concerned, be sure to keep in mind that the OSI model describes only the logical networking components, not any specific programs that you’ll use like Internet Explorer or Microsoft Outlook
By remembering this, you won’t make the common mistake of thinking the application layer actually represents user application software
What the application layer really does to is define how a user’s application will interact with a network protocol In other words, application layer protocols accept user data to be transmitted on the network, that is, the data that’s created
by the user application that’s operating above the networking layers
For example, if you want to send an e-mail message, your user application might be Microsoft Outlook A user sending e-mail will see only the application interface, not any underlying protocol They can type their letters to Cousin Mary, perhaps attach graphics files containing photos of
Exam day Tip
Remember that the OSI model is just that: a model Some protocols will map to more
than one layer of the OSI model, and some layers of the model won’t be used at all in some cases.
Trang 10the grizzly bear that almost ate Uncle Joe from their last family outing to
Yellowstone National Park, and then click Send Assuming that they typed
the correct e-mail address in the “to” field, they’ve configured their e-mail
software properly, their hardware is working, their phone lines aren’t down,
and their ISP is on the ball, the message goes through and arrives in Mary’s
e-mail Inbox Neither the user sending the message nor Cousin Mary needs
to know anything about what the networking components of their respective
operating systems are doing to communicate via e-mail That’s because the
application itself sends the data to the application layer, and the application
layer takes it from there In this case, the application is represented by
Outlook, and the data is the e-mail message that has been composed
The application layer adds header information, which will be used by
the application layer on the receiving end, and then passes the information
down to the presentation layer The application layer is the top level of the
OSI model, and it is the layer that resides closest to the user The application
layer is different from the lower layers of the model because it doesn’t provide
services to any other OSI layer Instead, it provides network services to user
applications such as spreadsheet programs, word processing, and e-mail
programs
Application layer protocols
TCP/IP provides several protocols that operate at the application layer
to provide services such as news, mail and file transfer, and monitoring/
diagnostics capability The most common protocols that operate at the
application layer are as follows:
■
■ FTP The File Transfer Protocol (FTP) is used for copying files from
one computer to another Windows 2000, XP, and Windows Server
2003 include both a command-line FTP client program, and the
FTP server service that is installed as part of the Microsoft Internet
Information Server (IIS) If you haven’t installed the FTP server
service on a Windows computer, you will only have access to the
FTP client, which is available from the Windows command line
when TCP/IP is installed
■
■ SNMP The Simple Network Management Protocol (SNMP) provides
a way to gather statistical and troubleshooting information about
devices such as PCs, routers, switches, and hubs An SNMP
man-agement system sends requests to an SNMP agent, and the
informa-tion is stored in a Management Informainforma-tion Base (MIB) The MIB
is a database that holds information about a networked computer