■ ■ HTTP The HyperText Transfer Protocol is perhaps the most familiar of the application layer protocols because it is used on the World Wide Web, the most popular Internet service.. ■
Trang 1(for example, how much hard disk space is available) To install the SNMP service on a Windows computer, you need to be logged on as
a member of the Administrators group The SNMP agent software is installed as a Windows Component and runs as a service
■
■ Telnet Telnet is a TCP/IP-based service that allows users to log
onto a computer from a remote location, run character-mode or command-line utilities on the remote computer or device, and view files on a remote device Windows 2000 and 2003 Server computers include both Telnet server and Telnet client software, while
Windows client operating systems such as Windows 2000 and XP Professional only include the Telnet client Telnet differs from FTP
in that you cannot transfer files from one computer to another (upload or download) Telnet is often used to access a UNIX shell account on an ISP’s server and delete e-mail messages directly from the server without downloading them to the local machine The Telnet server service uses TCP port 23 to listen for Telnet requests
■
■ SMTP The Simple Mail Transfer Protocol is used for sending
e-mail messages, typically across the Internet SMTP is a simple ASCII protocol and is not vendor-specific Because SMTP has limited capability in queuing messages at the receiving end, most
e-mail client programs use SMTP for sending e-mail only, and
either Post Office Protocol version 3 (POP3) or Internet Message Access Protocol (IMAP) for storing any messages that are received
by an e-mail server The SMTP service uses TCP port 25 to send messages using SMTP
■
■ HTTP The HyperText Transfer Protocol is perhaps the most
familiar of the application layer protocols because it is used on the World Wide Web, the most popular Internet service HTTP allows
Exam warning
SNMP management software is not currently included with the Windows operating system and has to be purchased and installed separately.
Exam day Tip
Because it usually sends usernames and passwords in clear-text the use of Telnet has
been almost entirely superseded by Secure Shell Host (SSH) If you are troubleshooting
a remote device like a router or a switch, you can use SSH for better security whenever required.
Trang 2computers to exchange files in various formats (text, graphic images,
sound, video, and other multimedia files) via client software called
a Web browser A computer running a Web server program, such as
Microsoft’s Internet Information Server, stores files in HyperText
Markup Language (HTML) format that can be accessed by the client
browser These HTML pages often contain hyperlinks for quickly
and automatically connecting to other files on the Internet, on an
intranet, or on the local machine The HTTP protocol uses TCP
port 80 to send and receive information to Web servers and clients
■
■ NNTP Network News Transfer Protocol (NNTP) is used for managing
messages posted to private and public newsgroups NNTP servers
provide for storage of newsgroup posts, which can be downloaded by
client software called a newsreader Windows 2000 and 2003 Server
include an NNTP server as a part of IIS Outlook Express, which is
part of the Internet Explorer software included with Windows 2000,
XP, and 2003, provides both an e-mail client and a newsreader The
NNTP service defaults to using TCP port 119
■
■ DNS The Domain Name System is used by most of the other
applications in the TCP/IP suite to resolve hostnames to IP addresses
A Web browser, for example, cannot establish a connection to a Web
server unless it knows the IP address of the server DNS is used to
resolve hostnames, such as www.microsoft.com, to IP addresses
DNS is a distributed database that is essential for TCP/IP to be used
on a massive Internet-sized scale It provides a function that hides
the complexity of IP addresses from users, and makes things such as
e-mail and the World Wide Web much easier to use
■
■ DHCP The Dynamic Host Control Protocol is used to dynamically
assign TCP/IP addresses and configuration information to clients and
servers IP addressing information is leased by a DHCP server for a
specific period of time, usually three days, before the lease must be
renewed by the client You can also use a DHCP server to centrally
configure TCP/IP client options such as the default gateway, subnet
mask, and DNS servers for your DHCP clients This is particularly
convenient because if you need to change one of these options you
can change it once on the DHCP server rather than needing to make
a change on every single client in your environment Windows NT,
2000, 2003, and UNIX/Linux servers can act as a DHCP server;
all Windows and UNIX/Linux can act as clients You can use the
ipconfig /release and ipconfig /renew commands to refresh the DHCP
configuration on a particular workstation
Trang 3Determining the Impact of Modifying, Adding or Removing Network Services for Network Resources and Users
Because the application layer is the layer at which name resolution services like DNS and WINS (Windows Internet Naming Service) function, this is the layer you’ll be working at if you run into a troubleshooting scenario involving clients that cannot access resources using their Fully Qualified Domain Names (FQDNs) or NetBIOS names
This builds from the troubleshooting that you performed at all of the layers below: at the physical layer, you looked for broken cables or malfunctioning NICs to isolate physical connectivity problems At the network layer, you
used ping and tracert (or traceroute for a UNIX/Linux computer) to determine
if network packets were being properly routed from one host to another Troubleshooting the application layer means that all of the underlying layers are functioning properly, but your clients are still running into problems
If you can ping a remote host using its IP address, but pinging its FQDN
returns a Request Timed Out error, then you have an issue with DNS name resolution You can use nslookup or dig to troubleshoot an existing DNS
server, as we discussed in the previous chapter If, on the other hand, you are working on an internal network that doesn’t have a DNS server in place, you should consider implementing one so that your clients can access remote resources by using easy-to-remember hostnames rather than IP addresses Likewise, if your clients are unable to access remote hosts using their NetBIOS names, but they are able to access computers using their associated
IP addresses, then you need to put a mechanism in place to allow your clients to perform NetBIOS name resolution This is especially necessary to allow access to file and print services on a Windows network, because these services rely heavily on NetBIOS name resolution On a small network with only two or three hosts, you can do this by placing an lmhosts file on each computer An lmhosts file is a plain text file that includes the IP address of the host in question, followed by its NetBIOS name, as you can see here:
10.0.0.105 SERVER3
Exam warning
Windows DHCP clients are able to use Automatic Private IP Addressing (APIPA) if
they are unable to contact a DHCP server This allows for limited connectivity using the 169.254.0.0 Class B address that does not include DNS name resolution or a default gateway.
Trang 4Once you go beyond a small number of clients and hosts, though,
lmhosts files become difficult to manage For larger networks, you should
install a WINS server to provide NetBIOS name resolution on a larger
scale, and configure your network clients to use this WINS server to
reg-ister their NetBIOS names so that other clients can locate the resources
that they need You can think of a WINS server as performing the same
function for NetBIOS name resolution that DNS does for Internet-based
name resolution
layer 7 Troubleshooting
You’ll probably spend quite a bit of time troubleshooting application layer
issues, because these are the most visible to an end user This can be
some-thing as simple as “My Internet Explorer won’t work” to troubleshooting
mail routing issues for an e-mail server that’s running SMTP One of the
most useful utilities for troubleshooting application layer protocols is Telnet,
because you can use this tool to connect to many different application layer
services by specifying the port that’s used by the service So you can Telnet
to a Web server, specifying port 80, to see if the Web server is listening on
that port If the Web server doesn’t respond, then you know that something
is wrong with the Web service on that particular server On the other hand, if
you can successfully Telnet to port 80, then you know that the problem lies
elsewhere and you can concentrate your troubleshooting efforts on problems
with client configuration or name resolution
Identifying a Client’s Remote Network Access Problem
There are multiple reasons that a client may encounter connectivity problems
in gaining access to the network or network resources In Exercise 12.3,
we’ll go through the steps of troubleshooting the SMTP service on an e-mail
server by using Telnet
Test day Tip
For a small number of clients, you can use a local host file for basic DNS resolution A
host file provides a similar format as an lmhosts file, except that it will use FQDNs instead
of NetBIOS names.
Exam day Tip
To troubleshoot name resolution problems, you can use the nslookup utility that we
discussed at length in Chapter 11.
Trang 5ExErcisE 12.3 Using Telnet to Troubleshoot FTP
Click
1 Start | All Programs | Accessories | Command Prompt to
access the Windows command prompt
Type
2 telnet servername 25 Servername indicates the IP address
or DNS name of the e-mail server that you are troubleshooting 25
specifies that you are Telnetting to port 25 of that server So to
con-nect to the mail.example.com server, you would type telnet mail example.com 25 at the command prompt If this is successful,
you’ll see something like this:
220 mail.example.com Microsoft Exchange Internet Mail Connector
From here, you can try to send a test e-mail message directly from
3
the Telnet window Begin by typing the following (substitute the
domain of a valid e-mail address for example.com):
HELO example.com
If this command works, you’ll see the following:
4
250 OK
Next, specify the e-mail address that the test message is from by
5
entering the following, using a valid e-mail address:
MAIL FROM:user@example.com
If this was successful, you’ll see the following:
6
250 OK – MAIL FROM user@example.com
Next, specify the e-mail address to send the test message to Type
7
the following, using a valid recipient address that’s located on the server you’re testing (so if you’re troubleshooting the example.com e-mail server, try sending a test message to jenny@example.com rather than joe@mycompany.com) Use the following syntax to specify the recipient’s e-mail address:
RCPT TO: jenny@example.com
If this was successful, you’ll see the following:
8
250 OK – Recipient jenny@example.com
Type
9 DATA to begin entering the text of your message Then type
the text of the test message that you want to send
Trang 6To let the SMTP server know that you’re finished, type a period (.)
10
on a blank line and then press Enter If the message was created
successfully, you’ll see the following:
250 OK
Type
11 QUIT to exit the Telnet session Verify that the recipient
received the test message If it did not, you can check the error logs
generated by the e-mail server, as well as the configuration of the
recipient’s e-mail client
SuMMAry oF ExAM oBJECTIvES
Troubleshooting TCP/IP and other network connectivity issues is made
easier if you follow the “10 Commandments of Troubleshooting”:
Know thy network
1
Use the tools of the trade
2
Take it one change at a time
3
Isolate the problem
4
Recreate the problem
5
Don’t overlook the obvious
6
Try the easy way first
7
Document what you do
8
Practice the art of patience
9
Seek help from others when you need it
10
There is a great deal of troubleshooting information for TCP/IP and other
network issues Be sure to take advantage of the following:
Microsoft documentation, including Help files, the resource kits, white
■
■
papers, TechNet, official newsgroups, and the Microsoft Web site
Third-party documentation, including Internet mailing lists,
■
■
Usenet public newsgroups, Web resources, local user groups, and
books and magazines
Following an organized set of troubleshooting steps allows you to
organize the troubleshooting process and makes it less likely that you will
Trang 7overlook something important along the way The problem-solving models used by other professions can be applied to network troubleshooting as well Gathering information is always one of the first steps in problem solving In network troubleshooting, as in most areas, this involves asking questions Which questions to ask (and of whom) vary according to the situation, but the following can serve as a guideline to get you started::
Exactly what task were you trying to perform when the problem
■
■
occurred?
Were you doing anything else in addition to this primary task at the
■
■
time?
What error message(s), if any, were displayed?
■
■
Is anyone else on the network experiencing the same problem?
■
■
Have you ever been able to perform this task on this computer?
■
■
When was the last time you were able to do so?
■
■
What changes have occurred since the last time you were able to do so?
■
■
To make a diagnosis or analysis of the information, you must organize
it in a logical manner This means learning to sift through and discard irrelevant information, and looking for patterns in the data This also means setting priorities according to such factors as who is affected by the problem, how many are affected by the problem, and what production activities are affected by the problem, and how often the problem occurs Solutions, once formulated, should also be prioritized according to cost, time involved, longevity, and long-term effect on performance
ExAM oBJECTIvES FAST TrACK
how to use the oSI Model in Troubleshooting
Being able to isolate which layer a problem stems from allows you
■
■
to identify the types of components that may be involved in the issue, thus helping you troubleshoot the problem
You should remember that the OSI model consists of seven
lay-■
■
ers When one computer communicates with another one, data at the sending computer is passed from one layer to the next until the physical layer finally puts it out onto the network cable
The most important thing that you can do when troubleshooting
■
■
is to be organized and methodical in your approach to solving
Trang 8problems If you work in a rushed fashion, you’re likely to miss
a crucial troubleshooting step or forget what you did to solve the
problem the next time it occurs When you are troubleshooting,
remember the seven general steps outlined in this chapter
Troubleshooting the physical layer
The physical layer is the lowest layer of the OSI model, and it
■
■
is concerned with the physical cabling and network devices that
connect you to the network
Troubleshooting often begins at the physical layer, where you
■
■
need to determine if your network cards, hubs, and cabling are
functioning and connected correctly
Be sure that you are using the correct type of NIC for your
■
■
network type and the correct cabling to allow for network
connectivity
Troubleshooting the data link layer
The data link layer is responsible for taking the information it gets
■
■
from the physical layer and organizing it into frames
The devices that operate at the data link layer are switches and
■
■
bridges Troubleshooting these devices includes verifying that the
correct frame type is being used and that any VLANs are configured
correctly
The Spanning Tree Protocol (STP) can be used to prevent the
■
■
possibility of loops on a switched or bridged network
Troubleshooting the Network layer
A great deal of your troubleshooting time will be spent at the
■
■
network layer, as this actually controls how traffic is transmitted or
routed between two computers
The most important device that operates at the network layer is the
■
■
router, and router troubleshooting will include troubleshooting the
physical device as well as how it is configured
ICMP operates at the network layer, and it is used to provide
■
■
troubleshooting information for TCP/IP troubleshooting utilities
such as ping, tracert, and traceroute.
Trang 9Troubleshooting the Transport layer
The TCP and the UDP both exist at the transport layer, which controls
■
■
whether communications between computers are connection-oriented and acknowledged, or connectionless with low overhead
Use
■
■ netstat –a to see a list of which TCP and UDP ports are
currently listening on a particular server
You can use Telnet to test connectivity at the transport layer in
■
■
addition to testing the application layer
Troubleshooting the Session layer
The session layer controls how two computers will create,
■
■
maintain, and tear down a conversation (also called a session) between them
The session layer also controls whether a connection is full-duplex
■
■
(able to transmit in both directions simultaneously), or half-duplex (only able to transmit in one direction at a time)
A mismatch in full- versus half-duplex can create significant
■
■
performance degradation between two computers that are attempting to communicate
Troubleshooting the presentation layer
The presentation layer handles the way that data is formatted
■
■
between different systems, such as translating text from a system that uses EBCDIC encoding and one that uses ASCII
In many cases, the function of the presentation layer is handled by
■
■
the application layer service like HTTP, so isolating presentation layer problems can be difficult
Certain types of gateways also function at the presentation layer,
■
■
such as Gateway Service for Netware in Windows 2000 Server
Troubleshooting the Application layer
The application layer is the top layer of the OSI model, and it
pro-■
■
vides services to actual end user applications on the desktop or server
Be sure that you understand the difference between the application
■
■
layer protocol, like HTTP, and the actual application that it supports, like Internet Explorer
Trang 10You can use Telnet to connect to specific ports on a server to see if
the HTTP, SMTP, and FTP protocols are functioning
ExAM oBJECTIvES FrEquENTly ASKEd quESTIoNS
Is it possible for me to disable NetBIOS over TCP/IP (NetBT)?
Q:
Microsoft states that you can remove NetBT once you have a pure
A:
Windows 2000 environment Because WINS relies on NetBT, you
cannot disable NetBT until you are no longer relying on WINS for
name resolution Additionally, legacy applications and logon scripts
often use NetBIOS names, and these must be modified to use DNS
name resolution before you can remove NetBT You can disable
NetBT via DHCP on Windows 2000 clients when you are ready to
make the change
What types of networks are most likely to use OSPF instead of RIP?
Q:
Large enterprise networks and very large internetworks,
A:
such as corporate campuses and global networks Microsoft
documentation generally recommends that OSPF be used for
internetworks that include more than 50 networks OSPF is also
appropriate for networks in which the topology changes frequently,
and those that include more than one path between pairs of
end-points
What is a gateway, and why would I need one?
Q:
The word
A: gateway has many different meanings in the Information
Technology (IT) world A protocol-translating gateway translates
between different protocols Think of it as the United Nations
inter-preter of the networking world If the president of the United States
needs to exchange information with the chancellor of Germany, but
neither speaks the other’s language, they can call in someone who
is fluent in both to help them get their messages across Similarly, if
a mainframe system and a Windows 2000 computer need to
com-municate with one another – perhaps the mainframe has important
files that need to be accessed by the PC – but they don’t know how
to “talk” to each other, you can install a gateway to clear up the
con-fusion The gateway is even more skilled than the interpreter is; it
actually fools the mainframe into believing it’s communicating with
another mainframe, and makes the PC think it is having a
“con-versation” with a fellow PC Gateway is also the term used to refer
to the address of a router that connects your network to another,
acting as the gateway to the “outside world”