webpointmorpheus Network Info
Problems & Troubleshooting

     Overview      Prevention & Troubleshooting      Human Error      Command Line Utilities      Software Tools      Hardware Tools

©2005 - material compiled by Bob Carnaghi, www.webpointmorpheus.com

Overview     Top of Page

This page lists some of the problems that are common in networked computer systems, as well as some of the most common solutions. The most unpredictable element, and often the most predictable as the cause of a problem, is human error. Included below is a list to help deal with this facet of troubleshooting as well. A review of the 6-step scientific process is listed for review, as well as a means of relating this process to troubleshooting network problems specifically. There is a list of command line utilities that are inherent in most Windows installations that will help troubleshoot problems. Toward the end of this document there are several additional tools listed that are common in problem-solving computer networks.

If you have a difficult time with the acronymn drenched terms used in this document, check out the Network Definitions Page.

Preventing Problems     Top of Page

• Backups are so important that their value cannot be put into words. A back-up strategy and schedule is extremely important. Don't go down due to lack of a back-up!
• Network baselines are indespensible for knowing what the system looks and acts like when things are working well. Performance Monitor is a Windows NT/2000 tool to establish baseline data, as well as troubleshoot problems when they arise. Check out the Administrative Tools section of any Windows NT, 2000, or XP system.
• Console Monitor is a NetWare tool similar to Windows Performance Monitor.
• Server logs, Event Viewer, and other system files will tell a lot about what's going on in the background of a network. Check them frequently.

   The Troubleshooting Process     Top of Page

The first list below is the time-tested 6-step Scientific Method. This process has proven successful in more situations than can be counted. Applied to problems, along with a sense of clarity and reserve, there will be a movement through a problematic situation that will eventually reach some type of resolve.

1. State a clear definition of the problem.
2. Form a hypothesis as to the possible solutions of the problem.
3. Devise & perform experiments based upon the hypothesis from #2 above.
4. Observe the results obtained from experimentation.
5. Alalyze the results, and amend hypothesis as necessary.
6. Repeat steps 2 through 5 until a clear, workable solution is obtained, or a new definition is in order.

The steps listed immediately below are the specific steps suggested by CompTIA to resolve network and computer problems.

1. Establish the symptoms.
2. Identify the affected area.
3. Establish what has changed.
4. Select the most probable cause.
5. Implement a solution.
6. Test the result.
7. Recognize the potential effects of the solution.
8. Document the solution.

The Human Element     Top of Page

The most unpredictable element in the process of computing are the choices made and actions taken by the operator. Typically, but not always, a machine will exhibit certain courses of action consistently and predictably. Given the faculty of free will, humans can and will make choices that are often unpredictable, and will boggle the mind of a technician. Successfully repairing a faulty or broken system often comes down to successfully working with the humans who are operating the systems. Listed below are the information elements that must be extracted in a patient and compassionate manner to arrive at the cause of a problematic situation.

1. What caused the problem? What were the steps that caused the problem? Under what circumstances did the problem first appear? What were you doing or attempting to do when the problem occurred?
2. Were there any error messages that resulted from the problem? Is there anything in the event log that reflects a possible cause of the problem?
3. Were any steps taken to repair, alleviate, or circumvent the problem? What were they? Did they work or not?
4. When does the problem occur? What time? Is the problem consistent or random? What are the environment elements around the problem? Time of day? Heat? Cold? Humidity? Etc?

Command Line Utilities     Top of Page

The commands listed below could be likened to a network tech's swiss army knife. While the commands may not fix the problems, they will be of immense assistance in defining and isolating the problem. Each of the commands listed are native to Windows 2000 and XP. For other Operating Systems, check within the OS itself. The commands are run from a Command Prompt: go to 'Start', 'Run', type 'cmd' to get the prompt. Or press 'Windows + R', the Windows accelerator key, then type 'cmd'.

Title Here
Command	Description	Option	Explanation
tracert	'tracert' stands for traceroute, and is used to trace the path that an IP packet takes from a source to its destination. Tracert uses ICMP Echo packets and their TTL to determine the route and hopcount.	-d	Do not resolve addresses to hostnames.
		-h maximum_hops	Maximum number of hops to search for target.
		-j host-list	Loose source route along host-list.
		-w timeout	Wait 'timeout' milliseconds for each reply.
arp	'arp' stands for Address Resolution Protocol. It is used for displaying and resolving the IP-to-Physical address translations that exist between IP and MAC addresses. These entities are what tie together Layer 3 and Layer 2 of the OSI model. 'arp' has the ability to display or modify the arp cache table.	-a	Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
		-g	Same as -a.
		inet_addr	Specifies an internet address.
		-N if_addr	Displays the ARP entries for the network interface specified by if_addr.
		-d	Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts.
		-s	Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
		eth_addr	Specifies a physical address.
		if_addr	If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.
netstat	'netstat' displays protocol statistics for the TCP/IP connections that are current on the computer. 'netstat' displays for both the TCP & UDP protocols. It can also be used for Ethernet statistics and data transfers.	-a	Displays all connections and listening ports.
		-b	Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
		-e	Displays Ethernet statistics. This may be combined with the -s option.
		-n	Displays addresses and port numbers in numerical form.
		-o	Displays the owning process ID associated with each connection.
		-p proto	Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
		-r	Displays the routing table.
		-s	Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
		-v	When used in conjunction with -b, will display sequence of components involved in creating the connection or listening port for all executables.
		interval	Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
ping	'ping' is a diagnostic tool that will test TCP/IP configurations and connections. Use the ping utility to determine whether a particular TCP/IP host is reachable. 'ping' can also be used with the loopback address (127.0.0.1) to test a computer's own NIC.	-t	Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop type Control-C.
		-a	Resolve addresses to hostnames.
		-n count	Number of echo requests to send.
		-l size	Send buffer size.
		-f	Set Don't Fragment flag in packet.
		-i TTL	Time To Live.
		-v TOS	Type Of Service.
		-r count	Record route for count hops.
		-s count	Timestamp for count hops.
		-j host-list	Loose source route along host-list.
		-k host-list	Strict source route along host-list.
		-w timeout	Timeout in milliseconds to wait for each reply.
ipconfig	Displays TCP/IP configuration information and renew and release DHCP assigned address configuration.	/all	Display full configuration information.
		/release	Release the IP address for the specified adapter.
		/renew	Renew the IP address for the specified adapter.
		/flushdns	Purges the DNS Resolver cache.
		/registerdns	Refreshes all DHCP leases and re-registers DNS names.
		/displaydns	Display the contents of the DNS Resolver Cache.
		/showclassid	Displays all the dhcp class IDs allowed for adapter.
		/setclassid	Modifies the dhcp class id.
winipconfig	GUI utility similar to ipconfig native to Windows 9x.		This utility is not available in Windows 2000 or XP. See the online help in Windows 9x for details.
nbstat	Used for troubleshooting network NetBIOS names over TCP/IP resolution problems. It displays protocol statistics and current TCP/IP connections that are using (NBT) NetBIOS over TCP/IP as well as the NetBIOS name table and cache.		See the online help for options and details.
nslookup	'nslookup' is used to display information that you can use to diagnose Domain Name System (DNS) servers and to send DNS queries to DNS sesrvers. 'nslookup' can be used in interactive and non-interactive mode by providing the correct input parameters directly on the command-line.	NAME	Print info about the host/domain NAME using default server.
		NAME1 NAME2	The same as above, but use NAME2 as server.
		help or ?	Print info on common commands.
		exit or Ctrl+C	Exit the program.
		Additional Notes: 'nslookup' will work in interactive mode, line by line, or by just entering the command then pressing 'Enter'. There are many more options for the command as needed, see the online help system.

Software Tools     Top of Page

Listed below are the software solutions for network troubleshooting. Note that these are generic categories, not endorsed packages. Note also the series of commands available from the command line avaliable elsewhere in this document. Those utilities can and will give a wealth of information on the state of the network and its configuration.

1. Network or Protocol Analyzer - Software based (NETMON), also NMAP.
2. System, Installation, and Event Log within the Operating System.
3. System Management Packages available for the specific Operating System.

Hardware Tools     Top of Page

The list below contains hardware items that will be useful in troubleshooting network problems. When used with the process listed above, and the command line utilities, problems can be quickly isolated and resolved.

1. Cable Testers - Media Tester. Cable testers monitor the electrical signal or recognize errors such as collisions, traffic congestion, error frames, and protocol errors. Some tools can measure frequencies and determine the maximum frequency (MHz) of a cable.
2. Protocol Analyzer - Sniffer. A tool implemented in software to analyze data packets. It can read individual packets to determine network problems related to software, clients/servers, network addressing, etc.
3. Fox & Hound - Tone Generator. Helps isolate and identify unmarked cables.
4. An optical tester can be used to find a break or kink in fiber optic cabling.
5. Time Domain Reflectometer (TDR) sends pulses through a cable to detect a break or other inconsistencies.
6. A loopback adapter is a type of terminator that connects directly to a NIC. This permits configuration (IP, etc.) to create a simulated network.
7. DVM - Digital Volt Meter. A very common electrical measurement tool that can be used to track down breaks in the cable and other problems.