Networking Monitoring and Management

Activities 3: TCP/IP Network Monitoring and Management

1. TCP/IP Network Management Tasks

TCP/IP network management tasks include

· Traffic monitoring

· Troubleshooting network access

· Adding new hosts (also known as nodes or stations) to the network

· Mounting remote disks and exporting local disks with Network File System (NFS)

Large networks probably need a commercial network analyzer, or at least a hardware tester such as a time domain refelctometer (TDR). But many smaller networks can get by with publicly available free tools. A list of diagnostic service functions for helping network monitoring, management, and troubleshooting are as shown below.

· Testing the network connection: ping command (for both Windows and UNIX)

· Troubleshooting Network Access using: winipcfg command (Windows), ifconfig (UNIX), netstat, and arp command

· Configure the network interface: winipcfg command (Windows), and ifconfig (UNIX)

· Network monitoring: netstat command (for both Windows and UNIX)

· Display active network connections: netstat command (for both Windows and UNIX)

· Display interface statistics: netstat command (for both Windows and UNIX)

· Display active routes of connections: route command (for both Windows and UNIX)

· Manipulate static routing tables: route command (for both Windows and UNIX)

· Tracing routes: tracert command (Windows), traceroute command (UNIX)

For Windows 95/98/2000-based PC, these commands are located in the C:\Windows subdirectory and they are designed as MS-DOS programs so that we can only run them under the MSDOS prompt.

2. Network Management Commands

WINIPCFG Command

To detect bad IP addresses, incorrect subnet masks, and improper broadcast addresses, the winipcfg command can be used to obtain a copy of basic configuration of the interface.

The winipcfg command can also be used for changing setup of the network adapter. We note that if the LAN consists of a single Ethernet network, no explicit routing is usually needed.

Ping Command

The ping command verifies whether a remote host can be reached. It also shows statistic about packet loss and delivery time. The ping command is design for troubleshooting and tracking a single-point hardware or software failure in the Internet. When called, the ping command sends one datagram per second and print one line of output for every ECHO_RESPONSE returned; it sends a message to the designated host and then informs you whether the message was successfully transmitted.

This command is designed for use in network testing, measurement, and management. It was originally used in the UNIX-based networks to see if a remote host is up and responding, and for manual fault isolation. However, it is also found in the Windows 95/98/2000 and Windows NT-based systems. The Windows version of ping command is as listed below:

C:\WINDOWS>ping

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]

[-w timeout] destination-list

Options:

-t Ping the specified host until interrupted.

-a Resolve addresses to hostnames.

-n count Number of echo requests to send.

-l size Send buffer size.

-f Set Don't Fragment flag in packet.

-i TTL Time To Live.

-v TOS Type Of Service.

-r count Record route for count hops.

-s count Timestamp for count hops.

-j host-list Loose source route along host-list.

-k host-list Strict source route along host-list.

-w timeout Timeout in milliseconds to wait for each reply.

The LINUX version of ping command can be obtained by typing the command at the command line.

[lin@paullinux lin]$ ping

usage: ping [-LRdfnqrv] [-c count] [-i wait] [-l preload]

[-p pattern] [-s packetsize] [-t ttl] [-I interface address] host

[lin@paullinux lin]$ ping -c 10 www.mit.edu

PING DANDELION-PATCH.MIT.EDU (18.181.0.31): 56 data bytes

64 bytes from 18.181.0.31: icmp_seq=0 ttl=242 time=59.0 ms

64 bytes from 18.181.0.31: icmp_seq=1 ttl=242 time=45.6 ms

64 bytes from 18.181.0.31: icmp_seq=2 ttl=242 time=48.6 ms

64 bytes from 18.181.0.31: icmp_seq=3 ttl=242 time=50.4 ms

64 bytes from 18.181.0.31: icmp_seq=4 ttl=242 time=47.5 ms

64 bytes from 18.181.0.31: icmp_seq=5 ttl=242 time=65.8 ms

64 bytes from 18.181.0.31: icmp_seq=6 ttl=242 time=54.7 ms

64 bytes from 18.181.0.31: icmp_seq=7 ttl=242 time=48.5 ms

64 bytes from 18.181.0.31: icmp_seq=8 ttl=242 time=51.6 ms

64 bytes from 18.181.0.31: icmp_seq=9 ttl=242 time=48.9 ms

--- DANDELION-PATCH.MIT.EDU ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max = 45.6/52.0/65.8 ms

ARP Command

The ARP command provides information about Ethernet/IP address translation. We can use it to detect systems on the local network that are configured with the wrong IP address.

C:\WINDOWS>arp

Displays and modifies the IP-to-Physical address translation tables used by

address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]

ARP -d inet_addr [if_addr]

ARP -a [inet_addr] [-N if_addr]

-a Displays current ARP entries by interrogating the current

protocol data. If inet_addr is specified, the IP and Physical

addresses for only the specified computer are displayed. If

more than one network interface uses ARP, entries for each ARP

table are displayed.

-g Same as -a.

inet_addr Specifies an internet address.

-N if_addr Displays the ARP entries for the network interface specified

by if_addr.

-d Deletes the host specified by inet_addr.

-s Adds the host and associates the Internet address inet_addr

with the Physical address eth_addr. The Physical address is

given as 6 hexadecimal bytes separated by hyphens. The entry

is permanent.

eth_addr Specifies a physical address.

if_addr If present, this specifies the Internet address of the

interface whose address translation table should be modified.

If not present, the first applicable interface will be used.

NETSTAT Command

The netstat command can be used to check network configuration and monitor a system’s TCP/IP network activity. It will provide a variety of information on how much and what kind of network activity is going on. Under Windows 95/98/2000, The netstat command syntax can be found by entering the following command under the MS-DOS prompt

C:\WINDOWS>netstat ?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports. (Server-side

connections are normally not shown).

-e Displays Ethernet statistics. This may be combined with the -s

option.

-n Displays addresses and port numbers in numerical form.

-p proto Shows connections for the protocol specified by proto; proto

may be tcp or udp. If used with the -s option to display

per-protocol statistics, proto may be tcp, udp, or ip.

-r Displays the contents of the routing table.

-s Displays per-protocol statistics. By default, statistics are

shown for TCP, UDP and IP; the -p option may be used to specify

a subset of the default.

interval Redisplays selected statistics, pausing interval seconds

between each display. Press CTRL+C to stop redisplaying

statistics. If omitted, netstat will print the current

configuration information once.

ROUTE Command

Static routing:

It may be used for small to medium-sized networks not characterized by many redundant paths to most destinations. This can be setup by issuing explicit route commands. The route command can be found in both UNIX and Window 95/98/2000 and Windows NT systems. Some versions of the route command will also display the current routing tables.

Dynamic routing:

The optimal paths to destination are determines at packet transmission time.

C:\WINDOWS>route

Manipulates network routing tables.

ROUTE [-f] [command [destination] [MASK netmask] [gateway]]

-f Clears the routing tables of all gateway entries. If this is

used in conjunction with one of the commands, the tables are

cleared prior to running the command.

command Specifies one of four commands

PRINT Prints a route

ADD Adds a route

DELETE Deletes a route

CHANGE Modifies an existing route

destination Specifies the host to send command.

MASK If the MASK keyword is present, the next parameter is

interpreted as the netmask parameter.

netmask If provided, specifies a sub-net mask value to be associated

with this route entry. If not specified, if defaults to

255.255.255.255.

gateway Specifies gateway.

All symbolic names used for destination or gateway are looked up in the

network and host name database files NETWORKS and HOSTS, respectively. If

the command is print or delete, wildcards may be used for the destination and

gateway, or the gateway argument may be omitted.

C:\WINDOWS>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.

3. Testing and Activities

Testing the network connection

· Try the following commands under the MS-DOS Window, and interpret the results:

C:\WINDOWS>ping www.ipfw.edu

C:\WINDOWS>ping cs.purdue.edu

C:\WINDOWS>ping -n 10 cs.purdue.edu

C:\WINDOWS>ping -n 10 www.mit.edu

Configure the Network Interface with winipcfg (Windows 95/98/2000/NT) or ifconfig (UNIX)

Use winipcfg command to obtain a copy of network interface address information: IP address, default gateway etc.

Display Active Network Connections

· Enter the netstat command, without arguments, to list all active network connections with the local host (node).

C:\WINDOWS>netstat

· We then launch a new connection Internet site, then check the network activities by issuing the netstat command again see what happen.

C:\WINDOWS>netstat

If you provide the -a flag in addition, sockets that are waiting for a connection

(i.e. listening) are displayed as well. This will give you a list of all servers that are currently running on your system. This shows most servers simply waiting for an incoming connection.

· Enter the command

C:\WINDOWS>netstat -a

Displaying Interface Statistics

When invoked with the -e flag, netstat will display statistics for the network interfaces currently configured.

· Enter the command:

C:\WINDOWS>netstat -e

Display Routing Tables

· Enter the following command to obtain a copy of routing tables setup for your networked PC:

C:\WINDOWS>netstat -rn

Manipulate Routing Tables

· To display the active routes of your connection, you enter:

C:\WINDOWS>route print

To display the active route of the LINUX system, you enter:

[lin@paullinux lin]$pwd …. See your present working directory

[lin@paullinux lin]$cd /proc/net …. Change to process/network directory

[lin@paullinux net]$more route …. View the table

[lin@paullinux lin]$cd /home/lin … Change back to your working directory not LIN

Tracing Route

The command for telling us which route packets take going from our system to a remote system is tracert (Windows) or traceroute (UNIX). It prints information about each hop.

· Enter the hollowing commands and obtain tracing route results:

C:\WINDOWS>tracert www.microsoft.com

C:\WINDOWS>tracert www.mit.edu

Ethernet/IP Address Translation Table: arp command

The ARP command of current version of Redhat LINUX can be found through the following commands. We note that ARP command provides information about Ethernet/IP address translation. We can use it to detect systems on the local network that are configured with the wrong IP address.

[lin@paullinux lin]$pwd …. See your present working directory

[lin@paullinux lin]$cd /proc/net …. Change to process/network directory

[lin@paullinux net]$more rap …. View the table

[lin@paullinux lin]$cd /home/lin … Change back to your working directory not LIN