Troubleshooting Internet Connectivity

Objective:

Troubleshoot connectivity to the Internet.

Just when you thought you were done troubleshooting network connectivity problems, along comes the Internetthe Wild West of network connectivity. Although there are no tools designed specifically for troubleshooting Internet connectivity problems in Windows Server 2003, the full toolbox of network troubleshooting tools with which you are already familiar can be used to help alleviate any problems you might have.

When you need to troubleshoot Internet connectivity problems, you can use ping, tracert, nslookup, pathping, and the Network Diagnostics tool. ping and the Network Diagnostics tool are discussed in Chapter 1, "Configuring and Troubleshooting TCP/IP Addressing." nslookup is discussed in Chapter 3, "Implementing and Managing DNS."

The pathping command acts as the equivalent of the TRacert command by allowing you to identify which routers are in the path that the packets take. It also acts as the equivalent of the ping command by sending ping requests to all the routers over a specified time period and then computing statistics based on the packets returned from each router. pathping displays the amount of packet loss at each router or link, allowing you to determine which routers and links (subnets) might be causes of connectivity troubles.

This is the basic syntax of the pathping command:

[View full width]
pathping [-g host-list] [-h maximum_hops] [-i address] [-n]   [-p period] [-q num_queries]  [-w timeout] [-4] [-6] target_

Table 9.4 explains the switches of the pathping command.

Table 9.4. `pathping` Switches
Switch	Description
`-g` `host-list`	Specifies that Echo Request messages are to use the Loose Source Route option in the IP header with the set of intermediate destinations specified in `host-list`. Successive intermediate destinations can be separated by one or multiple routers. `host-list` is a series of IP addresses (in dotted-decimal notation), separated by spaces.
`-h` `maximum hops`	Specifies the maximum number of hops in the path to search for the target. The default is 30 hops.
`-i` `address`	Specifies the source address.
`-n`	Specifies that addresses are not to be resolved to host names.
`-p` `period`	Specifies the number of milliseconds to wait between consecutive `ping`s. The default is 250 milliseconds.
`-q` `num queries`	Specifies the number of Echo Request messages sent to each router in the path. The default is 100.
`-w` `timeout`	Specifies the number of milliseconds to wait for each reply. The default is 3,000 milliseconds.
`-4`	Specifies that `pathping` use IPv4 only.
`-6`	Specifies that `pathping` use IPv6 only.
`target`	Specifies the destination, either by IP address or hostname.

The following is an example of the output that you might expect to receive when using the pathping command:

[View full width]
C:\>pathping quepublishing.com Tracing route to quepublishing.com [63.240.93.132] over a maximum of 30 hops:   0  ptgms03.corp.quepublishing.com [192.168.0.158]   1  192.168.1.254   2  68.152.202.125   3  68.152.202.105   4  205.152.246.25   5  axr00msy-7-0-0-3.bellsouth.net [65.83.237.76]   6  pxr00msy-0-0-0.bellsouth.net [65.83.236.32]   7  so-2-0-0.gar2.Dallas1.Level3.net [67.72.4.1]   8  ae-23-52.car3.Dallas1.Level3.net [4.68.122.47]   9  att-level3-oc48.Dallas1.Level3.net [4.68.127.106]  10  gbr1-a30s8.dlstx.ip.att.net [12.123.16.30]  11  tbr1-cl6.sl9mo.ip.att.net [12.122.10.89]  12  tbr1-cl4.wswdc.ip.att.net [12.122.10.29]  13  tbr2-cl27.wswdc.ip.att.net [12.122.9.150]  14  tbr2-cl15.n54ny.ip.att.net [12.122.10.53]  15  ar1-p30.n54ny.ip.att.net [12.123.0.53]  16  mdf1-gsr12-2-pos-7-0.nyc3.attens.net [12.122.255.162]  17  mdf2-bi8k-2-gig1-1.nyc3.attens.net [63.240.64.166]  18     *        *        * Computing statistics for 450 seconds...             Source to Here   This Node/Link Hop  RTT   Lost/Sent = Pct  Lost/Sent = Pct  Address   0                                           ptgms03.corp.quepublishing.com [192.168.0.158]                                0/ 100 =  0%   |   1    1ms     0/ 100 =  0%     0/ 100 =  0%  192.168.1.254                                0/ 100 =  0%   |   2   42ms     1/ 100 =  1%     1/ 100 =  1%  68.152.202.125                                0/ 100 =  0%   |   3   49ms     0/ 100 =  0%     0/ 100 =  0%  68.152.202.105                                0/ 100 =  0%   |   4   48ms     1/ 100 =  1%     1/ 100 =  1%  205.152.246.25                                0/ 100 =  0%   |   5   70ms     0/ 100 =  0%     0/ 100 =  0%  axr00msy-7-0-0-3.bellsouth.net [65.83.237.76]                                1/ 100 =  1%   |   6   65ms     2/ 100 =  2%     1/ 100 =  1%  pxr00msy-0-0-0.bellsouth.net [65.83.236.32]                                0/ 100 =  0%   |   7   86ms     2/ 100 =  2%     1/ 100 =  1%  so-2-0-0.gar2.Dallas1.Level3.net [67.72.4.1]                                0/ 100 =  0%   |   8   81ms     3/ 100 =  3%     2/ 100 =  2%  ae-23-52.car3.Dallas1.Level3.net [4.68.122.47]                                0/ 100 =  0%   |   9  ---     100/ 100 =100%    99/ 100 = 99%  att-level3-oc48.Dallas1.Level3.net [4.68.127.106]                                0/ 100 =  0%   |  10  ---     100/ 100 =100%    99/ 100 = 99%  gbr1-a30s8.dlstx.ip.att.net [12.123.16.30]                                0/ 100 =  0%   |  11  ---     100/ 100 =100%    99/ 100 = 99%  tbr1-cl6.sl9mo.ip.att.net [12.122.10.89]                                0/ 100 =  0%   |  12  ---     100/ 100 =100%    99/ 100 = 99%  tbr1-cl4.wswdc.ip.att.net [12.122.10.29]                                0/ 100 =  0%   |  13  ---     100/ 100 =100%    99/ 100 = 99%  tbr2-cl27.wswdc.ip.att.net [12.122.9.150]                                0/ 100 =  0%   |  14  ---     100/ 100 =100%    99/ 100 = 99%  tbr2-cl15.n54ny.ip.att.net [12.122.10.53]                                0/ 100 =  0%   |  15  ---     100/ 100 =100%    99/ 100 = 99%  ar1-p30.n54ny.ip.att.net [12.123.0.53]                                0/ 100 =  0%   |  16  ---     100/ 100 =100%    99/ 100 = 99%  mdf1-gsr12-2-pos-7-0.nyc3.attens.net [12.122 .255.162]                                0/ 100 =  0%   |  17  131ms     1/ 100 =  1%     0/ 100 =  0%  mdf2-bi8k-2-gig1-1.nyc3.attens.net [63.240 .64.166]                               99/ 100 = 99%   |  18  ---     100/ 100 =100%     0/ 100 =  0%  ptgms03.corp.quepublishing.com [0.0.0.0] Trace complete.

The output of pathping shows you not only what routes experience packet loss, but also which routers drop packets. This is valuable information when you're trying to track down an Internet-related connectivity problem.

Exam Alert: Be Aware of Misleading Results

Sometimes, what appears to be a router failure might not be a router failure at all, but simply a firewall that is configured to block ICMP packets. You can test this configuration by trying to ping www.microsoft.com. Microsoft has been blocking ICMP packets for years now as a means of preventing denial-of-service (DoS) attacks on its networks.

Challenge

You have been hired by Sunshine Pastries, LLC to perform a traffic analysis on the company network. The owner of the company has informed you that he is especially interested in the traffic that is going into and out of three different file servers on the network. Several users have complained that the file servers seem to be sluggish and unresponsive at times, even though they appear to be running properly. The owner suspects that some of the older legacy Windows clients on the same subnet as these three file servers may be overwhelming the subnet with broadcast traffic. Your job is to determine what type of traffic the file servers see.

Your task is to perform the required network traffic captures for Sunshine Pastries and determine what, if any, changes should be made.

Try to complete this exercise on your own, listing your conclusions on a sheet of paper. After you have completed the exercise, compare your results to those given here.

Answers

In this scenario, you'll want to use the Network Monitor to capture and analyze the traffic flowing into and out of the three file servers in question. Specifically, you'll need to do the following:

Determine what kinds of traffic are crossing the network adapters of the three file servers.
Filter out broadcast traffic from unicast traffic and isolate it to its source.
Use the Network Monitor supplied in Windows Server 2003 to capture traffic sent to or from the computer on which it is running.

By installing, configuring, and running the Network Monitor locally on each of the three servers, you can start the analysis of what type of traffic might be slowing down the servers.

If you plan on capturing traffic for some time, say two or three hours, you will most likely want to configure the capture filter before you actually start capturing data. This will allow you to quickly analyze only the pertinent types of traffic for which you are looking. The downside to filtering traffic while capturing it is that you will see only the traffic that meets the filter criteria. On the other hand, if you decide to filter traffic after the capture, you will be able to see all packets that traversed the server's network adapters. The downside to this method is that your capture files will be very large.

No matter which way you plan on capturing the traffic, you will be well on your way to determining the type of broadcast traffic the servers see, as well as the sources of the traffic. You will be able to help Sunshine Pastries increase the speed and efficiency of its network by providing it with the information it needs to prevent the excessive broadcasting on that subnet.

Table 9.4. pathping Switches

Challenge

Answers

Table 9.4. `pathping` Switches