To properly manage and monitor your Windows
network, you need to become familiar with the tools required to manage,
monitor, and troubleshoot problems. Let us take a look at some of the
basic network utilities.
Ping —This
is one of the most basic, yet most useful tool you will use when
troubleshooting server problems. The ping utility does just that it
pings a given server name or IP address to see if the host is
responding on the network. If a server fails to respond to a ping, it
may be off-line.
PathPing
—PathPing provides a more in-depth ping test that not only tests to see
if the host is alive, but also displays the IP paths that the ping has
gone through, such as network routers. PathPing also gathers statistics
related to the ping test.
NSLookup
—NSLookup is a key DNS name resolution testing utility. The NSLookup
command allows you to send queries to DNS Servers to ensure that they
respond and provide the correct result to the query.
Network Monitor (netmon)
—Network Monitor allows you to capture network traffic and packets on
your network and analyze them. Network Monitor is a great utility to
understand which servers talk to each other and what protocols and
ports they use to do so.
Using ping, PathPing, and NSLookup
Ping, PathPing, and NSLookup are great tools to
assist with testing and troubleshooting Windows networks. Brief
examples of using each are provided below.
As mentioned, Ping can be used to see if an IP
address is “alive” on the network. The ping utility will also return
the time it took the ICMP ping packet to reach the target IP and
receive a reply. To perform a simple ping, open a command prompt and
issue the command Ping IP Address or Hostname. For example, Ping 192.168.4.1 or Ping server1 PathPing commands are issued in the same format but provide more in-depth analysis of the path being taken by the ping.
The NSLookup utility can help you test name
resolution using DNS. To perform a simple DNS query test using
NSLookup, simply open a command prompt and enter the command NSLookup FQDN of host, for example, NSLookup www.syngress.com.
You can additionally move to a NSLookup console by simply entering
NSLookup at a command prompt. From there you can perform a query by
entering a hostname. You can also change DNS Servers for queries by entering the command server DNS Server FQDN, for example, server ns1.syngress.com.
Overview of Network Monitor
Microsoft originally included a slimmed-down version
of the Network Monitor as part of the operating system. As an
administrator, you could add the component and use the lightweight
Network Monitor version. The fully featured version of Network Monitor
was included as part of System Management Server (SMS). Recently
Microsoft released a fully functional Network Monitor that was made
available free from the Microsoft Download Center Web site. Network
Monitor 3.3 can be downloaded via this link:
www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f
After installing Network Monitor, it can be launched from a desktop shortcut or via the Start menu. Upon launching, the main Network Monitor window will open as seen in Figure 1. This is where you can start a new packet capture process and select the network adapters to include in the capture.
To begin a new network capture, click the Capture button opening a new capture tab. Then click the Start
button. You will immediately see packet information displayed in
real-time as traffic flows to and from the selected network interfaces.
After you have finished capturing traffic, click the Stop
button. When troubleshooting, typically, you will start the capture
just prior to a specific error appearing, and then stopping the capture
after the error occurs.
After you have captured network data, you can view
frame details of captured packets by selecting a frame in the frame
summary pane. The details will be displayed in frame details (see Figure 2).
Here you can dissect exactly what information was inside the frame. You
can optionally limit information displayed in the frame summary pane by
selecting the specific application you want to view from the left pane.
If you want to further limit the types of traffic
displayed in the frame summary pane, you can create filters. A filter
is a way to view only specific traffic based upon criteria defined in
the filter. For example, if you want to view only URL traffic for
syngress.com, you could apply the http URL filter as seen in Figure 3.
The Network Monitor can be a very valuable
tool when troubleshooting issues that are related to network
connectivity. Using Network Monitor, you can
view in-depth details about where servers are attempting to communicate
and what type of traffic is being sent over particular network
interfaces.
