Top 5 Advanced Network Troubleshooting Tools for IT ProsBy Sean Wilkins
A couple weeks ago, we examined 10 basic network troubleshooting tools that every admin should know. While these basic tools we covered are certainly used by all levels of network engineering expertise, there are also a set of more advanced network troubleshooting tools that are typically used by higher level network engineers.
The reason that these tools are used by higher level engineers is not because the tools are hard to use, but because the interpretation of the information that is obtained from them requires a higher level of networking knowledge. This article covers the top 5 advanced network troubleshooting tools that can be used to obtain different levels of network information that can be used to troubleshoot higher level networking problems.
5. Nmap (zenmap)
The nmap utility is one of the most versatile of network tools that is available. Regardless of how much experience a network engineer has, the nmap utility should always be available. Just a few of the things that can be done with nmap include:
- port scanning (TCP/UDP),
- version detection,
- OS detection,
- ping sweeps.
These different capabilities make it possible to do everything from a simple single host port scan to an entire network sweep for host detection and auditing purposes. The number of tasks possible through nmap is really left to the imagination of the user, more information can be found at the nmap website.
While the nmap tool itself is command line based, a GUI has also been developed called zenmap that can be used to make the configuration of nmap considerably easier. Both the nmap command line tool and zenmap are available on a number of different platforms including Windows, Linux (many flavors), *nix (also many flavors) and Mac OS X. Figure 1 below shows the zenmap GUI with results from a simple scan of a Linksys router from an inside interface.
Another one of those essential network troubleshooting tools that should be in the bag of utilities of any experienced engineer is a packet scanner. The most basic of functions that is provided by a packet scanner is the ability to capture and analyze individual packets that are sent across a network.
Wireshark includes many different functions that provide the ability to perform a number of different analysis including filtering by conversation (i.e. IPv4, TCP, UDP..) and
protocol analysis (HTTP, VoIP protocols (RTP, SIP, H.225..).
Tcpdump is another packet scanner that is available that provides the ability to analyze network traffic and is very easy to configure. Tcpdump is used on a Linux machine (various flavors) and is available for Windows as Windump.
Figure 2 below shows the wireshark GUI that is available for a number of different OS’s including Windows, Linux, and Mac OS X.
When troubleshooting or designing a wireless network, it is vital that some analysis be done on the currently available and used channels being used at specific locations within a network. As the 802.11b, g, and n standards all use the 2.4 GHz range and are limited to only 3 nonoverlapping channels, it is important to determine what networks are using these channels. If more than one network is attempting to use the same channel (or a channel that overlaps), the wireless network will be affected.
The 802.11a and n standard use the 5 GHz range; when using this range there are many more available channels that do not overlap with each other. The inSSIDer utility can be used to not only scan for different networks within the 2.4 and 5 GHz ranges but also list the current signal strengths of different wireless networks within range.
Figure 3 below shows an example of inSSIDer in use scanning the 2.4GHz range and showing how the various wireless channels overlap.
2. Syslog Server (KLog)
While it may not seem like a normal utility to recommend, a syslog server can be used as an important tool when troubleshooting network troubles. This is true especially when the cause of a networking issue has been hard to determine.
In large organizations, often a network management system is put in place automatically which allows all of the network elements to record network events (i.e. interfaces going up and down, CPU utilizations, memory utilizations). This can then be used as a historical reference when troubleshooting a network problem. In smaller organizations, this type of system is typically too expensive to justify and is thus not installed.
A simple syslog server can be installed in the field to receive network events from key network elements. This information can then be recorded over time and help in determining the cause of a networking problem.
Figure 4 below shows an example of the KLog syslog server.
1. PTRG Network Monitor
Finally, the last of the five recommended networking troubleshooting tools includes the PTRG network monitor (there are others as well). This utility offers the ability to track the status of different sensors over a period of time; these sensors monitor anything from simple reachability (ping) to the response time of specific services (i.e. HTTP or POP).
Along with the implementation of a syslog server, this utility can monitor not only the different messages send from different network elements but also can monitor the status of these various servers run on network elements. As with most of these tools, there are a number of different configuration options that are available that can all be used and customized to the needs of a specific situation.
Figure 5 below shows an example of the PTRG network monitor screen when monitoring HTTP live over a period of 2 hours and running. The free version of PTRG network monitor provides the ability to monitor up to 10 sensors.
As with all of these types of articles, the contents are subjective; if any utilities were not listed that you believe should be included in this list please comment and leave links to these utilities. Hopefully, the information about the different network troubleshooting tools in this article will help IT pros to keep on hand when troubleshooting network issues.
About the Author
Sean Wilkins is an accomplished networking consultant for SR-W Consulting (http://www.sr-wconsulting.com) and writer/editor for infoDispersion (http://www.idisperse.info). Sean has been in the IT field for over 15 years, working with companies like Cisco, Lucent, Verizon and AT&T as well as several other private companies. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+). His educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, a Master’s of Science in Organizational Management, a Master’s Certificate in Network Security, a Bachelors of Science in Computer Networking, and an Associates of Applied Science in Computer Information Systems.
Author's Website: http://www.sr-wconsulting.com