Section 13.2. Diagnostic Tools

Because most problems have simple causes, developing a clear idea of the problem often provides the solution. Unfortunately, this is not always true, so in this section we begin to discuss the tools that can help you attack the most intractable problems. Many diagnostic tools are available, ranging from commercial systems with specialized hardware and software that may cost thousands of dollars, to free software that is available from the Internet. Many software tools are provided with your Unix system. You should also keep some hardware tools handy.

To maintain the network's equipment and wiring, you need some simple hand tools. A pair of needle-nose pliers and a few screwdrivers may be sufficient, but you may also need specialized tools. For example, attaching RJ45 connectors to unshielded twisted pair (UTP) cable requires special crimping tools. It is usually easiest to buy a ready-made network maintenance toolkit from your cable vendor.

A full-featured cable tester is also useful. Modern cable testers are small hand-held units with a keypad and LCD display that test both thinnet and UTP cable. Tests are selected from the keyboard and results are displayed on the LCD screen. It is not necessary to interpret the results because the unit does that for you and displays the error condition in a simple text message. For example, a cable test might produce the message "Short at 74 feet." This tells you that the cable is shorted 74 feet away from the tester. What could be simpler? The proper test tools make it easier to locate, and therefore fix, cable problems.

A laptop computer can be a most useful piece of test equipment when properly configured. Install TCP/IP software on the laptop. Take it to the location where the user reports a network problem. Disconnect the Ethernet cable from the back of the user's system and attach it to the laptop. Configure the laptop with an appropriate address for the user's subnet and reboot it. Then ping various systems on the network and attach to one of the user's servers. If everything works, the fault is probably in the user's computer. Users trust this test because it demonstrates something they do every day. They have more confidence in the laptop than in an unidentifiable piece of test equipment displaying the message "No faults found." If the test fails, the fault is probably in the network equipment or wiring. That's the time to bring out the cable tester.

Another advantage of using a laptop as a piece of test equipment is its inherent versatility. It runs a wide variety of test, diagnostic, and management software. Install Unix on the laptop and run the software discussed in the rest of this chapter from your desktop or your laptop.

This book emphasizes free or "built-in" software diagnostic tools that run on Unix systems. The software tools used in this chapter, and many more, are described in RFC 1470, FYI on a Network Management Tool Catalog: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices. A catchy title, and a useful RFC! The RFC is somewhat dated, but it does point out some very useful tools. The tools listed in that catalog and discussed in this book are:

ifconfig

Provides information about the basic configuration of the interface. It is useful for detecting bad IP addresses, incorrect subnet masks, and improper broadcast addresses. Chapter 6 covers ifconfig in detail. This tool is provided with the Unix operating system.

arp

Provides information about Ethernet/IP address translation. It can be used to detect systems on the local network that are configured with the wrong IP address. arp is covered in this chapter and is used in an example in Chapter 2. arp is delivered as part of Unix.

netstat

Provides a variety of information. It is commonly used to display detailed statistics about each network interface, the network sockets, and the network routing table. netstat is used repeatedly in this book, most extensively in Chapters Chapter 2, Chapter 6, and Chapter 7. netstat is delivered as part of Unix.

ping

Indicates whether a remote host can be reached. ping also displays statistics about packet loss and delivery time. ping is discussed in Chapter 1 and used in Chapter 7. ping also comes as part of Unix.

nslookup

Provides information about the DNS name service. nslookup is covered in detail in Chapter 8. It comes as part of the BIND software package.

dig

Also provides information about name service and is similar to nslookup.

traceroute

Prints information about each routing hop that packets take going from your system to a remote system.

snoop

Analyzes the individual packets exchanged between hosts on a network. snoop is a TCP/IP protocol analyzer included with Solaris 8 systems. It examines the contents of packets, including their headers, and is most useful for analyzing protocol problems. tcpdump is a tool similar to snoop that is provided with Linux systems.

This chapter discusses each of these tools, even those covered earlier in the text. We start with ping, which is used in more troubleshooting situations than any other diagnostic tool.