Full-Blown Internetwork Troubleshooting Guide
Warning, This guide requires somewhat deeper knowledge in Internetworking terms.
Let's start...
To simplify things, computer internetwork can be described as layered communication of computer network protocols. The one I use is "Open System Interconnection Reference Model", it divides computer internetworking into seven basic layers. These are the layers:
Now, remember the arrangement of the entries.
- Application Layer (DNS, FTP, HTTP, NFS, AFP, SMB/CIFS, SSH, Telnet, etc)
- Presentation Layer (MIME, etc)
- Session Layer (NetBIOS, Named Pipes, etc)
- Transport Layer (TCP, UDP, PPTP, SSL, TLS, SCTP, etc)
- Network Layer (IP, ICMP, IGMP, IPsec, etc)
- Data Link Layer (MAC address, Frame Relay, HDLC, etc)
- Physical Layer (Ethernet, 802.11a/b/g/n, etc)
When we connect a computer to a network, we work from bottom layers upward. Layers that are related to our troubleshooting will be Physical Layer, Data Link Layer, Network Layer and Transport Layer. Here's the chronological order when you plug a network cable onto your computer:
1. Physical layer:
The physical layer consists of hardware. Several protocols that resides on this layer are: 10BASE-T, 100BASE-T, 1000BASE-T, and many more. In this case we are talking about network interface cards and network interconnect cables (Ethernet, mostly 100BASE-T or 1000BASE-T). When you troubleshoot, first you need to make sure that your cables are OK, every pin on one end are connected to the other pin on the other end (PIN assignment are another matter to discuss). So in a UTP cable, there are 8 pins, each of this pins must connect from one end to the other end of the cable. Next, you need to make sure that the interface is indeed operational, as in the LED indicator blinks when you connect it to a broadband modem/router/switch (simply saying that it's not dead, you can have other ways to check that it's not dead). Once you are sure that both of our "Physical Layer" are OK, we can continue to the next Layer. This layer is responsible for Device-to-Device connection, electrical currents runs on this layer.
2. Data Link Layer
Several protocols that resides on this layer are ARP, MAC, Frame Relay, FDDI, HDLC, IEEE 802.11 (Wifi), CDP, MPLS, and so on. When both of your network interface are online and connected to each other using an interconnect cable, it should start it's own Data Link layer negotiation process. In this case, let's take "Ethernet" as our Data Link Layer example. In Ethernet we got "Media Access Control" sublayer a.k.a MAC address. This is the SECOND layer for our internetwork to be able to connect to each other. In a Managed Switch, you can see the process of each MAC address gets registered in the switch's memory and being processed for link negotiation (10/100/1000 Mbps speed, then is it Full Duplex or Half Duplex). Once the negotiation is done, the network interface should indicate the result (example: if your NIC capable of 100/1000, amber LED = 100Mbps link, green LED = 1000Mbps link). Once the Data Link Layer done it's business, we are connected on the SECOND Layer. The data that "runs" this place is called "frames", so when your Ethernet NIC send something over the network, it's sending "frames" which then get received by another device to be either processed further (a switch, the frame will be "switched" over), or to be received (destination host) . This layer is responsible for Node-to-Node frame delivery, frames runs on this layer.
3. Network Layer
This is where we the user have some degree of control, the previous layers are "auto-initiated". Several protocols that resides on this Layer are IP, ICMP, IPsec, IGMP, and so on. In our case, we use IP, it is responsible for end-to-end packet delivery including routing through multiple internetwork nodes. In IP we get to have "IP address", a unique address that identify our node in the vast IP network. We get to choose the address we want, or if you can't be bothered to make one to use, you can rely on DHCP server to assign an address to you automatically (what is DHCP is beyond my guide).
There are several versions for IP address, but the ones we use are IPv4 (32bit) and IPv6 (128bit). Let's use the IPv4 for now, IPv6 is not common enough to be used/discussed. IP address can be defined by 2 elements, first the IP address number it self (example: 192.168.0.1) and the subnet[work] mask ("255.255.255.0" or can be defined as "/24").
What does it mean? To read an IP address you need both of those numbers.
For the proper technical way how to calculate IP address, you can find online tools to do that, it is beyond my guide. IP address is self is managed by an organization called IANA (Internet Assigned Numbers Authority). IPv4 are divided into 2 groups, first group is the "Public IP address", the second is "Private IP address". Here's a link to Wikipedia's page about IP addressing, since it's to broad for me to explain... :)
- The first part of IP address is the "NETWORK ADDRESS". This is analogous with your "Street address" in your home address. To calculate the network addres is simply "masking" the IP Address with the network address, the result is your Network addres. In my example, 192.168.0.1 subnet 255.255.255.0, will have "192.168.0.0" as it's "NETWORK ADDRESS" (discarding .1 because the mask we use is the "255.255.255").
- The second part of IP address is the "HOST ADDRESS". This is analogous with your "House number" in your home address. To calculate the host address, you mask the IP address with the rest of subnet mask (the "0" part), which will result a ".1", combine that with the network address, you'd get "192.168.0.1". That's your HOST ADDRESS, 192.168.0.1, with 192.168.0.0 as NETWORK ADDRESS.
So, the first rule you need to have a proper IP address, and be able to communicate with other nodes on your network is:
- You need to have a UNIQUE HOST ADDRESS in that NETWORK ADDRESS.
- You need to have the same Subnet mask as the rest of the network.
- You need to be in the SAME network as the rest of the nodes.
Example: You have 192.168.0.1/24, Your Network address is 192.168.0.0, the Host address is 192.168.0.1. Other Nodes on the network must have the same Network address as your computer, so they must have 192.168.0.2 to 192.168.0.254 as their HOST address, you won't connect to other nodes if those nodes have 192.168.1.2 as their IP address, it's different network than you. Analogous to street address, there are many houses with "01" as the House number, but there are several blocks that has "01"s in them. You need to get the network address right first to be able to communicate with each other.Code:Note: IP address: 192.168.0.1 Subnet Mask: 255.255.255.0 This IP address can be written as 192.168.0.1/24 (255.255.255.0 = 24bit)
Connecting this layer to the previous layer, our "packets" in this layer are to be grouped or divided accordingly so that it can be encapsulated (wrapped) into ONE "frame" (Data Link Layer), then transmit the "frame" as series of electrical signals over the network cable to another interface. This layer is responsible for Host-to-Host packet delivery, including to find the best route to get from one Host to another. Packets runs in this layer.
4. Transport Layer
This layer responsible for making sure that our packets reaches the destination host. It can do that by controlling the flow, segment size, the speed of data exchange, etc. For example, if you send an IM to your friend, the TCP will then break up your "IM message" to sizable chunks, encapsulate it to a packet, put some header, on the data, then send it over the IP protocol. When the Packet gets received on the other end, the host on the other end will send your computer an "acknowledged" message, saying that the packet is received intact. Once the TCP on your side received that "ACK", it then continues to send the next package. One IM can take more than one package to be send, so without TCP, you can send "I'll pick you up at 8, dinner at our favorite restaurant" message, but some are lost on the way, making it "I'll pyou u8,doufa ant", which is nonsense. TCP will make sure that it sends the message intact. If an error happens, it will throw an error, so you know that you need to send the message once again.
Test case
Say you have a connection problem between a desktop (connected via ethernet cable) to your broadband router. You can't browse the internet, but the internet is online, your brother can use XBOX Live while you're struggling with your connection.
Here are the steps:
"Physical Layer"
Make sure that your Ethernet adapter is operational, check device manager, look at the back of your case, make sure the LED indicator is blinking. If it doesn't blink, check the cable, change the port on the broadband router to another vacant port, maybe the port is dead or something. Once you determined that the "Physical Layer" is up to snuff, we can go to the next layer.
"Data Link Layer"
Next we check the Data Link Layer, this we need ARP to check it. To invoke your computer to connect to your broadband router, do a ping. Once the ping is done, whatever the result, do a "arp -a" in the command prompt. Look at the bottom of your broadband router, it should list a MAC addres/Physical Addres for it's LAN/WAN interface, look for that MAC Address on the listed Physical addresses thrown by "arp -a". If you can find it, then it is connected on the Data Link layer.
"Network Layer"
Next we check the Network Layer. Of course your broadband router has an IP address, and by default, most of them will have a DHCP server inside them so you don't need to define your own IP address. But let's assume that the DHCP server in your broadband router is demented/crazy/crashed/idiot/whatever, you can't rely on it to get an IP address. Assuming you know the broadband router's LAN IP address, you can makeup your own. Let's say the LAN interface of your broadband router is "192.168.10.1 subnet 255.255.255.0", you can assign your computer "192.168.10.2 subnet 255.255.255.0". Once you hit OK, your interface should have "192.168.10.2" as it's IP address. Do not put anything in the rest of the boxes yet (empty "Default Gateway", "Preferred DNS Server"). Now you can start pinging your broadband router to check the connection.
Case:
"Network Layer: Routing [Default Gateway]"
- "Hardware error" reply: You need to check the lower layers again.
- "Request Timed out", Packet sent 4, Packet received 0, packet lost 100%: All of the ping request somehow got lost in the way, check lower layers.
- "Request Timed out", Packet sent 4, Packet received 2, packet lost 50%: Some of the ping requests got lost, some made it back, check cable and interface.
- "Reply from 192.168.10.1...", Packet sent 4, Packet received 4, packet lost 0%: connection is established and are running fine.
By this time, your computer is connected to the broadband router, but not yet connected to the Internet. This time you need to put a "Default Gateway" in your computer's TCP/IP properties. Now this one is somewhat tricky part, for this example, the broadband router is the "Gateway", so you can put "192.168.10.1" in the "Default Gateway" text box. For a more elaborate setup, you might need to ask your IT guy/Network Administrator as for what gateway to use. Once you put that number in, your computer should be connected to the Internet BUT WON'T BE ABLE TO BROWSE THE NET JUST YET. To test the connection:
type this in command prompt(Windows):
or type this in terminal (unix/linux/MacOS):Code:tracert 208.77.188.193
It should list a number of hosts it passes to reach 208.77.188.193. The first one should be your broadband router, the second is your ISP, and so on.Code:traceroute 208.77.188.193
"Network Layer: Routing Helper [DNS]"
Now when we browse the Internet, we use hostnames, like "www.sevenforums.com". This is an "intermediate form" of IP address that is used in the IP stack. We humans are mostly bad with numbers, so we need something more "verbal" to attach our memories to. For our computer to be able to understand "www.sevenforums.com", we need a DNS server that will resolve that name to an IP address (remember, Network Layer uses IP address, numbers, not some_human_readable_text/hostname).
Now, most of the time in our example, you can put the broadband IP address as the "Preferred DNS server" because most of these devices can act as DNS proxy which will cache the resolved names in it's memory, and forwards the DNS resolution request if it doesn't have the record. For a more elaborate setup, you need to ask your IT guy/Network Administrator for DNS server to use.
Once you put the DNS on it, you can test it by typing this command in the command prompt:
If everything works, it should show you the Address(es). If it fails, it will tell you that it can't contact the DNS server. When that happens, you need to call your ISP/Network Administrator to get the right DNS Server IP address.Code:nslookup www.iana.org
Now, if traceroute/tracert shows that your computer's request is being routed through the Internet, and you can resolve hostnames to IP addresses, you are officially connected to the internet.
This concludes my guide. This guide will help you understand the basics of how a computer network works. Some services or antivirus or malware can hinder your computer's ability to connect to some host on the internet, but this is the very basic steps to test if your computer is indeed connected.
I don't talk about Layer 5 and above because it's depends on the OS and applications. Those can take a veryyyyyy loooooooongg time to explain.
Anyway, I'll update this guide sometime in the future if I have time :)
Good luck with your troubleshooting,
zzz2496