Contact Us   |   FAQ   |   Cart/Checkout
  |   Register   |  
Search  
SHOP BY TOPIC

Integrating Unix and NT Technology

Last Updated 2/3/2009 3:42:58 PM


Abstract


This chapter looks at diagnostic and management utilities incorporated into TCP/IP -- the cornerstone of Unix and Windows NT integration -- and then looks at helpful utilities specific to each operating system.

The tasks of troubleshooting and preparing for problems in advance keep many administrators busy. In this chapter, we first look at diagnostic and management utilities incorporated into TCP/IP, the cornerstone of Unix and Windows NT integration, and then look at helpful utilities specific to each operating system.


TCP/IP UTILITIES

A number of tools built into each operating system’s TCP/IP implementation can be used for diagnostic purposes. These utilities help troubleshoot and isolate the source of TCP/IP problems. Individually, each tool provides a different view of the process of resolving an IP address to a hardware address and then routing the IP packet to the appropriate destination. Bear in mind the following general rules when using these tools:
  • If TCP/IP can’t communicate from a host to a remote host system, the TCP/IP utilities listed in the following sections won’t work correctly.
  • If the systems are on different subnetworks and can’t communicate, remember that TCP/IP requires routing to communicate between subnetworks.
  • If systems that were previously able to communicate can no longer communicate, suspect either your router(s) or changes in software configuration.
  • Utilities that require user names and passwords on the remote host need a user account on the remote system. Trust relationships aren’t the same as achieving connectivity.


    • In the following sections, we cover six TCP/IP tools:

  • Address Resolution Protocol (ARP)
  • Hostname
  • NETSTAT
  • NSLOOKUP
  • PING
  • ROUTE
  • Simple Network Management Protocol (SNMP)

ARP


Once a host name has been resolved to an IP address, your computer must resolve the IP address to a network card address (MAC address). The Address Resolution Protocol (ARP) handles this task.

As a utility, ARP can show the entries in the Address Resolution table, which maps MAC addresses to IP addresses. You can check to see whether the IP addresses you believe should be in the table are actually in the table, and you can check that they are mapped to the computers they should be mapped to. Usually, you don’t know the MAC addresses of the hosts on your network. However, if you can’t contact a host or if you connect to an unexpected host, you can check this table with the ARP command to begin isolating which host is actually assigned to a particular IP address.

The ARP utility lets you view the addresses that have been resolved. The ARP command’s syntax is ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr] and its options are explained below:
  • -a — Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
  • -g — Same as -a.
  • inet_addr — Specifies an Internet address.
  • -N if_addr — Displays the ARP entries for the network interface specified by if_addr.
  • -d — Deletes the host specified by inet_addr.
  • -s — Adds the host and associates the Internet address inet_addr with the physical address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent.
  • eth_addr — Specifies a physical address.
  • if_addr — If present, this option specifies the Internet address of the interface whose address translation table should be modified. If it’s not present, the first applicable interface will be used.

Hostname


The hostname.exe utility returns the name of the local host. It can be used only to view the name, not to change it. In NT, the host name is changed from the Network applet on the Control Panel.

NETSTAT


NETSTAT is a command-line utility that lets you check the status of current IP connections. Executing NETSTAT without switches displays protocol statistics and current TCP/IP connections.

Once you have determined that the base-level communications are working, you need to verify the services on your system. NETSTAT lets you do this by identifying the services that are listening for incoming traffic or verifying that you are creating a session with a remote station, or both.

In summary, NETSTAT displays protocol statistics and current TCP/IP network connections. The syntax for NETSTAT is

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

and a number of switches that can be used with the utility are listed below:
  • -a — Displays all connections and listening ports. (Server-side connections are normally not shown).
  • -e — Displays Ethernet statistics. This option may be combined with the -s option.
  • -n — Displays addresses and port numbers in numerical form.
  • -s — Displays per-protocol statistics. By default, statistics are shown for TCP, UDP, and IP; the -p option may be used to specify a subset of the default.
  • -p proto — Shows connections for the protocol specified by proto; proto may be TCP or UDP. If it’s used with the -s option to display per-protocol statistics, proto may be TCP, UDP, ICMP, or IP.
  • -r — Displays the contents of the routing table.
  • interval — Redisplays selected statistics, pausing the number of seconds specified by this option between each display. Press Ctrl+C to stop redisplaying statistics. If this parameter is omitted, NETSTAT will print the current configuration information once.

NSLOOKUP


NSLOOKUP is a command-line utility that lets you verify entries on a DNS server. You can use NSLOOKUP in two modes: interactive and noninteractive. In interactive mode, you start a session with the DNS server in which you can make several requests. In noninteractive mode, you specify a command that makes a single query of the DNS server. To make another query, you must type another noninteractive command.

The parameters that can be used with NSLOOKUP are listed below:
  • nslookup [-opt ...] — Interactive mode using default server
  • nslookup [-opt ...] - server — Interactive mode using the server specified by server
  • nslookup [-opt ...] host — Just look up host using default server
  • nslookup [-opt ...] host server — Just look up host using server

PING


The ping command is one of the most useful commands in the TCP/IP protocol. It sends a series of packets to another system, which in turn sends back a response. This utility can be extremely useful in troubleshooting problems with remote hosts.

Ping is used as a command-line program with the syntax shown below:

ping [-t] [-a] [-n count ] [-l size] [-f ] [-i TTL] [-v TOS] [-r count ] [-s count ] [[-j host-list ] | [-k host-list ]] [-w timeout]destination-list

Ping takes the parameters listed below:
  • -t — Pings the specified host until interrupted
  • -a — Resolves addresses to host names
  • -n count — Number of echo requests to send
  • -l size — Sends buffer size
  • -f — Sets “Don’t Fragment” flag in packet
  • -i TTL — Time to live
  • -v TOS — Type of service
  • -r count — Records route for count hops
  • -s count — Time stamp for count hops
  • -j host-list — Loose source route along host-list
  • -k host-list — Strict source route along host-list
  • -w timeout — Time-out in milliseconds to wait for each reply
Ping indicates whether the host can be reached and how long it took for the host to send a return packet. On a local area network (LAN), the time indicated can be less than 10 milliseconds, but across wide area network (WAN) links, this value can be much greater.

ROUTE


ROUTE is a command-line utility that lets you see the local routing table and add entries to it. Occasionally it’s necessary to check how a system will route packets on the network. Normally, your system will simply send all packets to the default gateway; however, when you are having problems communicating with a group of computers, ROUTE may provide an answer.

ROUTE lets you manipulate network routing tables. Its syntax is

ROUTE [-f] [ command [destination] [MASK netmask] [gateway] [METRIC metric] ]

Parameters for ROUTE are listed below:
  • -f — Clears the routing tables of all gateway entries. If this parameter is used with one of the commands, the tables are cleared before the command is run.
  • command — Specifies one of the four commands:
    • PRINT — Prints a route
    • ADD — Adds a route
    • DELETE — Deletes a route
    • CHANGE — Modifies an existing route
  • -p — When used with the PRINT command, -p displays the list of registered persistent routes. When used with the ADD command, -p makes a route persistent across boots of the system. (By default, routes aren’t preserved when the system is restarted.) This parameter is ignored for all other commands, which always affect the appropriate persistent routes.
  • destination — Specifies the host.
  • MASK — If the MASK keyword is present, the next parameter is interpreted as the netmask parameter.
  • netmask — If provided, specifies a subnetwork mask value to be associated with this route entry. If not specified, it defaults to 255.255.255.255.
  • gateway — Specifies the gateway.
  • METRIC — Specifies the metric/cost for the destination.
All symbolic names used for the destination parameter are looked up in the network database file, NETWORKS. The symbolic names for the gateway parameter are looked up in the host name database file, HOSTS. If the command is PRINT or DELETE, wildcards may be used for destination and gateway, or the gateway argument may be omitted.

SNMP


By itself, SNMP doesn’t report any troubleshooting information. SNMP enables TCP/IP to export information to troubleshooting tools like NT’s Performance Monitor or third-party tools. If you are using tools that depend on SNMP, however, you can’t see all the information available from these tools until you install SNMP. To install SNMP, open the Network applet in the Control Panel, then add SNMP from the Services tab.

The SNMP Service is an additional component of TCP/IP software. In NT, it includes the four supported MIBs; each is a dynamic link library (DLL) and can be loaded and unloaded as needed. It provides SNMP agent services to any TCP/IP host running SNMP management software. The SNMP Service also
  • Reports special events, such as traps, to multiple hosts
  • Responds to requests for information from multiple hosts
  • Can be set up on any system running NT and TCP/IP
  • Sets up special counters in Performance Monitor that can be used to monitor the TCP/IP performance related to SNMP
  • Uses host names and IP addresses to recognize the hosts from which it receives and requests information


    • The SNMP service can be installed for the following reasons:

  • To monitor TCP/IP with Performance Monitor
  • To monitor an NT-based system with a third-party application
  • To set up your computer as an SNMP agent

WINDOWS NT-SPECIFIC UTILITIES

NT includes a number of utilities that are useful for diagnostic and management functions:
  • Event Log
  • IPCONFIG
  • NBTSTAT
  • TRACERT
These utilities are specific to NT and can’t be used across platforms.

In addition, two graphical-based tools primarily used for monitoring TCP/IP traffic within NT can be helpful for diagnosing problems: Performance Monitor and Network Monitor. And NT Diagnostics provides a front-end to information in a Registry subtree.

Event Log


The Event Log in NT is used to track events and errors. All critical system messages, not just those related to TCP/IP, are stored in the System Event Log. The System Event Log, the default view in Event Viewer, is maintained by the operating system. It tracks three kinds of events:
  • Errors — Symbolized by stop signs, errors indicate the failure of an NT component or device (or its inability to start). These errors are common on notebook computers when NT fails to start the network components because PCMCIA network cards aren’t present.
  • Warnings — Symbolized by exclamation points, warnings indicate an impending problem. Low disk space on a partition triggers a warning, for example.
  • Information — Symbolized by the traditional “I” in a blue circle, information events aren’t problems but are still somehow significant. Browser elections often cause information events.
If your NT-based computer boots successfully but isn’t performing correctly, first check the System Event Log.

The Security Log remains empty until you enable auditing through User Manager. After enabling auditing, the audited events reside here. The Security Log tracks two types of events:
  • Success audits — Symbolized by a key, success audits indicate successful security access.
  • Failure audits — Symbolized by a padlock, failure audits indicate unsuccessful security access.
The Application Log collects messages from native NT applications. If you aren’t using any Win32 applications, this log remains empty except for messages from the many third-party applications that write their messages here.

By default, log files can reach 512K, and events are overwritten after seven days. You can change these settings in the Event Log Settings dialog box, which you open by choosing Log Settings in the Event Viewer Log menu.

To find the source of the problem when services crash or fail to start, look at the System Log under the Event heading. By default, the logs list the most recent events at the top of the list, so start scanning there to find the most recent event and valuable clues to the cause of a problem.



Page: 1, 2
next page

Rate this:
Recent Comments
There are currently no comments. Be the first to make a comment.
Ads by Google
Sponsored Links
Featured Links
© 2010 Penton Media, Inc.  |  Terms of Use  |  Privacy Statement