Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Ethiopian TVET System

HARDWARE AND NETWORK SERVICING

Level III

LEARNING GUIDE # 1
Unit of Competence: Identify and Resolve Network Problems
Module Title: Identifying and Resolving Network Problems

Module Code : ICT HNS3 07 1110

Nominal Duration
Learning outcome
 Implement regular network monitoring
 Troubleshoot network problems
 Carry out maintenance support on identified problem

Identify and Resolve Network Problems Page 1

Department of Information Technology
Ethiopian TVET System
Training, Teaching and Learning Material Entoto TVET College

Ethiopian TVET System

HARDWARE AND NETWORK SERVICING
Level III
Information sheet # 1
Unit of Competence: Identify and Resolve Network Problems
Module Title: Identifying and Resolving Network Problems
Module Code : ICT HNS3 07 1110
Nominal Duration
LO-1: IMPLEMENT REGULAR NETWORK MONITORING

Identify and Resolve Network Problems Page 2

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

.
1 Structured Network Troubleshooting
1.1 Troubleshooting Overview

Dependency on network resources has grown tremendously over the past ten years. In today’s
world, a company’s success is highly dependent on its network availability. As a result,
companies are increasingly less tolerant of network failures. Therefore, network troubleshooting
has become a crucial element to many organizations.
Not only has the dependency for network grown, but the industry also is moving toward
increasingly complex environments, involving multiple media types, multiple protocols, and
often interconnection to unknown networks. These unknown networks may be defined as a
transit network belonging to a Internet service provider (ISP). The convergence of voice and
video into data networks has also added to the complexity and the importance of network
reliability.
More complex network environments mean that the potential for connectivity and performance
problems in internetworks is high, and the source of problems is often elusive.
1.2 General Problem-Solving Model
When you’re troubleshooting a network environment, a systematic approach works best. An
Unsystematic approach to troubleshooting can result in wasting valuable time and resources, and
can sometimes make symptoms even worse. Define the specific symptoms, identify all potential
problems that could be causing the symptoms, and then systematically eliminate each potential
problem (from most likely to least likely) until the symptoms disappear.
The following steps detail the problem-solving process outlined here:
Step 1. when analyzing a network problem, make a clear problem statement. You should define
the problem in terms of a set of symptoms and potential causes.
To properly analyze the problem, identify the general symptoms and then ascertain what kinds of
problems (causes) could result in these symptoms. For example, hosts might not be responding to
service requests from clients (a symptom). Possible causes might include a misconfigured host,
bad interface cards, or missing router configuration commands.
Step 2. Gather the facts that you need to help isolate possible causes.
Ask questions of affected users, network administrators, managers, and other key people. Collect
information from sources such as network management systems, protocol analyzer traces, output
from router diagnostic commands, or software release notes.
Step 3. Consider possible problems based on the facts that you gathered. Using the facts, you
can eliminate some of the potential problems from your list.
Depending on the data, for example, you might be able to eliminate hardware as a problem so
that you can focus on software problems. At every opportunity, try to narrow the number of
potential problems so that you can create an efficient plan of action.
Step 4. Create an action plan based on the remaining potential problems. Begin with the most
likely problem, and devise a plan in which only one variable is manipulated.

Identify and Resolve Network Problems Page 3

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Changing only one variable at a time enables you to reproduce a given solution to a specific
problem. If you alter more than one variable simultaneously, you might solve the problem, but
identifying the specific change that eliminated the symptom becomes far more difficult and will
not help you solve the same problem if it occurs in the future.
Step 5. Implement the action plan, performing each step carefully while testing to see whether
the symptom disappears.
Step 6. Whenever you change a variable, be sure to gather results. Generally, you should use the
same method of gathering facts that you used in Step 2 (that is, working with the key people
affected, in conjunction with utilizing your diagnostic tools).
Step 7. Analyze the results to determine whether the problem has been resolved. If it has, then
the process is complete.
Step 8. If the problem has not been resolved, you must create an action plan based on the next
most likely problem in your list. Return to Step 4, change one variable at a time, and repeat the
process until the problem is solved.
Note If you exhaust all the common causes and actions—either those outlined in this book or
ones that you have identified for your environment—you should contact your Cisco
technical support representative.
1.3 Net work problem troubleshooting strategies and documentation
Networks can be composed of many types of physical components, from copper wire or fiber-
optic cables to wireless Access Points and network adapters, there are steps you can take to make
troubleshooting network problems a little easier, regardless of their composition. Although each
device, protocol, or standard that is a part of your network may come with its own tools used for
troubleshooting purposes, it's important to realize that you should take a structured approach to
solving problems on the network. This chapter introduces a few concepts that make life much
simpler for a network administrator, including documenting network components, and also
documenting problems (and solutions that work).
Documented Network Is Easier to Troubleshoot

Some of the important things you should consider as potential candidates for documenting
include the following:

 A logical map of the network. This may or may not match up with the physical way the
network is laid out.
 A physical map of the network. This documentation should describe each physical
component and illustrate the ways in which the different components are connected.
 Cabling and patch panel information. When you've got hundreds of cables in a wiring
closet patching together different physical segments, you'll need to know which cable
connects this to that.
 Default settings for computers and other devices on the network. A spreadsheet is good
for this. An application that manages servers, network components, and client computers
is even better.

Identify and Resolve Network Problems Page 4

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
  Listings of applications and the computers or users that make use of them, as well as
software versions, patch levels, and so on. Be sure to know who to contact for a particular
application. If you are a network administrator, you are primarily responsible for the
underlying network. If a particular application is failing, but the network is up and
running, you need to know who to call. There should always be a contact on your list for
application managers. A network manager can do only so much.
 Information about the user accounts, and associated permissions and rights, for the users
and user groups on the network.
 A network overview. It's nice to be able to give a new user a document that explains what
she needs to know about the network. This should be a short document telling the user
such things as which drives are mapped to her computer, and which printers offer what
features. This should not be an extensive document such as the physical and logical maps
described earlier in this list.
 Problem reports. Keep track of problems as they arise, and document the cause and
remedy. No need to solve the same problem twice! This also includes outage reports—
keeping track of unscheduled downtime for a computer or network device can tell you
over time just how capable the device is.

A logical map of the network shows the relationships between components and the flow
of information through the network. A physical map of the network tries to approximate
on paper a representation of how each component of the network is connected to the
network. For example, a logical map for a Windows network might show computers
grouped by domains, even though the computers are not located physically in the same
part of the network.

A physical map would show the location of each of the computers, the hub or switch to
which they are connected, and so on. In general, logical maps can be used to help isolate
configuration or application problems, whereas physical maps can be used to isolate a
problem that affects only a portion of the network, perhaps a single computer or other
device.

1.4 Problem detection and isolation

1.4.1 Network Problem-Solving Techniques

In any troubleshooting procedure a series of tests narrows down the possible causes of a
problem. The following procedure can be used as a guideline — each organization will
have their own procedures to suit their computing environment.

Table 1: When the user cannot access a peripheral on the network — typical techniques
for troubleshooting

Identify and Resolve Network Problems Page 5

Department of Information Technology
Ethiopian TVET System
Training, Teaching and Learning Material Entoto TVET College

Item Commands 
Check that the network cables are securely in place at the
back of the computer.
Check that cables to hubs, switches, bridges and routers are
fixed securely in their sockets.
Check the network Use the commands
configuration on workstations ‘ipconfig/all’ and
involved, to ensure that they ‘ping’.
are correct.
Check that you can access Use the commands
other computers and ‘ping’ or ‘tracert’ if
peripherals on the network. part of your
network is on the
other side of a
router.
Check the permissions to ensure that the user has the right
levels of access network resources.
Check that an individual user is in the correct group that
has access to network resources
Check and replace the network cards and drivers, as
required.
Check the configurations of Use the command
the default gateway and ‘ipconfig/all’ for
browser proxy server setting. the default
gateway, and
‘Tools’, ‘Internet
Options’ in the
browser to check
proxy settings.

1.5 Identifying common network problems

The five most common network problems

1. Physical Connectivity Problems:

Identify and Resolve Network Problems Page 6

 Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

This section describes how to troubleshoot Layer 1 and 2 physical connectivity issues on LANs
such as Ethernet or Token Ring. Problems can generally be found more quickly by first
troubleshooting at Layer 3 and then working backward when a physical problem is found or
suspected. Possible problems include these:

• Configuration is incorrect.

• Cable is faulty or improperly connected.

• Wiring closet cross-connect is faulty or improperly connected.

• Hardware (interface or port) is faulty.

• Interface has too much traffic.

Cable Problem: Cables that connect different parts of a network can be cut or shorted. A short can
happen when the wire conductor comes in contact with another conductive surface, changing the path
of the signal. Cable testers can be used to test for many types of cable problems such as:
Cut cable, incorrect cable connections, Cable shorts, Interference level, Connector Problem

Testing Cables

Things that are usually tested include the following:

 Cable length— The physical network topology restricts the length of certain segments in
the network. If you make your own cables, a common error may result from trying to
stretch the limits of the topology and create a cable that's just a few meters too long. If a
desktop is just a few meters farther from a switch than the standard allows, you may get
complaints from that user!
 Resistance— Electricity encounters resistance as it travels along a copper wire.
 Noise— Interference can come from other cables that are bundled together or from
outside sources, such as fluorescent lighting, nearby welding, strong sources of
electromagnetic frequencies, and other high-voltage electrical sources located near the
network cabling.
 Attenuation— As the cable encounters resistance traveling down the wire, and as part of
the signal radiates out of the wire, the signal weakens. This is a normal side effect of
using copper wiring instead of fiber optics. You can expect copper wiring to work best at
the standardized lengths, and take your chances at extending that length.
 Near-end cross-talk (NEXT)— From the transmission end of a cable, it is necessary to
remove the surrounding material that encloses the copper wires and attach each wire to a
pin in the cable connector. Because the strength of signal is strongest at the end of the
cable where the electrical signal is generated, there is a greater potential for interference
between the wires at this end of the cable.
Identify and Resolve Network Problems Page 7
Department of Information Technology
 Ethiopian TVET System
Training, Teaching and Learning Material Entoto TVET College

Rule Out a Configuration Problem

 Check to make sure that all cables are connected to the appropriate ports. Make sure that
all cross-connects are properly patched to the correct location using the appropriate cable
and method.
 Verify that all switch or hub ports are set in the correct VLAN or collision domain and
have appropriate options set for spanning tree and other considerations.

Check the Configuration: Verify that the interface on the device is configured properly and is not shut
down. If the device is connected to a hub or switch, verify that the port on the hub or switch is
configured properly and is not shut down. Check both speed and duplex.

Check the Network Interface card

Most interfaces or NICs will have indicator lights that show whether there is a valid connection; often
this light is called the link light. The interface may also have lights to indicate whether traffic is being
sent (TX) or received (RX). If the interface has indicator lights that do not show a valid connection,
power off the device and reseat the interface card.

2. Connectivity Problem: A connectivity problem with one or more devices in a network can occur after
a change is made in configuration or by a malfunction of a connectivity component, such as hub, a
router or a Switch.

Troubleshooting Local Connectivity Problems

This section describes how to troubleshoot local connectivity problems on LAN segments such as
Ethernet or Token Ring. Going through the methodology in this chapter with help determine and
resolve problems moving packets on the local LAN segment or to the next-hop router. Possible
problems include these:

• Configuration problem

• DHCP or BOOTP issue

• Physical layer issue

• Duplicate IP address

Identify and Resolve Network Problems Page 8

Department of Information Technology
Ethiopian TVET System
Training, Teaching and Learning Material Entoto TVET College

Check for Configuration Problems

To begin troubleshooting, display and examine the IP configuration of the source device. The method
to determine this information varies greatly from platform to platform. If you are unsure of how to
display this information, consult the manual for the device or operating system. Refer to the following
examples:

• On a Cisco router, use show ip interface and show running-config.

• On Windows 95 or 98, use winipcfg.exe.

• On Windows 2000 or NT, use ipconfig.exe.

• On a UNIX platform, use ifconfig.

Examine the configuration, looking specifically for the IP address and subnet mask. On Windows 9x
or Windows 2000 platforms, the default gateway address should also be displayed.

If no IP address is configured, verify that this node receives its IP address from BOOTP or
DHCP. Otherwise, an IP address should be statically configured for this interface.
Configure an address if one is not present. If the source is configured to receive an IP address
via DHCP or BOOTP and is notreceiving one, make sure that the bootp (IP) helper address is
configured on the router interface facingthe source device.
If the incorrect IP address, subnet mask, or default gateway is configured, verify that this node
receives
its IP address from BOOTP or DHCP, and then contact the DHCP or BOOTP administrator. Ask
the
administrator to troubleshoot the DHCP or BOOTP server’s configuration. If the address is
statically
configured, configure the correct address.

3. Excessive Network Collisions: These often lead to slow connectivity. The problem can occur as a result
of bad network setup/plan, a user transferring a lot of information or jabbering network card.

NB: A jabbering Network card is a network card that is stuck in a transmit mode. This will be
evident because the transmit light will remain on constantly, indicating that the Network card is
always transmitting.

Software-Based Analyzers

Software analyzers are the cheapest route for large, complex networks. Because processors have
scaled to much greater speeds and network adapters can capture packets from the fastest LAN
speeds, software analyzers are now catching up to hardware-based analyzers. And you can find
Identify and Resolve Network Problems Page 9
Department of Information Technology

Ethiopian TVET System

 Training, Teaching and Learning Material Entoto TVET College

some freeware analyzer products on the Web that perform some or all of the functions you might
need in a small network.

Windows NT 4.0 through Windows 2003 servers come with a network monitor tool that enables
the local workstation or server to monitor network traffic that is generated by or sent to the
computer. The version that comes with the Systems Management Server (SMS) allows the
network administrator to monitor all traffic on the LAN, using a feature referred to as
promiscuous mode. The Windows 2000 Servers and Windows 2003 Servers network monitor
can be found in the Administrative Tools folder.

3. Software Problem: Network problems can often be traced to software configuration such as
DNS configuration, WINS configuration, the registry etc.

Troubleshooting Domain Name Server Problem

It is possible for IP connectivity to work but for DNS name resolution to fail. To troubleshoot this situation,
use one of the following methods to determine whether DNS is resolving the name of the destination:

• Ping the destination by name, and look for an error message indicating that the name could not be
resolved. Otherwise, continue troubleshooting as follows:

1. Determine which name server you are using; this can be found in different places on each operating
system, so if you are unsure of how to find it, consult the device’s manual

– On Windows 95 or 98, use winipcfg.exe.

– On Windows 2000 or NT, use ipconfig.exe.

– On a UNIX platform, type cat /etc/resolv.conf at a command prompt.

2. Verifythat you can ping the name server using its IP address. If the ping fails, go to the section to
troubleshoot connectivity between the client and the name server.

3. Verify that you can resolve names within your domain. (For example, if your host is Host1.test.com, you
should be able to resolve the names of other hosts in the test.com domain, such as host2.test.com.)

4. Verify that you can resolve one or more domain names outside your domain. If you cannot resolve names
from all domains except that of the destination, there might be a problem with the DNS for the
destination host. Contact the administrator of the destination device. If you cannot resolve names within

Identify and Resolve Network Problems Page 10

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 your domain or a large number of external domains, contact your DNS administrator because there may
be a problem with the local DNS (or your host could be using the wrong domain server).

5. Duplicate IP Addressing: A common problem in many networking environments occurs when two
machines try to use the same IP address. This can result in intermittent communications.

IP Troubleshooting

To efficiently troubleshoot a TCP/IP connectivity problem, it is necessary to identify a single pair of

source and destination devices that are exhibiting the connectivity problem. When you’ve selected the
two devices, test to make sure that the problem is actually occurring between these two devices.
Possible problems include these:

• Physical layer issue somewhere along the path

• First-hop Layer 3 connectivity issue, local LAN segment
• Layer 3 IP connectivity issue somewhere along the packet’s path
• Name resolution issue
Where to start:
1. Try to ping from the source to destination device by IP address. If the ping fails, verify that
you are using the correct address, and try the ping again. If the ping still fails, go to the next
section, “Troubleshooting Local Connectivity Problems.” Otherwise, proceed to Step 2.
2. Try to ping from the source to the destination device by name. If the ping fails, verify that the
name is correctly spelled and that it refers to the destination device, and then try the ping again.
If the ping still fails, go “Troubleshooting Domain Name Server Problems,” later in this chapter.
Otherwise, proceed to Step 3.
4. If you can ping the destination by both name and address, it appears that the problem is an
Upper-layer problem.
Self check

1. Which one is the first step that you should do, when troubleshooting network problem?
A. Define the specific symptoms
B. Identify all potential problems
C. Systematically eliminate each potential problem
D. Analyze the results
2. What is the important things you should consider as potential candidates for documenting
network installation?

A. logical map of the network

B. physical map of the network
C. Cabling and patch panel information
D. Default settings for computers and other devices on the network
E. All

Identify and Resolve Network Problems Page 11

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 3. Which one of the following show the location of each of the computers, the hub or switch
to which they are connected?

A. physical map of the network

B. logical map of the network
C. Net work Problem reports
D. network overview
4. Which command should you use to check the configurations of the default gateway and
browser proxy server setting information?
a. tracert C. ipconfig/all

b. Ping D. all
5. Which one of the following can be described as network Physical Connectivity
Problems?
A. Incorrect Configuration C. faulty Hardware (interface or port)
B. Faulty or improper Cable D. Interface having too much traffic
E. All

6. Which one of the following should be tested, when testing network cable?
A. Cable length D. Near-end cross-talk
B. Noise E. all
C. Attenuation
7. Common problem in many networking environments occurs when two machines try to
use the same IP address.
A. False B. True

8. ------- shows the relationships between components and the flow of information through
the network?

A. Network overview
B. Physical map of the network
C. Logical map of the network
D. All

Identify and Resolve Network Problems Page 12

Department of Information Technology

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Feedback
1. A

2. E

3. A

4. C

5. E

6. E

7. B

8. C

Identify and Resolve Network Problems Page 13

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Ethiopian TVET System
HARDWARE AND NETWORK SERVICING
Level III
Information sheet # 2
Unit of Competence: Identify and Resolve Network Problems
Module Title: Identifying and Resolving Network Problems
Module Code : ICT HNS3 07 1110
Nominal Duration
LO-2: Troubleshoot network problems

Identify and Resolve Network Problems Page 14

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

2. Network Diagnostic Tools

2.1 Installing and Configuring a Wired Network
 To have network connectivity, you need to have three things in place:
■ NIC: The physical hardware that connects the computer system to the network media.
■ Protocol: The language that the computer systems use to communicate.
■ Network client: The interface that allows the computer system to speak to the protocol.
If you want to share resources on your PC with other network users, you also need to enable
Microsoft’s File and Printer Sharing. This installs the services and software that turns a Windows
PC into a server. Plus, of course, you need to connect the PC to the network hub or switch
via some sort of cable (preferably CAT 6 with Gigabit Ethernet cranking through the wires, but
that’s just me!). When you install a NIC, by default, Windows 2000 and XP Professional install
the TCP/IP protocol, the Client for Microsoft Networks, and File and Printer Sharing for
Microsoft Networks upon setup.
Installing a NIC
The NIC is your computer system’s link to the network, and installing one is the first step
required to connect to a network. NICs are manufactured to operate on specific media and
network types, such as 100BaseT Ethernet or 16 Mbps Token Ring. Follow the manufacturer’s
instructions for installation. If your NIC is of recent vintage, it will be detected, installed, and
configured automatically by Windows 2000 or Windows XP. You might need a driver disc or a
driver download from the manufacturer’s Web site if you install the latest and greatest Gigabit
Ethernet card.
Add Hardware Wizard

The Add Hardware Wizard automates installation of non–plug-and-play devices, or plug-and-

lay devices that were not detected correctly. Start the wizard by clicking Start | Settings | Control
Panel, and double-clicking the icon for the Add Hardware applet. (Note that Windows 2000 calls
this the Add/Remove Hardware applet.) Click the Next button to select the hardware task you
wish to perform, and follow the prompts to complete the wizard.
2.1.1. Configuring a Network Client
To establish network connectivity, you need a network client installed and configured properly.
You need a client for every type of server NOS to which you plan to connect on the network.
Let’s look at the two most used for Microsoft and Novell networks.
Client for Microsoft Networks
Installed as part of the OS installation, the Client for Microsoft Networks rarely needs
configuration, and, in fact, few configuration options are available. To start it in Windows XP,
click Start, and then right-click My Network Places and select Properties. In Windows 2000,
click Start | Settings | Network and Dial-up Connections. In all versions of Windows, your next
step is to double-click the Local Area Connection icon, click the Properties button, highlight
Client for Microsoft Networks, and click the Properties button. Note that there’s not much to do
here. Unless told to do something by a network administrator, just leave this alone.

Identify and Resolve Network Problems Page 15

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Client Service for NetWare

Microsoft’s Client Service for NetWare provides access to file and print resources
on NetWare 3.x and 4.x servers. Client Service for NetWare supports some NetWare utilities and
 NetWare-aware applications. To connect Microsoft client workstations to NetWare servers
running NDS also requires the Microsoft Service for NetWare Directory Services (NDS). Once
installed, Client Service for NetWare offers no configuration options.
2.1.2. Configuring Simple Protocols
Protocols come in many different flavors and perform different functions on the network. Some,
such as NetBEUI, lack elements that allow their signals to travel through routers, making them
non-routable (essentially, this protocol is unsuitable for a large network that uses routers to re-
transmit data).
The network protocols supported by Windows include NetBEUI, NWLink (IPX/SPX), and
TCP/IP, although Windows XP drops support for NetBEUI. This section looks at installing and
configuring the simple protocols used by Windows xp: NetBEUI and NWLink.
NetBEUI
NetBEUI is easy to configure, since no network addresses are needed. Generally,
all you need to establish a connection between computer systems using
NetBEUI is a NetBIOS computer name. NetBIOS names must be unique
and contain 15 or fewer characters, but other than that there isn’t much to it.
To install the NetBEUI protocol in any version of Windows except XP,
follow these steps:
1. In Windows xp, click Start | Settings | Network and Dial-up Connections. Double-click the
Local Area Connection icon to bring up the Local Area Connection Status dialog box (Figure
2.1).
2. Click the Properties button to bring up the Local Area Connection Properties dialog box
(Figure 2.1).

LAN Properties dialog box (Figure 2.1)

Identify and Resolve Network Problems Page 16

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

3. Click the Install button. In the Select Network Component Type dialog box, highlight Protocol
and click the Add button (Figure 2.2).
4. In the Select Network Protocol dialog box, select NetBEUI Protocol (Figure 2.3), and click the
 OK button. You will be prompted to reboot the system to make the changes take effect.

(Figure 2.2)

(Figure 2.3)

NWLink (IPX/SPX)
As mentioned, NWLink is Microsoft’s implementation of the IPX/SPX protocol. The Microsoft
version of NWLink provides the same level of functionality as the Novell protocol and also
includes an element for resolving NetBIOS names. NWLink packages data to be compatible with
client/server services on NetWare networks, but it does not provide access to NetWare File
and Print Services. For this, you also need to install the Client Service for NetWare, as noted
earlier.
Follow the same steps used to install NetBEUI to install NWLink, except choose NWLink rather
than NetBEUI when you make your final selection. You’ll be prompted to reboot after adding
the protocol.
NWLink is a relatively easy protocol to configure. Normally, the only settings you may need to
specify are the internal network number and frame type (usually, however, the default values are
sufficient). The internal network number is used by the network for routing purposes.
The frame type specifies how the data is packaged for transport over the network. For computers
to communicate by NWLink, they must have the same frame types. By default, the
Frame type is set to Auto Detect.
To configure NWLink properties manually, follow these steps:

Identify and Resolve Network Problems Page 17

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

1. In Windows XP, click Start | Control Panel and open the Network
Connections applet. Double-click the Local Area Connection icon. In Windows xp, click Start |
Settings | Network and Dial-up Connections, and double-click the Local Area Connection icon.
2. Click the Properties button, highlight NWLink IPX/SPX/NetBIOS Compatible Transport
 Protocol, and click the Properties button.
3. In the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol properties dialog box, set
the internal network number and frame type (Figure 2.4).
2.2 Existing sources of diagnostic information
Configuring Active Directory diagnostic event logging in Windows Server 2003

Active Directory records events to the Directory Services log of Event Viewer. You can use the
information that is collected in the log to help you diagnose and resolve possible problems or
monitor the activity of Active Directory-related events on your server.

By default, Active Directory records only critical events and error events in the Directory
Service log. To configure Active Directory to record other events, you must increase the logging
level by editing the registry.

Active Directory Diagnostic Event Logging

The registry entries that manage diagnostic logging for Active Directory are stored in the
following registry sub key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Each of the following REG_DWORD values under the Diagnostics subkey represent a type of
event that can be written to the event log:
1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
7 Internal Configuration
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
14 Backup
15 Field Engineering
16 LDAP Interface Events
17 Setup
18 Global Catalog
19 Inter-site Messaging
New to Windows Server 2003:
20 Group Caching

Identify and Resolve Network Problems Page 18

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

21 Linked-Value Replication
22 DS RPC Client
23 DS RPC Server
24 DS Schema
Logging Levels
 Each entry can be assigned a value from 0 through 5, and this value determines the level of detail
of the events that are logged. The logging levels are described as:

 0 (None): Only critical events and error events are logged at this level. This is the default
setting for all entries, and it should be modified only if a problem occurs that you want to
investigate.
 1 (Minimal): Very high-level events are recorded in the event log at this setting. Events
may include one message for each major task that is performed by the service. Use this
setting to start an investigation when you do not know the location of the problem.
 2 (Basic)
 3 (Extensive): This level records more detailed information than the lower levels, such as
steps that are performed to complete a task. Use this setting when you have narrowed the
problem to a service or a group of categories.
 4 (Verbose)
 5 (Internal:): This level logs all events, including debug strings and configuration
changes. A complete log of the service is recorded. Use this setting when you have traced
the problem to a particular category of a small set of categories.

How to Configure Active Directory Diagnostic Event Logging

To configure Active Directory diagnostic event logging, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry.
However, serious problems might occur if you modify the registry incorrectly. Therefore, make
sure that you follow these steps carefully. For added protection, back up the registry before you
modify it. Then, you can restore the registry if a problem occurs. For more information about
how to back up and restore the registry, click the following article number to view the article in
the Microsoft Knowledge Base:
How to back up and restore the registry in Windows

1. Click Start, and then click Run.

2. In the Open box, type regedit, and then click OK.
3. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnos
tics

Each entry that is displayed in the right pane of the Registry Editor window represents a
type of event that Active Directory can log. All entries are set to the default value of 0
(None).

Identify and Resolve Network Problems Page 19

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

4. Configure event logging for the appropriate component:

a. In the right pane of Registry Editor, double-click the entry that represents the type
of event for which you want to log. For example, Security Events.
b. Type the logging level that you want (for example, 2) in the Value data box, and
then click OK.
 Repeat step 4 for each component that you want to log.
On the Registry menu, click Exit to quit Registry Editor.

Notes

 Logging levels should be set to the default value of 0 (None) unless you are investigating
an issue.
 When you increase the logging level, the detail of each message and the number of
messages that are written to the event log also increase. A diagnostic level of 3 or greater
is not recommended, because logging at these levels requires more system resources and
can degrade the performance of your server. Make sure that you reset the entries to 0
after you finish investigating the problem.

2.3. TCP/IP testing tools

All versions of Windows come with handy tools to test TCP/IP. Those that you’re most likely to
use in the field are Ping, IPCONFIG, NSLOOKUP, and TRACERT. All of these programs are
command prompt utilities! Open a command prompt to run them, if you just place these
commands in the Run command, you’ll see the command prompt window open for a moment
and then quickly close!
Introduction

There are many possible causes of connection problems. This guide will show how you can
investigate problems using some simple tools that come with most versions of Windows. To use
all of the tools though, you will need Windows Vista or XP.

Testing your network

The tools in this guide can be accessed from the command prompt. While this can look a little
intimidating, it is simple to use with a little bit of know-how.

Connection Settings
This Module assumes that you have checked and confirmed that your connection settings are correct.
Does your PC have a network connection?

Check the sockets. Most sockets have a connection light.

1. The light is on when a connection is detected.

2. The light flashes when data is passing through the connection.

Identify and Resolve Network Problems Page 20

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Check your network settings

1. Click Start.
2. Click Settings.
3. Click Network Connections.
4. Check the status of your network connection. If your connection is broken, your
 connection icon will show a small red cross.

5. Right click on your connection icon.

6. Select Status to view details.

7. If your connection is broken, click on Repair to attempt to reconnect.

If your connection is still broken, you need to check your network settings.

Using the command line (DOS prompt)

To use the network tools described in this article you need to open a command line window.
Command line looks like the old DOS environment, and is used through typed commands rather
than with a graphical interface. To open a command line:

1. Click Start.
2. Click Run (or press the r key).
3. Type "cmd" into the 'Run' window.
4. Click Return.

Identify and Resolve Network Problems Page 21

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Although you can run these tools by typing them directly into the Run prompt, as soon as the
command has finished, the window will close which will stop you from seeing the results.
Always open a command line window first before starting the tool.

Saving results to Notepad

If you need to send results of your tests to the support team for further investigation, you can do
so by copying them from the command line window, into Notepad or another text editor.

To copy test results

1. Right Click on the title bar of the command line window.

2. Click Edit.
3. Click Select All.
4. Click Enter.
5. Paste into Notepad.
6. Save the Notepad file to your hard drive. Many tools will allow you to output the results
to a text file instead of on the screen. To do this, type on the command line "[tool] >
c:\test_results.txt". For example - netstat > c:\netstat_results.txt
7. Then view the file using a text editor.

Identify and Resolve Network Problems Page 22

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Which command line tools should I use?

I can connect but cannot view websites.

Ping - Trace route - DNS Lookup - Telnet

I can browse websites but cannot connect to email.

Ping - Trace route - Telnet
 I have an intermittent connection problem.
Ping - Netstat - Netshell

I think I have a virus problem on my system.

Netstat - DNS Lookup

Ping(Packet Internet Groper) - "Can my da

ta rea Response Explanation ch you?"
Ping request could not find Check your destination address.
host... Ping sends packets of data to another comp
uter a Reply from... Destination is responding. nd measures how long it takes to get there.
Ping Request timed out... Destination not responding.
results can tell you that:

 You are connected.

 Your connect is responsive (low latency).
 Your connection is consistent (not dropping out).

To use Ping

1. In the command line window, type"ping [destination address]".

2. Click Enter and watch for the results.

3. You'll see how Ping turns the web address into the corresponding IP address (i.e.
"www.google.com" would be turned into 64.233.183.99).

Ping sends four packets and gives you an average for the time it takes for the ping to make it
round

Identify and Resolve Network Problems Page 23

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Ping responses

Continuous Ping

Ping sends four packets of data, which isn't very good at showing problems that are intermittent.
A continuous Ping can be useful if you think there might be a problem with cables, as you can
see exactly when connection problems are occurring.

Response Explanation
Unable to resolve target Check your destination address.
system...
Trace complete... Trace route worked.
Request timed out... Destination not responding.
Destination network Indicates a network problem.
unreachable...* To use Continuous Ping

1. In the command line window type “ping [destination address] -t"

2. Click Enter and watch for the results.
3. when you want to end the ping press Control and C together.

Path ping (Vista/Windows XP/Windows 2003 Server)

Is an enhanced form of ping that provides some of the information you would gain from using
the trace route tool. It is most useful for identifying where a connection problem is occurring.

1. In the command line window type "path ping [address]" for example "pathping
2. View the first set of results - which is a list of servers that your ping data travels through
to reach the destination address. Each server that is passed through on the route is known
as a 'hop'. You will see the message "Computing Statistics for 250 seconds..." Pathping is
now monitoring data through each of the servers, looking to see if any of them are
responding slowly, or intermittently. The longer the route to the destination, the more

Identify and Resolve Network Problems Page 24

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 time will be required for the test. Once complete, you'll see a table that shows if any of
the servers are dropping packets of data. If a server is faulty or overloaded you might see
a high percentage of lost packets.

Trace route - "How does my data reach its destination?"

Trace route shows you the route your data packets are taking to reach a destination system. Trace
route results can show:

 Problems with the system you are trying to connect to.

 Problems with the network between you and the destination system.
 Problems with your own network setup (Firewall or router problems).

Trace route Responses

*Destination network unreachable - this means that a device that the you are sending data to is
not responding, it my down, or there might be a network fault. This type of problem is usually
outside Plusnet's control.

IPCONFIG

Windows 2000/XP offer the command-line tool IPCONFIG for a quickglance at your network
settings. Click Start |Run and type CMD to get a command prompt. From the prompt, type
IPCONFIG /ALL to see all of your TCP/IP settings

IPCONFIG /ALL( Figure 2.5).

Identify and Resolve Network Problems Page 25

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 When you have a static IP address, IPCONFIG does little beyond reporting your current IP
settings, including your IP address, subnet mask, default gateway, DNS servers, and WINS
servers. When using DHCP, however, IPCONFIG is also the primary tool for releasing and
renewing your IP address. Just type ipconfig /renew to get a new IP address or ipconfig /release
to give up the IP address you currently have.

DNS Lookup - "Is my computer data going to the right place?"

DNS (Domain Name System) turns your user-friendly web addresses into the numerical IP
addresses that are used by computer systems. If you have a working connection, but can't view
popular websites like BBC or Google, then faulty DNS settings may be the cause.

Flush DNS Cache

The first thing you should do is remove the saved DNS information in your computer, this may
now be out of date.

To Flush your DNS Cache

1. In the command line window, type "ipconfig /flushdns"

2. Click Enter.
3. Watch for the flush to complete with the message. "Successfully flushed the DNS
Resolver Cache."
4. Retest to see if you can browse popular websites.

DNS lookups You can test to see if your DNS is working properly by doing a DNS lookup,
using the command line tool nslookup.

To do a DNS Lookup

1. In the command line window, type"nslookup [Website Address]" for example

"nslookup
2. Click Enter.
3. Check the results to see if an (IP) address is found that corresponds with the name of the
website address. If your DNS is not working properly, nslookup won't be able to return
an IP address.

Identify and Resolve Network Problems Page 26

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 Netstat - "what's my computer connecting to?"

Netstat tells you what your computer is connected. This makes if useful for seeing if your
computer is connected to servers that you don't know about. If you think that your computer is
infected with "Spyware" or certain types of virus Netstat may help you find them out.

To run Netstat

1. In the command line window, type "netstat -a"

2. Click Enter
3. View the list of connections on your PC.

Different programs and processes may connect to remote computers. In most cases there's
nothing to worry about. The two things to look for are the numbers after the colon (port
numbers), and the Foreign Addresses.

Ports are the doorways that different computer programs use to send data over a network. For
example, browser traffic uses Port 80, email uses ports 25 and port 110. If you are worried that
your system has been infected with a Trojan, or similar virus, you may be able to spot the
connection it uses. The port numbers that are associated with Spyware and Trojans are changing

Identify and Resolve Network Problems Page 27

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

all the time - its always best to make sure you have updated anti-virus and firewall software
 running on your computer.

Foreign addresses are the systems that are connected to your computer that appear to be remote.
While it can be hard to know what to look for, one solution is to run netstat while no programs
are running and save the results to compare later.

Telnet - "Can I connect to it?"

Telnet is a program that allows you to access and use other computers remotely. It has lots of
uses for testing problems because it can let you manually test Internet services as if you were a
browser or email program. You can then see if a problem you have is due to the service or your
computer setup. You can use telnet to confirm that a service like email is accepting connections.

A telnet client is included with most versions of Windows, though in Windows Vista it has to be
added as follows:

1. Click Start > Control Panel > Programs

2. Then Turn Windows Features on or off.
3. In the list, scroll down and select Telnet Client.
4. Click OK to start the installation.

A better telnet program, called Putty is available to download for free

Problem receiving email - test your mailbox

1. In the command line window type "telnet mail.plus.net 110"

2. Click Enter.
3. You should be connected to the mailserver - you should see the response "+OK Hello
there" which confirms the mailserver is OK.
4. Type 'user [username]' where [username ] is your account mailbox username.
5. Click Enter.
6. You should see a message "+OK Password required".
7. Type "pass, for example, if your password is pa55w0rd you should type pass pa55w0rd.
8. Click Enter.
9. You will see the message "+OK Logged in". You are now in your mailbox and can be
sure your email account details are correct, and that the mail server is responding to
connections. If your normal mail program can't connect, you should consider checking
that your settings are correct, or reinstalling the program.

Problem sending email - test you access to our mail relay server

1. In the command line window type "telnet relay.plus.net 25".

2. Click Enter.

Identify and Resolve Network Problems Page 28

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

3. You should see a response that begins "220" which indicates that you have successfully
connected to the mail relay server. If you don't get a response that beings with "220" then
 either the relay server is not responding, or port 25 is being blocked.

Netshell - "One-stop network check"

Netshell is a tool that allows you to check that Windows is properly setup for networking. It can
test many different aspects of your network connection, depending on what you have got setup
on your system.

To use Netshell

1. In the command line window, type "netsh diag gui".

2. Click Enter.
3. A Network Diagnostics Window will open.
4. Click Scan your system to begin testing, or Set scanning options to change which
things you want Netshell to test.

Tracert command
The tracert command lists the number of hops needed to connect to a target computer. Each
hop represents a device that the packets of data must travel through in order to continue along the
network. On the Internet, this is a usually a router. When testing in a LAN environment, there is
usually just one hop.

Identify and Resolve Network Problems Page 29

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

3. Validating Network Cabling

3.1. Network Cable Testing
 Network Cable Testing, the physical and electrical testing of Network cabling, is a very
specialist area. As a Network Manager you have to deal with cable faults, broken wires,
incompatibilities and a host of other cable related issues. What can you do? What do you need to
test for?

A. Network Speed
10M, 100M, Gigabit? Who knows? Something that reports network speed is very useful. Link
testing can be used to identify the network speed. It’s useful to find out additional network
information using DHCP.
If you are running Gigabit on your network you need to ensure that your cabling is up to the
Cat5e standard, the older Cat5 standard is fine for 100M but needs careful checking if you intend
to run Gigabit. Many organizations only discover this too late.
B. Cable Length
The longer the cable the more the signal is reduced (attenuated), ultimately to the point where no
signal gets through. Measuring cable lengths to check that they are within specification is
important and remember that attenuation increases with network speed, so your new faster
network may have cable lengths that were fine on your old network, but are now too long.
C. Wire mapping
Are you sure that pin 1 is really connected to pin 1 at the other end? You need to check this to be
certain. What about short circuits, crossed wires, split pairs etc.? Most of these faults can be
detected using a continuity test, but some, like split pairs, require a signal to be sent down the
wire. Something that can send a signal or tone is required.
You can also use tone generators for signal tracing and cable identification.
D. Connectivity Testing
Ping tests confirm connectivity across the network, to PCs and Network Cards.
E. Voltage on the wire
Phantom voltages or electrical noise can cause faults on the network. It’s useful to be able to
check where voltage are occurring, either intentionally or not.
F. Conclusion
As a Network Manager you will be expected to deal with day to day cabling problems. You
probably can’t justify the cost of the specialist testers used by cabling professionals, but a simple
testing kit will allow you to check for the most common problems, save you time chasing
phantoms, and help you resolve issues faster and more efficiently.

3.1.1 How to Test an Ethernet Cable for Continuity?

The easiest and most informative method to test the continuity of an Ethernet cable involves
purchasing an affordable device called a continuity tester. A basic model will test the continuity
of Ethernet and coaxial cable. A continuity tester is not absolutely necessary, but highly useful if
you need to test Ethernet cables frequently. There is some important terminology you should
understand before proceeding. Jacks are where the ends of the cable plug into a computer or
other networking device. Plugs are the small plastic connectors on the the end of the cable. Pairs

Identify and Resolve Network Problems Page 30

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

refers to color-coded strands of wires that are matched together, and cable housing is the plastic
insulation that covers and protects these wires.
 Instructions
1. Testing Using a Continuity Tester
1. Power on the continuity tester.
2. Insert one of the cable plugs into the tester and the other into the terminator.
3. Look at the display of the network tester. Depending on your continuity tester, at a
minimum it will indicate if there is a break in the cable and, should it include this
feature, which cable pairs the break affects.
2. Testing Continuity Without a Continuity Tester
1. Power the computer and a router or other networking device on.
2. Plug the cable into the network port on the computer and the other end into the
networking device.
3. Look at the back of the computer where the cable is plugged into the Ethernet jack
and see if any flashing green or yellow lights come on. These lights indicate if the
computer is sending or receiving any information. If the lights are lit or flashing, the
cable continuity is good. If not, replace the cable.
4. Resolving NIC Problem
The Ethernet Adaptor or the Network Interface card (NIC) is the piece of hardware that makes it
possible to access the internet. The Network Interface card is also essential for PC-to-PC
communication and other forms of computer interactions that involve two or more devices such
as Bluetooth and Infrared. Frankly, two computer systems can only share a file with each other
because they have a network Interface Card that enables them to communicate with each other --
sending and receiving signals. If a device must communicate with another device, it needs a NIC.
Your broadband modem and printer use the NIC technology.

4.1 Diagnose NIC Problems

The Network Interface Card must be functioning for your PC to be able to communicate on a
network. When network problems occur, the NIC is less likely to be the cause than infrastructure
such as cables, routers and hubs. All problems below assume that you are experiencing a
complete or intermittent failure of network connectivity.

4.1.1 Common problems with NIC and respective Troubleshooting

The cable is connected but there is no light on the NIC

 Unplug and replug the network connector into the NIC and at the other end.
 Check that the other end of the cable is connected to a device that is powered on.
 Try switching the cable to a different port if available.
 Try a different network cable.
 Check the control panel in Windows to make sure the card is recognized and working.

Identify and Resolve Network Problems Page 31

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

The data collision light is frequently or continuously lit

 Check that the far end of the network cable is connected to the proper port, or try a
different port.
  Check that your PC is not using an IP address that is already in use on your network.
 Make certain that your PC is not using a name that is already in use by another PC on the
network.

The lights on the NIC are normal but I cannot connect to the network

 Make certain that other network devices are powered on.

 Make certain that your PC is configured with the proper Workgroup or Domain name.
 Check that your PC is not using an IP address that is already in use on your network.
 Make certain that your PC is not using a name that is already in use by another PC on the
network.
 Allow up to 20 minutes for network polling to identify all available resources.
 Check the network cable connections and use a different port if available.
 If Windows is configured for more than one NIC, make certain that the correct one is
being used for this network.

Self check
1. One of the following may not needed to have broad band network connectivity?

A. Modem card
B. NIC
C. Protocol
D. Network client
2. Ping results may not tell you------?

A. You are connected

B. Your connection is responsive
C. Your connection is consistent
D. All configuration and setting information of the network
3. Red Cross sign () on your network notification icon show you ------?
A. Net work Ip Address problem
B. Physical network cable connection problem to NIC
C. DNS resolving problem
D. All
4. Which one of the following is the correct syntax to Ping the reachablity of network?
A. PING\192.168.1.1
B. PING: 192.168.1.1
C. PING 192.168.1.1
D. 192.168.1.1 PING

Identify and Resolve Network Problems Page 32

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

5. Which of the following PING response show correct response of network destination?
A. Ping request could not find host...
B. Reply from...
 C. Request timed out...
D. All

6. Which of the following Trace route Responses show correct response of network
destination?

A. Unable to resolve target system...

B. Trace complete...
C. Request timed out...
D. Destination network unreachable...
7. Which of the following command used to query Internet domain name server?

A. Ping
B. Tracert
C. Nslookup
D. IP Config

Feedback

1. A
2. D
3. B
4. C
5. B
6. B
7. C

Identify and Resolve Network Problems Page 33

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Ethiopian TVET System

 HARDWARE AND NETWORK SERVICING
Level III
Information sheet # 3
Unit of Competence: Identify and Resolve Network Problems
Module Title: Identifying and Resolving Network Problems
Module Code : ICT HNS3 07 1110
Nominal Duration
LO-3: Carry out maintenance support on identified problem

Identify and Resolve Network Problems Page 34

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

5. Network Protocols

In Networking "protocol" usually refers to a set of rules that define an exact format for
communication between systems. For example the HTTP protocol defines the format for
communication between web browsers and web servers, the IMAP protocol defines the
format for communication between IMAP email servers and clients, and the SSL protocol
 defines a format for encrypted communications over the Internet.

5.1. Network Addressing and masking

Introduction
In the mid-1990's, the Internet is a dramatically different network than when it was first established in the
early 1980's. Today, the Internet has entered the public consciousness as the world's largest public data
network, doubling in size every nine months. This is reflected in the tremendous popularity of the World
Wide Web (WWW), the opportunities that businesses see in reaching customers from virtual storefronts,
and the emergence of new types and methods of doing business. It is clear that expanding business and
social awareness will continue to increase public demand for access to resources on the Internet.

There is a direct relationship between the value of the Internet and the number of sites connected to the
Internet. As the Internet grows, the value of each site's connection to the Internet increases because it
provides the organization with access to an ever expanding user/customer population.

IP(Internet Protocol) Addresses

An IP address is a logical address of a computer which is expressed as a four 8-bit group of bits (a total of
32 bits) separated by periods. Each 8-bit group of bits can be represented by a 3-digit decimal that spans
between 0 and 255. For example 196.27.22.42 is a typical IP address of the DNS server of the Ethiopian
Telecommunication Corporation (ETC). The total number of distinct addresses one can have from these
32
32 bit addressing scheme is 2 = 4,294,967,296.

IP Addressing Class

When IP was first standardized in September 1981, the specification required that each system attached to
an IP-based internet be assigned a unique, 32-bit Internet address value. Some systems, such as routers
which have interfaces to more than one network, must be assigned a unique IP address for each network
interface.

The first part of an Internet address identifies the network on which the host resides, while the second part
identifies the particular host on the given network. This created the two-level addressing hierarchy which
is illustrated in Figure 3.

Identify and Resolve Network Problems Page 35

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
In recent years, the network-number field has been referred to as the "network-prefix" because the leading
portion of each IP address identifies the network number. All hosts on a given network share the same
network-prefix but must have a unique host-number. Similarly, any two hosts on different networks must
Initial Bits Available Starting Remark have different network-
Nodes Address prefixes but may have the sa
Clas me host-number.
s
24 =
0xxxxxxx. 2 1 – 126 127 is reserved for Primary Address Classes
10xxxxxx. 16,777,214 128 – 191 network testing
A 110xxxxx. 16 =
2 65,536 192 - 223 (Loopback) In order to provide the flexib
B 8=
2 256 ility required to support diffe
rent size networks, the desig
ners decided that
C the IP address space should
1110xxxx. 224-239 Reserved for Multicast be divided into three differen
t address classes - Class A,
D Class B, and Class
E 1111xxxx. 240 - 255 Reserved for research C. This is often referred to as
"classful" addressing becaus
e the address space is split into three predefined
classes, groupings, or categories. Each class fixes the boundary between the network-prefix and the
hostnumber at a different point within the 32-bit address. The formats of the fundamental address classes
are illustrated in Figure 4.

Table showing the different classes

Identify and Resolve Network Problems Page 36

Ethiopian TVET System
Training, Teaching and Learning Material Entoto TVET College

One of the fundamental features of classful IP addressing is that each address contains a self-encoding
key that identifies the dividing point between the network-prefix and the host-number. For example, if the
first two bits of an IP address are 1-0, the dividing point falls between the 15th and 16th bits. This
simplified the routing system during the early years of the Internet because the original routing protocols
did not supply a "deciphering key" or "mask" with each route to identify the length of the network-prefix.

Class A Networks (/8 Prefixes)

Each Class A network address has an 8-bit network-prefix with the highest order bit set to 0 and a seven-
bit network number, followed by a 24-bit host-number. Today, it is no longer considered 'modern' to refer
to a Class A network. Class A networks are now referred to as "/8s" (pronounced "slash eight" or just
"eights") since they have an 8-bit network-prefix.
7
A maximum of 126 (2 -2) /8 networks can be defined. The calculation requires that the 2 is subtracted
because the /8 network 0.0.0.0 is reserved for use as the default route and the /8 network 127.0.0.0 (also
written 127/8 or 127.0.0.0/8) has been reserved for the "loopback" function. Each /8 supports a maximum
24
of 16,777,214 (2 -2) hosts per network. The host calculation requires that 2 is subtracted because the all-
0s ("this network") and all-1s ("broadcast") host-numbers may not be assigned to individual hosts. Since
31
the /8 address block contains 2 (2,147,483,648 ) individual addresses and the IPv4 address space
32
contains a maximum of 2 (4,294,967,296) addresses, the /8 address space is 50% of the total IPv4
unicast address space.

Class B Networks (/16 Prefixes)

Each Class B network address has a 16-bit network-prefix with the two highest order bits set to 1-0 and a
14-bit network number, followed by a 16-bit host-number. Class B networks are now referred to as"/16s"
14
since they have a 16-bit network-prefix. A maximum of 16,384 (2 ) /16 networks can be defined with up
16 30
to 65,534 (2 -2) hosts per network. Since the entire /16 address block contains 2 (1,073,741,824)
addresses, it represents 25% of the total IPv4 unicast address space.

Identify and Resolve Network Problems Page 37

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Class C Networks (/24 Prefixes)

Each Class C network address has a 24-bit network-prefix with the three highest order bits set to 1-1-0
and a 21-bit network number, followed by an 8-bit host-number. Class C networks are now referred to as
21
"/24s" since they have a 24-bit network-prefix. A maximum of 2,097,152 (2 ) /24 networks can be
8 29
defined with up to 254 (2 -2) hosts per network. Since the entire /24 address block contains 2
(536,870,912) addresses, it represents 12.5% (or 1/8th) of the total IPv4 unicast address space.

Other Classes
In addition to the three most popular classes, there are two additional classes. Class D addresses have
their leading four-bits set to 1-1-1-0 and are used to support IP Multicasting. Class E addresses have their
leading four-bits set to 1-1-1-1 and are reserved for experimental use.

Dotted-Decimal Notation

To make Internet addresses easier for human users to read and write, IP addresses are often expressed as
four decimal numbers, each separated by a dot. This format is called "dotted-decimal notation."
Dotted-decimal notation divides the 32-bit Internet address into four 8-bit (byte) fields and specifies the
value of each field independently as a decimal number with the fields separated by dots. Figure 5 shows
how a typical /16 (Class B) Internet address can be expressed in dotted decimal notation.

Table 1 displays the range of dotted-decimal values that can be assigned to each of the three principle
address classes. The "xxx" represents the host-number field of the address which is assigned by the local
network administrator.

Unforeseen Limitations to Classful Addressing

The original designers never envisioned that the Internet would grow into what it has become today.
Many of the problems that the Internet is facing today can be traced back to the early decisions that were
made during its formative years.

- During the early days of the Internet, the seemingly unlimited address space allowed IP addresses
to be allocated to an organization based on its request rather than its actual need. As a result,
addresses were freely assigned to those who asked for them without concerns about the eventual
depletion of the IP address space.

Identify and Resolve Network Problems Page 38

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 32
- The decision to standardize on a 32-bit address space meant that there were only 2
(4,294,967,296) IPv4 addresses available. A decision to support a slightly larger address space
would have exponentially increased the number of addresses thus eliminating the current address
shortage problem.

- The classful A, B, and C octet boundaries were easy to understand and implement, but they did
not foster the efficient allocation of a finite address space. Problems resulted from the lack of a
network class that was designed to support mediumsized organizations. A /24, which supports
254 hosts, is too small while a /16, which supports 65,534 hosts, is too large. In the past, the
Internet has assigned sites with several hundred hosts a single /16 address instead of a couple of
/24s addresses. Unfortunately, this has resulted in a premature depletion of the /16 network
address space. The only readily available addresses for medium-size organizations are /24s which
have the potentially negative impact of increasing the size of the global Internet's routing table.

The subsequent history of Internet addressing is focused on a series of steps that overcome these
addressing issues and have supported the growth of the global Internet.

5.2. Subnet Masking

Applying a subnet mask to an IP address allows you to identify the network and node parts of the address.
Performing a bitwise logical AND operation between the IP address and the subnet mask results in the
Network Address or Number.

For example, using our test IP address and the default Class B subnet mask, we get:

10001100.10110011.11110000.11001000 140.179.240.200 Class B IP Address

11111111.11111111.00000000.00000000 255.255.000.000 Default Class B Subnet Mask

--------------------------------------------------------

10001100.10110011.00000000.00000000 140.179.000.000 Network Address

Default subnet masks:

Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000

Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000

Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000

Identify and Resolve Network Problems Page 39

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College
 More Restrictive Subnet Masks
Additional bits can be added to the default subnet mask for a given Class to further subnet, or break
down, a network. When a bitwise logical AND operation is performed between the subnet mask and IP
address, the result defines the Subnet Address. There are some restrictions on the subnet address. Node
addresses of all "0"s and all "1"s are reserved for specifying the local network (when a host does not
know it's network address) and all hosts on the network (broadcast address), respectively. This also
applies to subnets. A subnet address cannot be all "0"s or all "1"s. This also implies that a 1 bit subnet
mask is not allowed. This restriction is required because older standards enforced this restriction. Recent
standards that allow use of these subnets have superceded these standards, but many "legacy" devices do
not support the newer standards. If you are operating in a controlled environment, such as a lab, you can
safely use these restricted subnets. To calculate the number of subnets or nodes, use the formula (2^n - 2)
where n = number of bits in either field. Multiplying the number of subnets by the number of nodes
available per subnet gives you the total number of nodes available for your class and subnet mask. Also,
note that although subnet masks with non-contiguous mask bits are allowed they are not recommended.

Example:
10001100.10110011.11011100.11001000 140.179.220.200 IP Address
11111111.11111111.11100000.00000000 255.255.224.000 Subnet Mask
--------------------------------------------------------
10001100.10110011.11000000.00000000 140.179.192.000 Subnet Address
10001100.10110011.11011111.11111111 140.179.223.255 Broadcast Address

In this example a 3 bit subnet mask was used. There are 6 subnets available with this size mask(remember
hat subnets with all 0's and all 1's are not allowed). Each subnet has 8190 nodes. Each subnet can have
nodes assigned to any address between the Subnet address and the Broadcast address. This gives a total of
49,140 nodes for the entire class B address subnetted this way. Notice that this is less than the 65,534
nodes an unsubnetted class B address would have. Subnetting always reduces the number of possible
nodes for a given network. There are complete subnet tables available here for Class A, Class B and Class
C. These tables list all the possible subnet masks for each class, along with calculations of the number of
networks, nodes and total hosts for each subnet.

An Example

Here is another, more detailed, example. Say you are assigned a Class C network number of
200.133.175.0 (apologies to anyone who may actually own this domain address :). You want to utilize
this network across multiple small groups within an organization. You can do this by subnetting that
network with a subnet address. We will break this network into 14 subnets of 14 nodes each. This will limit us to
196 nodes on the network instead of the 254 we would have without subnetting, but gives us the advantages of
traffic isolation and security. To accomplish this, we need to use a subnet mask 4 bits long.

Recall that the default Class C subnet mask is

255.255.255.0 (11111111.11111111.11111111.00000000 binary)
Extending this by 4 bits yields a mask of
255.255.255.240 (11111111.11111111.11111111.11110000 binary)
This gives us 16 possible network numbers, 2 of which cannot be used:
Subnet bits Network Number Node Addresses Broadcast Address
0000 200.133.175.0 Reserved None
0001 200.133.175.16 .17 through .30 200.133.175.31

Identify and Resolve Network Problems Page 40

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

0010 200.133.175.32 .33 through .46 200.133.175.47

 0011 200.133.175.48 .49 through .62 200.133.175.63
0100 200.133.175.64 .65 through .78 200.133.175.79
0101 200.133.175.80 .81 through .94 200.133.175.95
0110 200.133.175.96 .97 through .110 200.133.175.111
0111 200.133.175.112 .113 through .126 200.133.175.127
1000 200.133.175.128 .129 through .142 200.133.175.143
1001 200.133.175.144 .145 through .158 200.133.175.159
1010 200.133.175.160 .161 through .174 200.133.175.175
1011 200.133.175.176 .177 through .190 200.133.175.191
1100 200.133.175.192 .193 through .206 200.133.175.207
1101 200.133.175.208 .209 through .222 200.133.175.223
1110 200.133.175.224 .225 through .238 200.133.175.239
1111 200.133.175.240 Reserved None

5.3. What Is a Default Gateway?

You will sometimes see the term default gateway on network configuration screens in Microsoft
Windows. In computer networking, a default gateway is the device that passes traffic from the
local subnet to devices on other subnets. The default gateway often connects a local network to
the Internet, although internal gateways for local networks also exist.

Internet default gateways are typically one of two types:

 On home or small business networks with a broadband router to share the Internet
connection, the home router serves as the default gateway.

 On home or small business networks without a router, such as for residences with dialup
Internet access, a router at the Internet Service Provider location serves as the default
gateway.

Default network gateways can also be configured using an ordinary computer instead of a router.
These gateways use two network adapters, one connected to the local subnet and one to the
outside network. Either routers or gateway computers can be used to network local subnets such
as those in larger businesses.
6. Network Protocols Analysis
6.1 What is Network Protocol Analysis and Protocol Analyzer?

Network protocol analysis is a process for a program or a device to decode network protocol
headers and trailers to understand the data and information inside the packet encapsulated by the
protocol. To conduct protocol analysis, packets must be captured at real time for line speed
analysis or later analysis. Such program or device is called a Protocol Analyzer.

Protocol Analyzer can be used both for legitimate network management or for stealing
information off a network. Network operations and maintenance personnel use Protocol
Analyzer to monitor network traffic, analyze packets, watch network resource utilization,
conduct forensic analysis of network security breaches and troubleshoot network problems.

Identify and Resolve Network Problems Page 41

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Unauthorized protocol analyzers can be extremely dangerous to a network's security because

 they are virtually impossible to detect and can be inserted almost anywhere. This makes them a
favorite weapon in the hacker's arsenal.

There are many protocol analyzer products on the market. The market size for this tool is nearly
one billion dollars. There are two basic types of protocol analyzers: portable and distributed.

Portable protocol analyzer is a stand-alone device or software installed in a PC. Portable protocol
analyzer can do data capturing and analysis real time or play back data for later analysis. The
price of a portable protocol analyzer is ranged from a few hundred dollars to tens of thousands
dollars, depends on who is the vendor, the network type (Ethernet, Gigabit Ethernet, Optical
media WAN links etc.) to monitor and the types of data analysis are done. Portable protocol
analyzer is typically used by engineers for network troubleshooting at certain point of a network
or to monitor traffic of a single domain of LAN.

Distributed protocol analyzers have two parts: 1) Monitoring Probe, a device deployed at various
point of the network; 2) Consol, a software package installed in the Network Operation Center
(NOC) to centrally monitor all Probes. The Distributed protocol analyzers are typically deployed
by large enterprises to monitor their network from a centralized location such as NOC. The cost
of deploy the Distributed analyzer is ranged from tens of thousands of dollars to millions of
dollars. In addition to packet capturing and analysis, the distributed analyzer also retrieves and
uses SNMP and RMON data for additional network statistical information.

The leading vendors in the portable protocol analyzer include: Network General, Agilent
Technologies, and Javvin Technologies etc.

The leading vendors in the distributed protocol analyzer include Network General, Netscout etc.

There are also open source programs such as Ethereal available for public usage.

Network protocol analyzer is also called network sniffer , Packet Analyzer, Network Sniffing
Tool, Network Analyzer etc.

6.2. The TCP/IP Stack and the OSI Model

TCP/IP is a suite of protocols and rules. It allows us to communicate with other computers and
devices over a connection oriented network. What we didn’t cover was the TCP/IP and OSI
model- which helps us understand the TCP/IP suite in a manner of layers and modules.

The TCP/IP Model and Modular Design

TCP/IP is responsible for a wide range of activity: it must interface with hardware, route data to
appropriate places, provide error control, and much more. If you are starting to think the TCP/IP
suite can get confusing, you wouldn’t be the first.

Identify and Resolve Network Problems Page 42

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

The developers of TCP/IP thankfully designed what we call a modular design- meaning that the
TCP/IP system can be divided into separate components. You may call these layers or modules.
 But why use a modular design? Not only does it aid in the education process, but it also lets
manufacturers easily adapt to specific hardware and operating system needs.

For example- if we had a token ring network and an extended star network, we surely wouldn’t
want to create entirely different network software builds for each one. Instead, we can just edit
the network layer, called the Network Access Layer, to allow compatibility. Not only does this
benefit manufacturers, but it greatly aids networking students in education. We can dissect the
TCP/IP suite into different layers, and then learn about each layer’s specifics one at a time.
Below you’ll see the TCP/IP model divided into four layers.

 Network Access Layer – The Network Access Layer is fairly self explanatory- it
interfaces with the physical network. It formats data and addresses data for subnets, based
on physical hardware addresses. More importantly, it provides error control for data
delivered on the physical network.
 Internet Layer – The Internet Layer provides logical addressing. More specifically, the
internet layer relates physical addresses from the network access layer to logical
addresses. This can be an IP address, for instance. This is vital for passing along
information to subnets that aren’t on the same network as other parts of the network. This
layer also provides routing that may reduce traffic, and supports delivery across an
internetwork. (An internetwork is simply a greater network of LANs, perhaps a large
company or organization.)
 Transport Layer – The Transport Layer provides flow control, error control, and serves
as an interface for network applications. An example of the transport layer would be
TCP- a protocol suite that is connection-oriented. We may also use UDP- a
connectionless means of transporting data.
 Application Layer – Lastly, we have the Application Layer. We use this layer for
troubleshooting, file transfer, internet activities, and a slew of other activities. This layer
interacts with many types of applications, such as a database manager, email program, or
Telnet.

The above layers are more complex than the general descriptions provided, but rest
assured, we will get into the specifics in later sections. For now we have another model to
learn- the OSI model.

Identify and Resolve Network Problems Page 43

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

The Open System Interconnection Model

 The Open System Interconnection Model, more commonly known as simply OSI, is another
model that can help break the TCP/IP suite into modules. Technically speaking, it is exactly the
same as the TCP/IP model, except that it has more layers. This is currently being pushed by
Cisco since it aids in learning the TCP/IP stack in an easier manner. Likewise, you will see the
OSI model on many Cisco exams.

Instead of four layers, the OSI model has seven. You can see a direct comparison of the two
models below; notice that only the Application Layer and Network Layer are divided into
smaller layers, and the Internet Layer is renamed to the “Network Layer.”

 Physical Layer – They Physical Layer converts data into streams of electric or analog
pulses- commonly referred to as “1’s and 0’s.” Data is broke down into simple electric
pulses, and rebuilt at the receiving end.
 Data Link Layer – The Data Link layer provides an interface with the network adapter,
and can also perform basic error checking. It also maintains logical links for subnets, so
that subnets can communicate with other parts of the network without problem.
 Network Layer – Much like the Transport Layer of the TCP/IP model, the Network
Layer simply supports logical addressing and routing. The IP protocol operates on the
Network Layer.
 Transport Layer – Since we left out the error and flow control in the Network Layer, we
introduce it into the Transport Layer. The Transport Layer is responsible for keeping a
reliable end-to-end connection for the network.
 Session Layer – The Session Layer establishes sessions between applications on a
network. This may be useful for network monitoring, using a login system, and reporting.
The Session Layer is actually not used a great deal over networks, although it does still
serve good use in streaming video and audio, or web conferencing.
 Presentation Layer – The Presentation Layer translates data into a standard format,
while also being able to provide encryption and data compression. Encryption or data
compression does not have to be done at the Presentation Layer, although it is commonly
performed in this layer.
 Application Layer – The Application Layer provides a network interface for
applications and supports network applications. This is where many protocols such as

Identify and Resolve Network Problems Page 44

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

FTP, SMTP, POP3, and many others operate. Telnet can be used at this layer to send a
ping request- if it is successful, it means that each layer of the OSI model should be
functioning properly.
7. Analysing Server and Client performance
7.1. What Factors that affect performance of a network?

The data path between any two computers involves dozens, sometimes thousands, of hardware
and software devices. Any one of these may have a substantial impact on performance.

At any given time there is likely to be one factor which most directly limits the maximum speed
of a data flow. Identifying the limiting factor for each data flow is vital to improving
performance. Common factors are listed below:

Factor One: Network Adapter

A network adapter is the device that physically connects your Mac to your network. The network
itself will be Ethernet (which comes in three speeds, 10Megabit, 100Mb, and 1000Mb) or
LocalTalk (one speed, about 0.25Mb). Power Macs, iMacs, and G3/G4s have at least 10Megabit
Ethernet (often faster), and all Macs with printer and modem ports can use LocalTalk. Many
LocalTalk Macs can also add Ethernet support.
Ethernet's three speeds can be deceptive, since they imply you can increased your network speed
tenfold just by purchasing a faster network adapter. Sadly, this is not the case. A 10Megabit
Ethernet adapter probably won't reach full speed—about 1.25 megabytes per second—without a
specially optimized test system. "Real world" performance will be more like 100-200 kilobytes
per second in an average AppleTalk network. 100Mb Ethernet will be 4-6 times faster (not 10),
and 1000Mb a few times faster still, but still not the blinding speed you might imagine.
Conclusion
Ethernet naming aside, switching to a faster adapter is usually the simplest way to improve
network speed, assuming you also get a faster hub or switch.
Speaking of which...

Factor Two: Ethernet Hub or Switch

Most Ethernet networks use a hub or switch, which serves as the central connection point and
moves data around. Like the network adapters, they have three speed ratings, 10Mb, 100Mb, and
1000Mb.Your switch must support the same speed as your network adapters to use it on your
network (most support multiple speeds for this reason). You should use a hub or switch that
supports your full range of network adapter speeds, so you don't limit the higher-speed
computers.
Switches perform more efficiently than hubs in high-traffic networks, so it's a good idea to use a
switch if your network will pass data between three or more computers simultaneously.
Conclusion
your hub or switch must support your highest network speed to make use of it, but model and
make should make relatively little difference in speed.

Identify and Resolve Network Problems Page 45

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Factor Three: Network Software

Your Mac's network adapter uses software to translate the network data into a form the computer
can understand and vice versa. The newer the software is, generally speaking, the better the
network adapter's performance will be. Software updates usually fix bugs and improve
 translation, so check the adapter's web site regularly for updates (this includes Apple, who
updates their Ethernet software from time-to-time).

Conclusion
The effects of software vary widely. Speed increases come from quashed bugs that hindered
network adapter performance or improvements to the network translation.
Factor Four: Motherboard Speed
Like your skeleton, a Mac's motherboard defines what it's capable of. The motherboard's
processing speed has inherent limits that include (to a degree) network performance. Newer
Macs have faster motherboard speeds, which in turn help network speed (or at least hinder it
less).

Conclusion
A faster motherboard generally means faster everything, including network performance.
Upgrading the motherboard, however, means getting a new Mac.

Factor Five: Hard Disk Throughput

Disk performance (how much information you can read or write from the disk in a second) is
often the primary bottleneck to network performance. Since most network data represents a file,
your hard disk has to read the source file and another disk must write it to complete the data
transfer. Maximize disk throughput on the networked Macs and your network performance
should see a marked improvement.

You can improve your disk performance by using a faster disk, which makes more information
available, and a more efficient disk interface, which processes more information at once.
Generally, newer hard drives are faster, up to 10K RPM and more. Interfaces, including SCSI,
IDE, and FibreChannel, have become more efficient with time. New Macs use IDE for their
built-in hard disks, but you can add other support with an expansion card. Get a high-speed disk
interface with a high-speed drive and you're almost certain to notice the change on your network
(and everywhere else).
Conclusion
Upgrading your disk drive and interface will almost certainly increase network performance,
although the performance increase will be relative to what you used previously.

Factor Six: Network Server

Most home or small offices use peer-to-peer Mac networking, since it's easy to use and comes
with the Mac OS. If you can justify the expense, however, purchasing actual network server
software (Apple's AppleShare IP) will lift your performance significantly. The downside is cost,
since you need to purchase the software and possibly dedicate a computer to running it.
Conclusion

Identify and Resolve Network Problems Page 46

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Using AppleShare IP will improve network throughput notably, but regrettably does the same to
your wallet.

Factor Seven: AppleTalk vs. TCP/IP

AppleTalk is less efficient (and therefore slower) than some other network formats like TCP/IP.
 For home and small office users, AppleTalk makes up for the speed drop in convenience. Mac
OS 9 supports AppleTalk-over-TCP/IP, which improves things somewhat, but still makes a
speed tradeoff for the convenience of the drag-and-drop Desktop functionality.

Conclusion
AppleTalk is (somewhat) slower than other options, but makes up for it in convenience.

Factor Eight: Shared Internet

The performance of your network is limited somewhat by outside factors, such as an Internet
connection. If you have a cable or DSL modem, for example, you have little control over how
quickly Internet data comes and goes (your cable or DSL company sets that limit, either by
availability or choice). The typical limit on an Internet connection is around 200 kilobytes, which
is easily within the range of a 10Mb Ethernet network adapter.

Conclusion
Sharing an Internet connection has its own speed limitations that are out of the home network
user's control.
7.2 Network Bottleneck
What does Network Bottleneck mean?
A network bottleneck refers to a discrete condition in which data flow is limited by computer or
network resources. The flow of data is controlled according to the bandwidth of various system
resources. If the system working on a network is delivering a higher volume of data than what is
supported by the existing capacity of the network, then a network bottleneck will occur.

A common computing bottleneck culprit is network data interruption caused by microprocessor

circuitry or TCP/IP. Bottleneck is also known as a hot spot.
A bottleneck occurs when bandwidth is unable to accommodate large amounts of system data at
designated data transfer rate speeds. Road traffic is a common bottleneck analogy. For example,
bottlenecking is inevitable when only one of two busy road lanes is passable.
Bottlenecks are caused by multiple factors, including:

 Hardware components, like CPUs

 Graphical processing units
 RAM memory

How to Find a Network Bottleneck

If you've ever wondered why sometimes when you connect to a website it's fast and other times
it's slow, there is an answer. Your request may go through many routers and switches before it
gets to its destination, and sometimes some of the network switches or routers could be having

Identify and Resolve Network Problems Page 47

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

problems. This will cause the slowness. You can check to determine what is causing your
particular network bottleneck in a few steps.
Instructions:
1 Right-click an empty spot on your system tray -- usually at the bottom of your computer screen
-- and select "Task Manager."
 2 Click the "Networking" tab.
3 Click "View" in the options above the tabs and click "Select Columns."
4 Click to check "Bytes Sent/Interval" and "Bytes Received/Interval." Click "OK."
8. Proactive Network Maintenance
8.1. Proactive Network Maintenance
- Common preventive maintenance techniques should continually be performed for a network to
operate properly.
- Heat is a big problem for network devices, especially in the server room. Network devices, such
as computers, hubs, and switches, do not perform well when over-heated. Excess heat is
generated by dust and dirty air filters. Dust impedes the proper flow of cool air and sometimes
even clogs fans. Keep network rooms clean and change air filters often.
- Preventive maintenance involves checking the various components of a network for wear. Check
the condition of network cables because they are often moved, unplugged, and kicked. Many
network problems can be traced to a faulty cable. You should replace any cables that have
exposed wires, are badly twisted, or are bent.
- Label the cables. This practice will save troubleshooting time later. Refer to wiring diagrams and
always follow your company's cable labeling guidelines.
- Test devices on a regular basis.
- AC power adapters should be checked regularly.
- The uninterruptible power supply (UPS), which provides backup power, should be tested to
ensure that you have power in the case of an outage. Before installing a new UPS, plug it into a
power source to charge the batteries. The initial charge time is usually 12 hours or more. Follow
the manufacturer instructions for unpacking the UPS and preparing it for use.
Preventive maintenance allows us to monitor your computers and network hardware and software to
help prevent problems or errors that may cause loss of important data or loss of business.

- Some aspects of regular maintenance include:

Ensure Up to Date Operating System Patches and Security Updates
Verify Antivirus Software/ Hardware is Up to Date
Monitor Firewall Traffic for Attempted Security Breaches
Verify Integrity of Data Backups
Routine Cleaning of Computer and Server Internal Components

8.2 Network Troubleshooting Process

Step 1 Gather data from the customer
Step 2 Verify the obvious issues
Step 3 Try quick solutions first
Step 4 Gather data from the computer
Step 5 Evaluate the problem and implement the solution
Step 6 Close with the customer
Identify and Resolve Network Problems Page 48

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

1. Gather Data from the Customer

Start troubleshooting by gathering data from the user. Record this information in a work order
Start with open-ended questions with customers when evaluating a network problem. Open-ended
questions will allow the customer to describe the problem. Examples of open-ended questions:
 What problems are you experiencing with your computer or network?
  What software has been installed on your computer recently?
 What were you doing when the problem was identified?
 What error messages have you received on your computer?
 What type of network connection is your computer using?
Closed-ended questions will direct the customer to provide critical answers. Examples of closed-
ended questions:
 Has anyone else used your computer recently?
 Can you see any shared files or printers?
 Have you changed your password recently?
 Can you access the Internet?
 Are you currently logged into the network?
When a customer is not able to accurately describe the problem, there are other ways to evaluate
the situation in subsequent steps in the troubleshooting process.
2. Verify the Obvious Issues
Review the obvious network issues, with your customer.
 The questions should be at a level of difficulty that the customer will easily understand.
 Follow a step-by-step procedure and make sure to document all answers and steps you take.
Some obvious issues to check:
 Physical connections - Check that the network cables are properly connected. To simplify
the troubleshooting, connect the problem computer directly into your DSL or cable modem.
 Link light - If a cable is not connected properly or if a NIC is improperly installed or
configured, the LED link lights on the NIC will not light.
 Wireless signal strength - Check the wireless access point signal strength in your network
client software. If a very low signal strength is apparent, move the computer closer to the
wireless access point. Move cordless telephones and microwave ovens that can cause
interference with the signal. Turn off any other devices that use radio waves to reduce
interference.
 IP address - Use the ipconfig tool to make sure that the computer has a valid, unique IP
address. Check for errors in the subnet mask and default gateway address. If the problem is
not fixed by a quick review of the obvious issues, then a more detailed investigation into the
problem is warranted.
3. Try Quick Solutions First
The next step in the troubleshooting process is to try quick solutions. If checking the obvious
issues did not solve the problem, you should then attempt some quick solutions. Here are some
examples of quick network solutions:
• Re-enable Network Connections - Sometimes a problem in the hardware or the software
can cause a network connection problem. To do so, follow this path: Start > Control Panel
> Network Connections

Identify and Resolve Network Problems Page 49

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

• Reboot - A quick solution that seems to work in many situations is a simple reboot of the
network device. A simple reboot will clear the contents of RAM and give the device a clean
start. If the problem goes away after a reboot, then it was probably a software problem. If the
problem occurs again, it is probably a hardware problem such as a malfunctioning RAM
chip.
• Contact the ISP/Network Administrator - If all of the equipment that the customer has is
 working properly, but there is still no connection to the Internet, contact the customer's ISP or the
network administrator. It is not always possible to solve the problem with a quick solution. To
proceed troubleshooting the problem, you will need to gather information from the computer.
4. Gather Data from the Computer
The next step is to inspect the computer. Data gathered from the computer can be used to
confirm the data obtained from the customer. The data can be used to provide additional insight and
direction. There are several software tools available that a technician can use to test the network.
Each of these utilities will provide information that can help narrow down the possible problems on
the network:
• Ping is used to check network connectivity. It sends a packet to the specified address and
waits for a reply.
• Nslookup: is used to query Internet domain name server. It returns a list of hosts in a
domain or the information for one host.
• Tracert : is used to determine the route taken by packets when they travel across the
network. It shows where communications between your computer and another computer are
having difficulty.
• Net View is used to display a list of computers in a workgroup. It shows the available shared
resources on a network.
5. Evaluate Problem & Implement Solution: If the network problem still exists after quick solutions have
been implemented, you must complete additional research to identify other possible solutions. You
should prioritize the possible solutions from the easiest to implement to the most difficult to
implement.
• Evaluate each solution and implement it individually. If a proposed solution doesn't
correct the problem, reset the computer back to the original state and try another
proposed solution. If you make two or more changes without solving the problem, you
may make it more difficult to solve.
6. Close with the Customer: After repairs to the network have been completed, complete the work order
and close with the customer.
• If possible, verify the network solution with the customer.
• Demonstrate how the repairs have fixed the problem. Have your customer test the solution.
• Complete the work order and submit documentation for invoicing.
Include the steps done, the solution, and the time needed for the repair in your final documentation.
This documentation should be maintained by the customer in case this problem happens again.
Record everything that took place in your own notes. Information from each repair is very useful for
future troubleshooting.

Identify and Resolve Network Problems Page 50

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Troubleshoot a network
- Network issues can be simple or complex. To assess how complicated the problem is,
you should determine how many computers on the network are experiencing the problem.
- If there is a problem with one computer on the network, start the troubleshooting process
at that computer.
- If there is a problem with all computers on the network, start the troubleshooting process
in the network room where all computers are connected.
 - As a technician, you should develop a logical and consistent method for diagnosing
network problems by eliminating one problem at a time.
- After completing this section, the students will meet these objectives
- Review the troubleshooting process.
- Identify common network problems and solutions.

8.3 Identify common network problems and solutions

Network problems can be attributed to hardware, software, connectivity issues, or some combination
of the three. You will resolve some types of network problems more often than others. Common printer
problems and possible causes to consider:
Problem: Computer is not able to connect to a popular website.
• Check DNS settings, hardware and/or software firewall settings.
Problem: Computer has an IP address of 169.254.x.x.
• Check to make sure the DHCP server is operational and can be pinged.
Problem: Computer is not able to connect to the network.
• Check for loose network cables.
Problem: Computer is not able to print using the network printer.
• Check user permissions and status of network printer.
8.4 Controlling configuration changes
Configuration change control involves controlling and managing the changes to the network.
The goal of change control is to establish mechanisms that will help ensure the integrity of the
network. Proper configuration change control answers the following questions:
 What network components are controlled?
 How are changes to the network controlled?
 Who controls the changes to the network?

The major activities of configuration change control are:

 Defining and documenting the change control process
 Identifying and maintaining network configuration baselines
 Identifying and controlling network changes

Define the Change Control Process

At a high-level, the SN (switched Network) change control process consists of the following
basic steps:
 Identifying and classifying a change to the network
 Evaluating what components in the current network configuration needs to be changed
 Testing or modelling the impact of the change upon the current network

Identify and Resolve Network Problems Page 51

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

 Implementing the change if it is approved.

Configuration Identification
Configuration identification (CI) involves identifying the components of the network, uniquely
identifying the individual components, and making them accessible in some form. A proper
configuration identification schema identifies each component of the network and provides
 traceability between the component and its configuration status information. Proper
configuration identification answers the following questions:
 What is the configuration of the network?
 What are the components of the network?
 What are the versions of the network components?

The major activities of configuration identification are:

 Selecting network components to be placed under CM(configuration management)
control
 Creating an identification scheme for the components to uniquely identify each individual
component

8.5 Planning to computer and net work disaster

Definition
A disaster is defined as a sudden misfortune that is ruinous to an undertaking. This means that
there is little time to react at the time of the misfortune. Preparations have to have been made in
advance. The focus should, therefore, be on disaster planning.
What Is Disaster Recovery?
In IT, disaster recovery involves a series of actions to be taken in the event of major unplanned
outages to minimize their adverse effects. Disasters can result from events such as

 hacker attacks
 computer viruses
 electric power failures
 underground cable cuts or failures
 fire, flood, earthquake, and other natural disasters at a facility
 mistakes in system administration

Why Is Disaster Recovery Importance?

When executed well, disaster recovery procedures save large sums of money. Disaster recovery
can also improve the quality of human life, and it may even save lives.

The terrorist attacks of 11 September, for example, caused large-scale network outages. Among
the affected systems were some of the fiber optic telecommunications services provided by

Identify and Resolve Network Problems Page 52

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

Verizon. Besides the financial impact to Wall Street firms from lost data connectivity, the loss of
voice contact with friends and family greatly affected many individuals on that day.

Disaster Recovery Planning

The best approach to disaster recovery focuses primarily on planning and prevention. While the
damage resulting from the events of 11 September could not have been anticipated, many other
more typical disaster scenarios can be analyzed in detail.
 For those events that can't be prevented, an IT disaster recovery plan takes into account the need
to

 detect the outages or other disaster effects as quickly as possible

 notify any affected parties so that they can take action
 isolate the affected systems so that damage cannot spread
 repair the critical affected systems so that operations can be resumed

Disaster Recovery Techniques

All good IT disaster recovery plans consider the three main components of operations:

 data
 systems
 people

From the technical perspective, most organizations rely on some form of redundancy to make
possible the recovery of data and systems. Redundancy allows secondary data or system
resources to be pressed into service on short notice should primary resources fail or otherwise
become unavailable.

Traditional backup strategies, for example, archive copies of critical data at a given point in time
so that they can be restored later if needed. Organizations may also choose to replicate servers
and other critical hardware at multiple locations to guard against any single point of failure.
More advanced network technologies, like SONET, and some forms of clustering, incorporate
built-in failover capabilities that attempt to automatically recover from some failures.

While these and similar approaches have been a part of IT practice for many years, more
sophisticated disaster recovery techniques have grown in popularity due to the events of 11
September 2001.

Periodic data backups, for example, have limited value if the "snapshots" are not taken
frequently enough. Some organizations now generate so much data that even daily backups are
too infrequent.

Identify and Resolve Network Problems Page 53

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

A more sophisticated approach like disk mirroring ensures that data remain available from
multiple sources in near real-time. However, traditional mirroring only works over limited
distances. Storage area network (SAN) and other competing technologies can alleviate this
problem, albeit at a higher cost.

Another recent trend in IT disaster recovery planning, third-party relocation services, gives
organizations access to fully-equipped operations space at temporary facilities in remote
locations. These facilities can be a wonderful option in times of crisis... if trained personnel are
 available to staff them.

8.6 Perform regular monitoring

The term network monitoring describes the use of a system that constantly monitors a computer
network for slow or failing components and that notifies the network administrator (via email,
pager or other alarms) in case of outages. It is a subset of the functions involved in network
management.

Why we Monitor?
To provide:

1. Performance Tuning - Improve service - proactively id & reduce bottlenecks, tune and
optimize systems, improve QOS, optimize investments - id under/over utilized resources,
balance workloads
2. Trouble Shooting - Get out of crisis mode, id probs & start diagnosis/fixing before end
user notices, increase reliability/availability, allow user to accomplish work more
effectively and maximize productivity.
3. Planning - understand performance trends for planning
4. Expectations - set expectations for the Distributed System (from network thru
applications) and see how well they are met
5. Security
6. Accounting

What should we monitor?

Fault

The goal of fault management is to recognize, isolate, correct and log faults that occur in the
network.

Errors primarily occur in the areas of fault management and configuration management.

Fault management is concerned with detecting network faults, logging this information,
contacting the appropriate person, and ultimately fixing a problem. A common fault management

Identify and Resolve Network Problems Page 54

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

technique is to implement an SNMP-based network management system - such as HP Open

View or Sun Solstice (formerly Net Manager) - to collect information about network devices. In
turn, the management station can be configured to make a network administrator aware of
problems (by email, paging, or on-screen messages), allowing appropriate action to be taken.

Configuration

The goals of configuration management are to gather/set/track configurations of the devices.

 Configuration management is concerned with monitoring system configuration information, and
any changes that take place. This area is especially important, since many network issues arise as
a direct result of changes made to configuration files, updated software versions, or changes to
system hardware. A proper configuration management strategy involves tracking all changes
made to network hardware and software. Examples include altering the running configuration of
a device, updating the IOS version of a router or switch, or adding a new modular interface card.
While it is possible to track these changes manually, a more common approach is to gather this
information using configuration management software, such as CiscoWorks 2000.

Accounting

The goal is to gather usage statistics for users. Accounting management is concerned with
tracking network utilization information, such that individual users, departments, or business
units can be appropriately billed or charged for accounting purposes. While this may not be
applicable to all companies, in many larger organizations the IT department is considered a cost
center that accrues revenues according to resource utilization by individual departments or
business units.

Performance

The goal is to both prepare the network for the future, as well as to determine the efficiency of
the current network. Performance management is focused on ensuring that network performance
remains at acceptable levels. This area is concerned with gathering regular network performance
data such as network response times, packet loss rates, link utilization, and so forth. This
information is usually gathered through the implementation of an SNMP management system,
either actively monitored, or configured to alert administrators when performance move above or
below predefined thresholds. Actively monitoring current network performance is an important
step in identifying problems before they occur, as part of a proactive network management
strategy etc .....

Security

The goal of security management is to control access to assets in the network. Security
management is not only concerned with ensuring that a network environment is secure, but also
that gathered security-related information is analyzed regularly. Security management functions
include managing network authentication, authorization, and auditing, such that both internal and

Identify and Resolve Network Problems Page 55

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

external users only have access to appropriate network resources. Other common tasks include
the configuration and management of network firewalls, intrusion detection systems, and
security policies such as access lists.

Self Check
1. Check your own computer’s configuration. What commands can you use? Keep a record
of these configurations for more activities to follow.
 2. Check your own computer connection to the network. What commands can you use?
3. Use the ping command to find other computers on your network. Test your connection to
the DNS server, Default Gateway, and WINS server, if they are available on your
network.
4. Use the ping command to find other computers that are not on your network.
5. Use the tracert command to find out how many routers you need to go through to access a
website.
6. What does the acronym ‘PING’ stand for?
7. What is the PING command used for?
8. What does the acronym ‘DNS’ stand for?
9. What is the purpose of DNS?
10. What does the acronym ‘TCP/IP’ stand for?
11. List the general order of events for testing network connectivity.
12. What is involved in connecting a computer to a Local Area Network (LAN)?
13. Why you monitor your computer network regularly?
Feedback
1. You should have used either of the following commands to check your computer’s
configuration. Note that the second command will display more information:

 ipconfig
 ipconfig/all

2. The results you get will vary, depending on your IP Address:

 ping 127.0.0.1 — This will give a very fast response, and just proves that IP is installed.
It is fast because the network adaptor or dial-up adaptor is not even used.
 ping x.x.x.x, where x.x.x.x is the IP address of your own computer.
 ping NameOfComputer, where NameOfComputer is the actual name of your computer.
For example, in Windows, this name can be found from going to Start, Control Panel,
System Properties. Or, from the ipconfig/all command, it is beside Host name.

3. Use the results from the command ipconfig/all to enter the correct IP address.

 ping x.x.x.x, where x.x.x.x is the IP address of the computer you wish to view.

Identify and Resolve Network Problems Page 56

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

 ping NameOfComputer and type in the name of the computer you wish to view, rather
than its IP address.

4. ping Address Of Website and type in the address of the website you wish to view rather than
its IP address. For example:

 ping www.tafe.nsw.edu.au
 ping x.x.x.x, where x.x.x.x is the IP address of the machine hosting the web server. To
determine the IP address of a machine hosting the website, just ping the domain name,
and the ping reply will give you the IP address it is actually pinging after resolving the
 name.

5. Tracert AddressOfWebsite and type in the address of the website you wish to view rather than
its IP address. For example:

 tracert www.tafe.nsw.edu.au
 ping x.x.x.x, where x.x.x.x is the IP address of the website page. You will probably not
be able to find this, but in some cases when you first open a website page, the IP address
may be displayed in the status bar of your computer.

6. PING stands for Packet Internet Groper.

7. The PING command is used to check connectivity to the computer you are ‘pinging’. For
example, the command ping 192.168.0.1 will send a response back if it can find the computer on
the network with the IP address of 192.168.0.1.

The response will send back a ‘time out’ response if the computer or website is not found.

Another example is ping www.abc.com.au. This ping command will firstly use DNS to
resolve the name www.abc.com.au to an IP address, then ping the machine at that IP
address. That is, the response will always come from the machine, not the website or
page. We will still get a response from the machine if it is up and running. The web
server itself could be down.

This way we know if we can’t get a page on our browser, but we can still ping the name,
that everything is working except the actual web server.

8. Domain Name System (note that ‘Server’ and ‘Service’ are also used.)
9. DNS translates domain names into the numeric IP address so the computer systems can
understand it.
10. The acronym TCP/IP stands for Transport Control Protocol/Internet Protocol.
11.

Identify and Resolve Network Problems Page 57

Ethiopian TVET System

Training, Teaching and Learning Material Entoto TVET College

1. Check all physical connections: cables into the back of the computer, cables into hubs,
switches and routers.
2. Check the cables themselves; they may be damaged or incorrectly wired, or somebody
could have introduced an unlabelled crossover cable into the network room.
3. Check that all drivers are installed for the network card.
4. Check that the network client software is installed.
5. Check all the IP configurations on the computer. This will include, IP address (with
unique host portion), subnet mask, DNS, default gateway and WINS.
6. Check that the computer has a unique name on the workgroup/domain.
7. Check that the correct name of the workgroup or domain is entered.
In summary: these do not need to be in this exact order you should however specify:

 Physical connections
 All IP configurations and related software.
 Name of the workgroup/domain.

12.To connect a computer to a LAN:

1. Check physical connections — that the network card and cables are secured, and the
network card driver is installed.
2. Check the cables themselves (as above); they may be damaged, or incorrectly wired, or
somebody could have introduced an unlabelled crossover cable into the network room.
3. Check that the network client is installed.
4. Check that the IP address is entered along with the correct subnet mask.
5. Check that the workgroup the computer is a member of is entered correctly.
6. If others need to access files or a printer attached to the computer, then install the printer:
File and Print service.
7. If the network is configured on a Domain, then check:
a. the DNS address
b. if DHCP is enabled if required or that the IP address and subnet mask are
correctly entered for the network.
c. WINS address if connecting to older versions of Windows; WINS does the
equivalent of DNS for older Windows versions.

13.
To provide:

1. Performance Tuning
2. Trouble Shooting
3. Planning
4. Expectations
5. Security
6. Accounting

Identify and Resolve Network Problems Page 58