Network Analysis and Troubleshooting [Paperback]

J. Scott Haugdahl (Author)

Book Description

ISBN-10: 0201433192 | ISBN-13: 978-0201433197 | Publication Date: December 24, 1999

This comprehensive handbook provides the latest protocol information and troubleshooting strategies to help you keep your network running at peak performance. Network Analysis and Troubleshooting features proven network analysis techniques and experience-based strategies for isolating and solving network problems. This useful guide cuts to the chase by focusing on the most pertinent protocol packet formats you need to know to troubleshoot and optimize networks. Network Analysis and Troubleshooting uses a proven "bottom-up" troubleshooting methodology that examines in detail each network layer--physical, data link, network, transport, session, presentation, and application--revealing the problems and solutions specific to each layer. This book also discusses the role of the protocol analyzer to measure and baseline throughput and latency, identify bottlenecks, and determine server and client response times. Numerous practical tips, diagrams, case studies, and trace file snapshots illustrate important concepts and techniques.You will find essential information on such topics as: *Wiring and cable testing issues *Transmission encoding techniques *Dissecting the IEEE 48-bit MAC address *The impact of different types of broadcast traffic *Operational details and analysis considerations for switches *Ethernet and Token Ring operational details and analysis *The IEEE 802. 2 LLC protocol (explored in full) *Datagrams and routing *IP specifics, including addressing, subnets, and the role of ICMP *IPX operation and analysis *UDP, TCP, SPX, and SPX II protocol analysis *How different protocols find resources via NetBIOS, SAP, and DNS *Logon sequencing for various protocol stacks *DHCP, SMB, NCP, NFS, FTP, HTTP, and NT Browse protocol analysis and troubleshooting *Baselining throughput and latency, including understanding the "latency wedge" 0201433192B04062001

Editorial Reviews

From the Inside Flap

Introduction

What qualifications do you need to become a good network analyst? Numerous Engineering or Computer Science degrees? A vast knowledge of UNIX or Windows 95/98/NT/2000/...? Fifty years of industry experience? Being able to recite the OSI seven-layer reference model?

The best qualification is to simply have a real passion for problem solving. Sure it helps to have a background in data communications, but nothing beats logical thinking with a "detective" bent when it comes to analyzing and troubleshooting networks.

To identify the culprit, you need to be resourceful and sift through clues provided by cable testers, protocol analyzers, Simple Network Management Protocol (SNMP) probes and consoles, router tables, switch and hub statistics, network documentation, and even empirical observations from end-users.

In my eighteen years in the networking industry, I have learned far more over the past six years by "doing" rather than "observing" and critiquing (a.k.a. my early consulting years). The insights and case studies presented in this book are based on my experiences and adventures in solving real problems on real networks, mainly at Fortune 1000 companies with large networks. Although there is no substitute for hands-on experience, this book is intended to help you learn the operational details of many of today's popular protocols and enhance your skills in troubleshooting networks using proven protocol analysis techniques.

Sometimes working with networks can be hazardous to your health. My favorite story of all time is from a network support person working with me at an on-site troubleshooting job. As I recall, it went something like this: We had completed an upgrade of our workstation wiring, making sure that Category 5 cable ran everywhere. During the process, we found a large wooden spool (like the kind the Telcos would discard and you could turn into a cheap table) containing several hundred feet of the old thick Ethernet coax. Unlike a spool of Cat 5, this baby was big and heavy. In the process of moving the spool of cable from one of our wiring closets to permanent cold storage, we proceeded to load it into the back of a pickup truck. Needless to say, the spool slipped off and began rolling down an incline. Imagine the look on the face of one of my colleagues who was approaching the truck and saw this big spool of wire hurtling down on him!

True story. Or so I've been told.

I should note that even though I mention a few commercial products from time to time, the emphasis of this book is on learning analysis fundamentals as well as techniques in solving problems. To avoid bias, I've intentionally used screen shots from a variety of protocol analyzers to show that the techniques can be applied using different analyzers. While conducting training classes, I really don't care what analyzer is used as long as there's some flexibility in the tool. Who Should Read This Book

This book is aimed at those responsible for maintaining the efficiency and integrity of their network infrastructure on a day-to-day basis. This includes:

Network Engineers: These are professionals involved in the analysis and troubleshooting of problems that escalate beyond the help desk. This includes network analysts, support specialists, senior technicians as well as independent consultants who are called in to assist in troubleshooting their client's networks. This book teaches a proven approach to troubleshooting and will help these users to become more comfortable and proficient when using the protocol analyzer to help solve those tough networking problems as well as to proactively analyze their networks. Technical Managers: Managers will benefit from reading this book in that they will gain a better understanding of the kinds of problems that their network support staff can diagnose with the help of protocol analyzers. Such information can be used to better allocate tasks ranging from identifying the reason for poor response time or throughput to baselining the current network infrastructure for future expansion and rearchitecting.

The reader is assumed to have a basic understanding of data communications, especially in local area networks. Rather than simply rehash standards information and packet formats, this book presents the most pertinent information contained in packets along with the protocol operation details necessary to understand how to troubleshoot and optimize mission-critical networks. Even the "seasoned pro" will benefit from the generous analysis and troubleshooting tips, diagrams, and trace file snapshots that accompany the text throughout the book.

Although not covering every conceivable networking topology and protocol, the book offers a general approach for readers to focus on to identify and solve problems at the various layers of infrastructure. This book uses a "bottom-up" approach structured around the seven-layer OSI model that can be generalized and applied to many different situations. A Brief Organization of This Book

Network Analysis and Troubleshooting begins with a look at the layered methodology to network analysis and why a protocol analyzer is the tool of choice for solving complex problems.

Chapter 2 looks at issues specific to the physical layer, including cabling types, Time Domain Reflectometry (TDR), and transmission encoding techniques.

Chapter 3 focuses on the data link layer. Topics covered include details on the IEEE 48-bit address format, the impact of different types of broadcast traffic, the role of the Cyclic Redundancy Check (CRC), operational details and analysis consideration for layer 2 switches, Ethernet and Token Ring operation and troubleshooting, and an in-depth look at the IEEE 802.2 Logical Link Control (LLC) protocol.

Chapter 4 concentrates on the network layer, beginning with a discussion of datagram concepts and router operation. The addressing schemes of various protocols are discussed, including details on IP classes and subnetting. IP specifics such as the role of the Internet Control Message Protocol (ICMP) are analyzed. Other topics include IPX operation and analysis, and local routing problems.

Chapter 5 analyzes the transport layer by examining the operation of the NetWare Sequenced Packet Exchange (SPX), SPX II, User Datagram Protocol (UDP), and the Transmission Control Protocol (TCP). Specifically for TCP, the concepts of block size, segment size, and sliding window are covered in detail.

Chapter 6 covers the session layer, including how some session services are actually embedded in other layers, how different protocols operate to find resources via DNS, NetWare Services Advertising Protocol (SAP), or NetBIOS. The three major NetBIOS implementations--NetBIOS over LLC (NetBEUI), NetBIOS over IPX, and NetBIOS over TCP/IP--are covered.

Chapter 7 covers the presentation layer by examining presentation protocols that are specific to certain protocol families and why there is no general-purpose presentation protocol in widespread use today.

Chapter 8 examines the application layer, beginning with a discussion of networked application characteristics, followed by a discussion of logon sequencing for different protocol stacks. Then specific protocols are covered in depth, including the Dynamic Host Control Protocol (DHCP), NetWare Core Protocol (NCP), Microsoft/IBM Server Message Block (SMB) Protocol, Sun Network File System (NFS), and the File Transfer Protocol (FTP). As a bonus, the NT Browse protocol (not to be confused with Internet browsing!) is discussed.

Chapter 9 shows how to use your protocol analyzer to measure and baseline throughput and latency, identify bottlenecks in your network, and determine server and client response times. Throughout these chapters you'll find many helpful Tips that will be presented in this format. Acknowledgments

Several reviewers provided excellent technical feedback from the rough draft. These people include Robert Bullen, Phil Koenig, Phillip Scarr, Howard Lee Harkness, Ehud Gavron, Glen Herrmannsfeldt, Louis Breit, Doug Hughes, Bob Vance, Barry Margolin, and William Welch.

I'd also like to thank those wonderful folks at Addison Wesley Longman who worked with me during the various stages of developing this book, including Mary Hart, Karen Gettman, Lorraine Ferrier, and Tracy Russ.

And last, but not least, my family, Nancy, Daniel, and Matthew. I love you guys!

Have any great troubleshooting experiences? Feel free to drop me a line at scott@net3group.

All the best,

J. Scott Haugdahl, August 1999 I can do all things through Him, who strengthens me. Phil. 4:13. 0201433192P04062001

From the Back Cover

This comprehensive handbook provides the latest protocol information and troubleshooting strategies to help you keep your network running at peak performance. Network Analysis and Troubleshooting features proven network analysis techniques and experience-based strategies for isolating and solving network problems. This useful guide cuts to the chase by focusing on the most pertinent protocol packet formats you need to know to troubleshoot and optimize networks.

Network Analysis and Troubleshooting uses a proven "bottom-up" troubleshooting methodology that examines in detail each network layer--physical, data link, network, transport, session, presentation, and application--revealing the problems and solutions specific to each layer. This book also discusses the role of the protocol analyzer to measure and baseline throughput and latency, identify bottlenecks, and determine server and client response times. Numerous practical tips, diagrams, case studies, and trace file snapshots illustrate important concepts and techniques.

You will find essential information on such topics as:

• Wiring and cable testing issues
• Transmission encoding techniques
• Dissecting the IEEE 48-bit MAC address
• The impact of different types of broadcast traffic
• Operational details and analysis considerations for switches
• Ethernet and Token Ring operational details and analysis
• The IEEE 802.2 LLC protocol (explored in full)
• Datagrams and routing
• IP specifics, including addressing, subnets, and the role of ICMP
• IPX operation and analysis
• UDP, TCP, SPX, and SPX II protocol analysis
• How different protocols find resources via NetBIOS, SAP, and DNS
• Logon sequencing for various protocol stacks
• DHCP, SMB, NCP, NFS, FTP, HTTP, and NT Browse protocol analysis and troubleshooting
• Baselining throughput and latency, including understanding the "latency wedge"

0201433192B04062001

See all Editorial Reviews

Product Details

• Paperback: 357 pages
• Publisher: Addison-Wesley Professional (December 24, 1999)
• Language: English
• ISBN-10: 0201433192
• ISBN-13: 978-0201433197
• Product Dimensions: 9.4 x 7.2 x 0.6 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #874,329 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

17 of 17 people found the following review helpful:

5.0 out of 5 stars Casts new light on network traffic; great for IDS operators, December 17, 2000

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Network Analysis and Troubleshooting (Paperback)

I am an ex-Air Force officer with 2+ years of hands-on intrusion detection experience, and I rate books on how well they deliver technical content to front-line operators. Scott's book is absolutely first-rate, written in a clear, friendly style that keeps the reader's attention. Backing up the technical content, the book offers plenty of history and answers to the "why?" questions asked when learning network protocols. For example, why do various Ethernet frame formats exist (Ethernet/DIX/Ethernet II vs. IEEE 802.3 w/LLC Header vs. IEEE 802.3 w/LLC SNAP extension)? Short answer -- blame IBM! Long answer -- read pages 82-86.

The logically arranged material makes Scott's book a powerful learning tool. After introducing protocol analysis in chapter 1, he devotes a full chapter to each of the seven layers of the OSI model. (No, he doesn't skip the session and presentation layers!) By taking a layered approach, Scott compares same-layer protocols and makes each understandable in context (i.e., DNS vs. NetBIOS vs. Netware SAP, all at layer 5 -- somewhat controversially; DNS at layer 5?) Chapter 9 finishes with advice on measuring latency and throughput. I learned something new about protocols at each layer, even after reading many authoritative TCP/IP volumes. For example, Scott's explanation of NetBIOS as a session protocol and Server Message Block (SMB) as an application protocol finally made it clear how these standards interact on Windows networks. The text is backed up by numerous screen captures of protocol decodes, adding to the learning value.

....The few typos or mistakenly omitted material do not detract from the book's overall message. If you've read Richard Stevens, Eric Hall, etc., and you think you've run out of resources for understanding network traffic, give Scott's book a try. You'll be informed and pleasantly surprised!

15 of 15 people found the following review helpful:

5.0 out of 5 stars Making sense of protocols, December 20, 1999

By 

Spencer Parker (London) - See all my reviews

This review is from: Network Analysis and Troubleshooting (Paperback)

How many times have you used a network protocol analyzer and wished you knew more? The Expert system didn't solve 100% of the problems? This is the first book I've found which takes a sensible, systamatic approach to decoding protocols from the bottom up. It does not go into every protocol in existence, but covers general rules of how to use a protocol analyzer properly. It is essential reading if you are just starting out or have been consulting for years, and is equally applicable if you have a low-end analyzer like Microsoft NetMon or a high-end analyzer such as Sniffer PRO from NAI. In fact I gained more knowledge from one book than I did from a several thousand dollar course. Excellent stuff!

8 of 8 people found the following review helpful:

5.0 out of 5 stars Must-Have Network Analysis Tips, May 17, 2000

By 

Eric Rifi (El Segundo, Ca. USA) - See all my reviews

This review is from: Network Analysis and Troubleshooting (Paperback)

I've read numerous texts on Analysis and Troubleshooting Networks and this was the best. Taking years of experience and training and creating an outline for use in the field is what the Author's done. Having studied everything from the 802.3 standard itself to analysis handbooks by vendors and other authors, I found this to be concise and direct in application and use in the field. Being the Lead Analyst in a company with over 150 nations globally, this text will be valuable to our teams and is being disseminated as a field handbook for troubleshooting. It's a thorough review of protocols from physical through application layers over the majority of topologies extant in today's corporate infrastructures. My Thanks to the Author and those responsible for it's publication.