This article is based on few other articles in the below URL's:
OSI Model:
Open
System Interconnect Model (OSI Model) is a way of sub-dividing a communication
system into smaller parts called layers. A set of similar functions are grouped
into a layer. A layer provides service
to upper layer while requesting from the lower layer. OSI Model is an effort
for Standardization by OSI Organization.
|
Host
Layer
|
Data
|
7. Application
|
Network Process to
Application
|
|
|
|
6. Presentation
|
Data Representation,
encryption and decryption, convert machine dependent code to machine
independent code.
|
|
|
|
5. Session
|
Inter-host
Communication
|
|
Media
Layers
|
Segments
|
4. Transport
|
End-to-end
connections and reliability, flow control
|
|
|
Packet/Datagram
|
3. Network
|
Path Determination
and Logical addressing.
|
|
|
Frame
|
2. Data Link
|
Physical Addressing
|
|
|
Bit
|
1. Physical
|
Media, Signal and
Binary Transmission
|
TCP/IP Introduction:
In
mid 1970, the Defense Advanced Research Project Agency (DARPA) became
interested in developing packet-switched communication between research
institutes in USA. The result of this is the Internet Protocol Suite (IP Suite)
of which TCP (Transmission Control Protocol) and IP (Internet Protocol) are
best known.
The
most wide spread implementation is IPV4. Though much development has been done
for IPV6, there are no wide scale implementations done for the same.
Internet Protocols:
Internet
protocols are used between interconnected networks (LAN & WAN). Following is an illustration of the OSI
reference model with list of Internet Protocol Suite protocol mappings.
Network Layer:
IP
is the primary Layer 3 protocol in the TCP/IP suite which provides logical
addressing for communication across. IP also provides fragmentation and
reassembly of datagrams along with error handling.
Addressing:
An
IP address is 32 bits in length, which is divided into two or three parts.
First part is the network address, second part is (if present) designates
subnet network, and third part is related to Host.
Class
A: 0 to 127
Mask:
255.0.0.0
Class
B: 128 to 191
Mask:
255.255.0.0
Class
C: 192 to 2223 small network
Mask:
255.255.255.0
Class
D: 224 to 239
Class
E: 240 to 255
ARP (Address Resolution Protocol):
Is
a network layer protocol which associates the physical address to a IP (Logical) address. Now an ARP creates a
table known as ARP table that maps the IP address to hardware address.
ICMP:
ICMP
performs number of tasks within an IP network, principal task to report back
the failures to the source datagram. It provides services like " Echo,
reply, redirect,.."
The Transport Layer:
The
Internet transport layer is implemented by TCP (Transport Control Protocol) and
UDP ( User Datagram Protocol). TCP is connection oriented and UDP is
connectionless protocol.
TCP :
TCP
provides full duplex, acknowledged, and flow controlled service to upper layer
protocols.
UDP:
UDP is
much simpler than TCP and is useful in situations where reliability mechanism
is not necessary.
Upper Layer Protocols:
The
Internet Protocol suite includes many upper layer protocols representing wide
variety applications, including network management, mail, distributed file
services, terminal emulations:
|
Application
|
Protocols
|
|
WWW browser
|
HTTP (TCP port 80)
HTTPS
(TCP Port 443)
|
|
The Hypertext Transfer
Protocol (HTTP) is used by Web browsers and servers to transfer the files
that make up web pages.
|
|
|
File transfer
|
FTP (TCP ports 20 and 21)
|
|
The File Transfer Protocol
(FTP) provides a way to move files between computer systems. Telnet allows
virtual terminal emulation.
|
|
|
Terminal emulation
|
Telnet (TCP port 23)
|
|
The Telnet protocol provides
terminal emulation services over a reliable TCP stream. The Telnet protocol
also specifies how a client and server should negotiate the use of certain
features and options.
|
|
|
Electronic mail
|
SMTP (TCP port 25), POP3 (TCP
port 110), IMAP4 (TCP port 143)
|
|
The Simple Mail Transfer
Protocol (SMTP) is used to transfer electronic mail between mail servers, and
is used by mail clients to send mail. Mail clients do not generally use SMTP
to receive mail. Instead, they use either the Post Office Protocol version 3
(POP3) or the Internet Message Access Protocol (IMAP); this will be discussed
in greater detail later in this chapter.
|
|
|
Network management
|
SNMP (UDP port 161)
|
|
The Simple Network Management
Protocol (SNMP) is a network management protocol used for reporting anomalous
network conditions and setting network threshold values.
|
|
|
Distributed file services
|
NFS, XDR, RPC (UDP port 111),
X Windows (UDP ports 6000-6063)
|
|
X Windows is a popular
protocol that permits intelligent terminals to communicate with remote
computers as if they were directly attached. Network file system (NFS),
external data representation (XDR), and remote-procedure call (RPC) combine
to allow transparent access to remote network resources.
|
|
Additional important
Ports: NNTP 119, LDAP 389, DNS 53, DHCP 67
General IP Troubleshooting Suggestions:
Because
TCP/IP does not store the path information in its packets, it is possible to
have working path for packet from the source to destination, but not have
working path in the opposite direction (Vice versa). We might have to perform
the troubleshooting from both source and destination to determine the issue:
PING stands for Packet Internet Gopher, is
based on the ICMP protocol. It sends packets to the destination and if reply is
received only if there is a proper communication.
Start with
PING < IP>, PING <Hostname>
- If PING <IP> fails, then we have work further on troubleshooting the local connectivity issues.
- If PING <Address/Hostname> fails, then we have to work further on Domain Name Server problems.
- If PING <IP> and PING <address> are successful then the issue might be with Upper layer protocols.
Local Connectivity Issues:
Check for Configuration Problems:
Check Hostname command: One point worth mentioning is that the hostname utility is not tied into the operation of DNS
or other formal mechanisms for identifying a host. It simply displays what the
administrator has set it to show.
Hostname will return fully qualified name and hostname -s will return only local name.
Based
on your OS you can issue IPCONFIG / IFCONFIG to print the configuration
details. Examine the details carefully.
If
you see the IP Address as empty you have to check the whether node receives IP
address from DHCP or BOOTP. Try configuring using a static IP.
ISOLATE
issue with Duplicate IP: Disconnect the device and ping the IP, if it is
successful then there is another device with the same IP.
Check Physical Cable and NIC:
NIC
will usually have the Tx and Rx lights to indicate they are functional. Check
whether appropriate cable is used etc.
Network Connectivity :
Traceroute
is a route utility, very useful to be able to check the specific route taken by
data between two devices.
Tracert/traceroute/traceroute6
Netstat
program is very simple in concept, to show information about the operation of
TCP/IP device.
Troubleshooting Domain Name Server Problems:
It
is possible that IP Connectivity works but DNS name resolution fails. The above
command is successful if the IP address is displayed.
Nslookup <fully.qualified.domain>
Upper Layer Protocol Connectivity:
To
troubleshoot an upper-layer connectivity issues, you should understand how it
works.
What
Protocol does the application use? (TCP, UDP, ICMP ..)
What
TCP/UDP Port does it?
Move
the client outside of the firewall or address translation device.
Capture
network trace at the clients LAN and compare with the trace.
TCP/IP Configuration
Utilities (ipconfig, winipcfg and ifconfig)
TCP/IP Host Name
Utility (hostname)
TCP/IP Network
Status Utility (netstat)
TCP/IP Communication
Verification Utility (ping/ping6)
TCP/IP Route Tracing
Utility (traceroute/tracert/traceroute6)
TCP/IP DNS Name
Resolution and Information Lookup Utilities (nslookup, host and dig)
TCP/IP Address
Resolution Protocol Utility (arp)
No comments:
Post a Comment