http://packetlife.net/blog/2010/mar/10/the-science-of-network-troubleshooting/
lets first talk about some normal network troubleshooting. I guess all of us are very well know about network troubleshooting utilities like "Ping", "traceroute" etc. But before jumping into that I would like to mention here that this blog post will get little longer in every few days as I am gonna add something here and there. Also there are lots of basic troubleshooting needs to be covered which will take time to be documented.
So lets begin with Ping and Traceroute:
I am not gonna cover here about how ping and traceroute works because that will take too long. But here is a quick story of ping:
http://ftp.arl.army.mil/~mike/ping.html
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml
So it's all good if ping is working fine from Inside network. But what if you want to see if the server inside company is reachable from internet?
And the answer is that there are many websites out there which allows us to run various basic network troubleshooting tests like Ping, Traceroute, DNS Lookup etc. Here are some examples:
Now apart from that sometimes you see under IPS alarms and Firewall Logs the few IP addresses from internet are targeting your network. So what if you want to know who Own that ip address (Source IP).
The simple way to find it is to check "WHO IS" of that IP address. It will tell you the name of the company , Admin , Block of IPs own by them, ISP who assigned it to them etc. You can find lots of info about "who is" over wiki. In short who is tool is part of Ethical Hackers tool belt and gets covered under category of tools called "Foot printing". Here is a another good website URL to find Who Is of an IP address
http://samspade.org/
But let me tell you guys that you can disallow you Static IP information being shown up in who is result by talking to your ISP.
Now lets talk about another common issue like internet is not working or some website is not opening where as everything else is working fine.
Now basically for internet to work properly, make sure following services are enabled to pass through your firewall or IOS based device like - DNS, http, htttps.
If these services are open then there could be many other reasons. The first thing you can try is to try to ping global DNS servers like 4.2.2.2, now if that is pingable then you can try to telnet on any website address on destination port 80 or 443 (if it's https). But how we can find ip address of website?
Hmmm, try windows cmd based utilities like "nslookup". Lets say we want to find ip address of www.yahoo.com
Jump on to the CLI of windows and perform following steps, but there are some situations where your local ISP or Local DNS have some issues. To confirm if local DNS is not able to resolve some URL is actually down or it's problem with local DNS/ISP, you can point your DNS query to global DNS like 4.2.2.2. Here is a quick example:
Here you can see that local DNS was not able to resolve yahoo.com, so instead I pointed out my DNS to different Server(global DNS) and it resolved it. Which confirms that either my Local ISP or Local DNS have some issue.
Now now next test you can make to verify if http port 80 is opened up on firewall is by telnet the destination ip over destination port 80. Here is a quick look at that:
And as you can see I was able to telnet yahoo.com ip address on destination port 80 which confirms that http is allowed to pass through firewall. Same way by telnet on destination port 443 you can verify if https is enabled to reach secure site.
There is another tool which can be used to find if website is reachable from internet and that is:
http://downforeveryoneorjustme.com/
Also if you some local DNS issues or ISP issues to reach some website, you can confirm it by using some proxy websites like - www.orkuch.com or www.vtunnel.com to see if those are opening up from rest of internet.
That's it for today :-)
I'll continue with some SMTP and Mail troubleshooting tomorrow.
1 comment:
Hi,
Is there any routing issues occurring in the US ISP from 26/07/2010 . We are facing packets at ISP cloud ? If possible please update me also please update me how to get these information immediately.
thanks in advance
Nazir
Post a Comment