A Network Troubleshooting Strategy

A simple strategy for troubleshooting common network problems.

An absolute essential is a set of decent tools. Without a basic toolset you are in the dark. You need something to monitor network attached devices. Routers and switches may already have some built-in management facilities. These can be very useful for spotting bottlenecks and potential trouble spots on the network. You will need some tools to retrieve data from SNMP managed devices. You need something to probe devices for information about open ports, operating systems and so on, and you will need a protocol analyzer, to capture packets and to delve deeply into the actual traffic on the network.

Commercial products are expensive but if used frequently enough can provide reasonable value for money. Often however, the software languishes on a shelf and is used very rarely. Open source alternatives are free or low cost and can be deployed wherever they are needed, but sometimes lack some of the more sophisticated features.

All areas of network management, performance, configuration, accounting, are important, but fault and security management are the most likely to require immediate troubleshooting.

So what type of things should you look for?

A few of the more obvious faults are:

• Log on failures
• Unusual or Unexpected Traffic
• Unauthorized program use
• Email
• Security vulnerabilities

Users are rarely reluctant to let you know when they can’t log on or connect to the server. Use your protocol analyzer to capture users’ attempts to log on. Check to see if packets are getting on to the network, check that the server is responding correctly.

Most network managers know the types of application that they expect to see and can point out anything unusual. If anything unexpected is spotted then a capture of some of the traffic is usually sufficient to pinpoint the machines involved.

It is common for machines to be set by default to run protocols that may not be required. Many printers broadcast using Novell’s IPX protocol. Fine if you are using NetWare, but not always necessary. Keep things tidy by removing any protocols that you do not need.

You may be concerned about how your users are using the available bandwidth. Filter specific types of traffic so that you can keep an eye on any traffic that may cause you a problem.

Email systems typically use standard port numbers, 25 for SMTP, 110 for POP3. Setting filters for these ports will usually help to discover the cause of any email problems.

It is useful to scan devices, particularly servers, for open ports that may be a security risk. Servers may be offering services that you do not need, or unauthorized users may be accessing them. Scan your devices regularly to recheck.

Use your analyzer to capture some traffic to and from specific ports. You can disable any services that you do not need. This has two benefits, one, it avoids unnecessary traffic on the network, and two it means that hackers cannot take advantage of that service.

These simple techniques will help you keep your network under control.