Workshop

More documents

Recommendations

Info

Socket to Me Previous Table of Contents Next Sometimes, a mere stopping and starting of a daemon won’t help. In the case of inetd, you may be in a situation where the cure may be worse than the disease. In such cases, you’ll need finer diagnostics. Enter netstat -a. This command is to network sockets what ps is to processes (remember from Hour 1, “The Telephone Analogy: Becoming Familiar with Basic Networking Concepts,” that a socket is like a phone extension that a service listens to for calls). netstat lists each socket that’s being used for a current connection or being listened to for a connection. It tells you whether things are backlogged, where they are backlogged from, and which socket is in use on both sides of the call. netstat -an will allow you to look at the numeric values only, which is valuable when you want to keep name services out of the picture. Let’s look at a specific example. Suppose someone calls and tells you that he can’t get into FROTZ. FROTZ is the Financial Remuneration with Overwhelming Trillions of Zeros system. He’s very important to your place of employment, Frobozzco, so you’re alarmed when someone can’t get in. The user at the other end of the line is incoherent with rage and will not answer any of your questions. You know by this person’s name that he’s in the Finance department. You can’t get an answer to the basic question “Are other people having problems?” Therefore, you decide to find out for yourself. You quickly check the network map and see that Finance lives on the subnet 200.1.1.0. In order to determine for yourself whether anybody else is having problems, you log in to the FROTZ UNIX host and type the following: netstat -a | grep 200.1.1 You’re rewarded with this: Proto send-q recv-q Local Address Foreign Address (State) tcp 0 0 frotz.frob.com.telnet 200.1.1.10.1673 ESTABLISHED tcp 0 0 frotz.frob.com.telnet 200.1.1.25.1975 ESTABLISHED tcp 0 0 frotz.frob.com.telnet 200.1.1.27.1772 ESTABLISHED tcp 0 0 frotz.frob.com.telnet 200.1.1.29.1968 ESTABLISHED tcp 0 0 frotz.frob.com.telnet 200.1.1.33.1492 ESTABLISHED
tcp 0 0 frotz.frob.com.telnet 200.1.1.34.1444 ESTABLISHED tcp 0 0 frotz.frob.com.telnet 200.1.1.35.2855 ESTABLISHED I’ve included the column headings for clarity; you wouldn’t actually get them when searching for an address. It becomes apparent very quickly that people from the 200.1.1 network are in, and they’re working just fine. (Actually, you could have used the who command, which, on most UNIX machines, tells you who is logged in and where they are logged in from. However, netstat will show you any service, not just Telnet.) You now know that people from 200.1.1.0 are logged into the system, and you suspect that the user’s problem is workstation related. proto is the protocol. In most cases, it will be tcp or udp, TCP being the equivalent of a phone call (circuit oriented) and UDP being the equivalent of tossing notes back and forth to each other (connectionless). You can find more on UDP in Hour 15, “Firewall and Proxy Server Basics,” and Hour 18, “Lots of Different People in Your Neighborhood: In-Depth Application Troubleshooting.” send-q and recv-q are representations of holding places for sending and receiving data in the host’s memory. You can think of them just the way you do a print queue; they hold stuff while waiting for processing. Unlike a print queue, they typically will be empty during normal operation. That is, these values will typically be 0 for local area networks, because local nets move pretty fast. What if they’re not zero? Well, a changing “send queue” can mean that the other end is processing data but is keeping up somehow. This is usually a normal state for a LAN print server; it really is a print queue, so it processes some data, then catches up, gets some more data, and keeps going. If you see a nonchanging, nonzero send queue for one socket but not others, it usually means that something on the other end has stopped accepting data. A non-zero receive queue can mean that something on the UNIX host itself is running out of resources, and it’s temporarily unable to process the incoming data. In practice, this is relatively rare. The local address is, of course, the server you’re typing netstat on. In this case, because we’re discussing the Telnet service, the full address with extension is wefrotz. frobozz.com.telnet. Had we used netstat -an, it would have shown something like 192.168.55.10.23 (Telnet being socket 23). The foreign address is the other address—the client machine. The socket doesn’t matter as much here—just about any high-numbered socket that isn’t already in use can be used on the client side. You can count the number of client/server sockets in use at any given time, say, for an imap mail server, by typing this: netstat -a | grep imap | wc -l
Page 1 and 2:
To access the contents, click the c
Page 3 and 4:
Workshop Q&A Quiz Answers to Quiz Q
Page 5 and 6:
Eminent Domain TCP/IP Graffiti DHCP
Page 7 and 8:
Configuring Your Proxy Proxy Troubl
Page 9 and 10:
Socks Stuff AOL Instant Messenger A
Page 11 and 12:
Table of Contents Introduction: Get
Page 13 and 14:
about your more complex network iss
Page 15 and 16:
Tell Us What You Think! Table of Co
Page 17 and 18:
with me when I was first getting st
Page 19 and 20:
NIC (network interface card) The te
Page 21 and 22:
MAC Attack Previous Table of Conten
Page 23 and 24:
Routers Previous Table of Contents
Page 25 and 26:
technology as the future of local a
Page 27 and 28:
for a TCP/IP address in a large net
Page 29 and 30:
Sprechen Sie DLC? Previous Table of
Page 31 and 32:
socket 80 of the TCP/IP address 167
Page 33 and 34:
program in a name entry; entering t
Page 35 and 36:
WINS Previous Table of Contents Nex
Page 37 and 38:
kind and spit them out as fast as p
Page 39 and 40:
Previous Table of Contents Next Hou
Page 41 and 42:
Figure 2.1 A simple logical map. If
Page 43 and 44:
Figure 2.4 A physical documentation
Page 45 and 46:
the room). This way, you can read t
Page 47 and 48:
un on the server at 9:50 on Monday
Page 49 and 50:
Previous Table of Contents Next Par
Page 51 and 52:
Beware of Vendor Your vendor probab
Page 53 and 54:
call the risk/benefit ratio—the a
Page 55 and 56:
Workshop Q&A Previous Table of Cont
Page 57 and 58:
Page 59 and 60:
If you determine that it’s just o
Page 61 and 62:
(see Figure 4.2). Figure 4.2 An Eth
Page 63 and 64:
Division of Labor Previous Table of
Page 65 and 66:
just that the network itself is at
Page 67 and 68:
A Each situation is obviously diffe
Page 69 and 70:
Page 71 and 72:
Ruling out is particularly effectiv
Page 73 and 74:
Drive duplication can be a big help
Page 75 and 76:
Previous Table of Contents Next Aft
Page 77 and 78:
5. When you log problems on a given
Page 79 and 80:
if they have a plan, they are going
Page 81 and 82:
Is It a Virus, Doc? Previous Table
Page 83 and 84:
O: Only have tried two other Intern
Page 85 and 86:
A Remember that what a user says is
Page 87 and 88:
Page 89 and 90:
Previous Table of Contents Next Loo
Page 91 and 92:
Figure 7.1 Searching several sites
Page 93 and 94:
You’ll also find forums run by th
Page 95 and 96:
Previous Table of Contents Next
Page 97 and 98:
a server but you think it should be
Page 99 and 100:
Workshop Q&A Previous Table of Cont
Page 101 and 102:
Page 103 and 104:
Name Brand Versus Generic PCs The c
Page 105 and 106:
static electricity that may have bu
Page 107 and 108:
SIMMs and DIMMs There are two kinds
Page 109 and 110:
Page 111 and 112:
This is called looping back, becaus
Page 113 and 114:
Windows Previous Table of Contents
Page 115 and 116:
Figure 8.4 The NT Task Manager’s
Page 117 and 118:
UNIX Previous Table of Contents Nex
Page 119 and 120:
Probably the most important thing t
Page 121 and 122:
Hour 9 Ethernet Basics Previous Tab
Page 123 and 124: which translates into lots of colli
Page 125 and 126: it currently requires fiber-optic c
Page 127 and 128: designation is simply an industry-s
Page 129 and 130: Down, Down, Down Previous Table of
Page 131 and 132: A Collisions cause other errors, su
Page 133 and 134: Follow the Rules: Share and Enjoy!
Page 135 and 136: Previous Table of Contents Next Err
Page 137 and 138: Token Analyzers Finding a NAUN is r
Page 139 and 140: Token-Ring does not have any hard-a
Page 141 and 142: Down Town Previous Table of Content
Page 143 and 144: C. 1, 16 D. 4, 16 Answers to Quiz Q
Page 145 and 146: Going Native Although Windows allow
Page 147 and 148: Eminent Domain Previous Table of Co
Page 149 and 150: machine with the username Administr
Page 151 and 152: protocol. They therefore relied on
Page 153 and 154: Previous Table of Contents Next Fol
Page 155 and 156: Most of the time, you’ll not want
Page 157 and 158: allows you to manage them and check
Page 159 and 160: Binding Previous Table of Contents
Page 161 and 162: Figure 11.6 Showing bindings for al
Page 163 and 164: Informational Commands Previous Tab
Page 165 and 166: Figure 11.8 A monitor session. We k
Page 167 and 168: case you need them. 2. What does SM
Page 169 and 170: a great example of client/server. W
Page 171 and 172: Previous Table of Contents Next Alt
Page 173: The first number is the process ID
Page 177 and 178: Name Game Previous Table of Content
Page 179 and 180: The next thing you need to find out
Page 181 and 182: A UNIX security and file permission
Page 183 and 184: Previous Table of Contents Next Hou
Page 185 and 186: the amount of time used or data sen
Page 187 and 188: NLMs In addition to accepting comma
Page 189 and 190: NLM Party Previous Table of Content
Page 191 and 192: Again, make sure you are running th
Page 193 and 194: Big Monitor Is Watching Previous Ta
Page 195 and 196: Then, eureka! During one session of
Page 197 and 198: Protocol Problems Previous Table of
Page 199 and 200: Figure 13.10 UNICON will configure
Page 201 and 202: Summary Previous Table of Contents
Page 203 and 204: 7. The TCP/IP protocol and basic se
Page 205 and 206: ivory-tower stuff, but some of it i
Page 207 and 208: Configuring in Comfort Previous Tab
Page 209 and 210: Router 1 in Figure 14.3 is shown in
Page 211 and 212: to that network. Instead, the next
Page 213 and 214: Route in Peace: Routing Protocols P
Page 215 and 216: get to a network segment that until
Page 217 and 218: Figure 14.4 How two stations talk v
Page 219 and 220: Tree Trunks Previous Table of Conte
Page 221 and 222: garbage characters like these on a
Page 223 and 224: A. Add Router 99 to Router 88’s r
Page 225 and 226:
Let’s lay out some definitions he
Page 227 and 228:
Packet-Filtering Routers Previous T
Page 229 and 230:
eceptionist hangs up one line (the
Page 231 and 232:
from the proxy server without causi
Page 233 and 234:
Proxy Trouble Previous Table of Con
Page 235 and 236:
3. The proxy server resolves the na
Page 237 and 238:
Q My vendor says that its firewall
Page 239 and 240:
Page 241 and 242:
• Make checklists of tasks that m
Page 243 and 244:
Joe User Previous Table of Contents
Page 245 and 246:
groups | grep -q -w network && { ec
Page 247 and 248:
If you’re going to add or replace
Page 249 and 250:
Policies Previous Table of Contents
Page 251 and 252:
in this hour—will pay off as you
Page 253 and 254:
Q Which duplication software is rig
Page 255 and 256:
Hour 17 Where Do I Start? Previous
Page 257 and 258:
As optimistic as we’d all like to
Page 259 and 260:
• PCAnywhere • ReachOut • Rem
Page 261 and 262:
IPX/SPX Previous Table of Contents
Page 263 and 264:
Q What happens if I ping the loopba
Page 265 and 266:
correlations? A. netstat -a B. trac
Page 267 and 268:
equire that the application files t
Page 269 and 270:
The File and Print Blues Previous T
Page 271 and 272:
With five potential points of failu
Page 273 and 274:
In some cases, a slight difference
Page 275 and 276:
Application Celebration Previous Ta
Page 277 and 278:
Proto Local Address Foreign Address
Page 279 and 280:
printer 515 Line Printer Daemon (ne
Page 281 and 282:
Page 283 and 284:
Connected to 167.195.160.6. Escape
Page 285 and 286:
Workshop Q&A Q What in the blazes i
Page 287 and 288:
3. A 4. B 5. False 6. B 7. True 8.
Page 289 and 290:
Intranet = Internal The word intran
Page 291 and 292:
Internet Identification Previous Ta
Page 293 and 294:
If an outside machine is “on the
Page 295 and 296:
Here I Ping Again Previous Table of
Page 297 and 298:
Figure 19.6 DNS zones, like the fol
Page 299 and 300:
[rs.internic.net] Registrant: John
Page 301 and 302:
For example, I ran an NFS server on
Page 303 and 304:
• SMTP—Simple Mail Transfer Pro
Page 305 and 306:
Dialout DNS Previous Table of Conte
Page 307 and 308:
3. What does DMZ stand for? A. DNS
Page 309 and 310:
• It’s a way to avoid a Dilbert
Page 311 and 312:
Socks Stuff Previous Table of Conte
Page 313 and 314:
Figure 20.2 The AOL Instant Messeng
Page 315 and 316:
RealPlayer Previous Table of Conten
Page 317 and 318:
external client for proxy support,
Page 319 and 320:
Page 321 and 322:
Typical Operation Previous Table of
Page 323 and 324:
scantily, and still others are not
Page 325 and 326:
Not every kind of filter is availab
Page 327 and 328:
important. Your relative or interpa
Page 329 and 330:
Application Antics Previous Table o
Page 331 and 332:
Broken Ring Previous Table of Conte
Page 333 and 334:
creating a segment between the swit
Page 335 and 336:
Q Where can I get an Ethernet mini-
Page 337 and 338:
Page 339 and 340:
Figure 22.1 The MG-Soft MIB browser
Page 341 and 342:
the probe has picked up what’s go
Page 343 and 344:
Previous Table of Contents Next Her
Page 345 and 346:
information without the overhead th
Page 347 and 348:
A. Broadcast B. Baseline C. Brag D.
Page 349 and 350:
• Application efficiency • Serv
Page 351 and 352:
Application and Protocol Efficiency
Page 353 and 354:
and so on—is to measure. Everythi
Page 355 and 356:
it a point to say, “Would you sho
Page 357 and 358:
Here are the two types of performan
Page 359 and 360:
Network Statistics Previous Table o
Page 361 and 362:
Q About that latency analysis metho
Page 363 and 364:
Page 365 and 366:
Router Configuration Previous Table
Page 367 and 368:
For the second option, you’ll hav
Page 369 and 370:
Automatic for the People Previous T
Page 371 and 372:
are in an unknown location) to conn
Page 373 and 374:
Previous Table of Contents Next The
Page 375 and 376:
C. SYS:SYSTEM\AUTOEXEC.BAT D. SYS:P
Page 377 and 378:
active hub An active hub is one tha
Page 379 and 380:
A TCP-based authentication service
Page 381 and 382:
applications and protocols are base
Page 383 and 384:
An extremely fast network cable tha
Page 385 and 386:
See Internet Group Management Proto
Page 387 and 388:
A device that converts (modulates)
Page 389 and 390:
providers. Point-to-Point Tunneling
Page 391 and 392:
security audit An examination (ofte
Page 393 and 394:
An essential part of a network inte
Page 395 and 396:
Index Symbols A 100 Megabit Etherne
Page 397 and 398:
C new product, 45-46 burned-in addr
Page 399 and 400:
DLC (Data Link Control), 17 DMZ (de
Page 401 and 402:
F fat finger factor, 42-43, 46 fata
Page 403 and 404:
ICQ, 335-336 IMAP (Internet Mail Ap
Page 405 and 406:
M filters, 347-352 LANDecoder, 347
Page 407 and 408:
NetBIOS (Network Basic Input/Output
Page 409 and 410:
network card. See NIC Network Contr
Page 411 and 412:
power supply check, 66 troubleshoot
Page 413 and 414:
Q-R qualitative problems, 58 quanti
Page 415 and 416:
names, 393-394 NetWare, 202 paging
Page 417 and 418:
T dumb terminal mode, 211, 224 full
Page 419 and 420:
isolating soft errors, 135-136 LANa
Page 421 and 422:
U standardizing configuration, 245
Page 423 and 424:
V W upstream, 134 Usenet newsgroups
Page 425 and 426:
autodetection problems, 159 broadca
show all

Workshop

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?