Network Diagnostic Tools

[cglaeser 0]

What types of tips, tricks, and network diagnostic tools do you use to troubleshoot potential problems on the LAN?

 

Best,

Christopher

[Soundy 1]

Gotta LanRoverPro TP-600 for testing physical connections (actually got the TP-607 kit with seven extra remote modules and a nice zippered case).

 

For the rare times I actually need to do data testing, Wireshark has been invaluable.

 

As far a "tips and tricks"... I keep a couple of BNC terminators around (I have both 50-ohm and 75-ohm) that I can throw on the end of a cable run, then measure the resistance at the other end to check for shorts or open circuits.

 

I also use a portable DVD player as both service monitor and test-signal source, along with a DVD I made with assorted test signals (color bars, alignment patterns, etc.)

[vin2install 0]

Leave the device on DHCP if it grabs an IP address then your ethernet cable is ok

[Soundy 1]

^Assuming you have a DHCP server on the network in question.

[jeromephone 6]

you can also have pairs messed up and you will connect but only at a max of 10 Meg

 

a wire mapper can be purchased for around 30.00

[cglaeser 0]

For the rare times I actually need to do data testing, Wireshark has been invaluable.

 

I installed Wireshark and watched the online tutorials. You're right, it's a great tool.

 

I noticed a large number of checksum errors between the Exacq server and IP cameras, and between the Exacq server on one computer and the Exacq client on another computer. Given that everything seems to be working fine, I'm guessing these are not really errors. Is it possible Wireshark is not parsing the packets correctly? Or, is it common to have large numbers of checksum errors?

 

Best,

Christopher

[Sawbones 0]

Wireshark is phenomenal. I use it when I buy used equipment off Ebay or other people, and they have no idea of the IP address.

 

Plug your device into a hub (not a switch... a HUB), plug wireshark into another port, and fire it up. Eventually the device will advertise itself on the network (which, being a hub, repeats the packet to all ports), and you now have the IP address for the web interface.

 

I've had to do that with print servers, web-enabled switches... saves me oodles of time (one print server had everything disabled, and didn't even have an IP address... but I had the MAC, and I was able to supply it with an IP address via ARP... no idea why the prior owners had it set that way).

 

Oh... and wireshark was originally a *nix tool, but now has been ported to windows.

 

NMAP (by Fyodor) is also a handy tool.

[hardwired 0]

Wireshark is a very handy tool, also jperf is a great tool for testing bandwidth on Ethernet links (especially handy for wireless links).

 

Angry IP Scanner works well for showing all live IP's on a network quickly (NMAP is good, too, but takes a little longer to use).

[ssnapier 0]

Angry IP Scanner works well for showing all live IP's on a network quickly (NMAP is good, too, but takes a little longer to use).

 

That is an awesome name for a piece of software... LOL

[SectorSecurity 0]

It is important to know if you want to receive traffic not destine for your network card you need to tell Wireshark to switch you into promiscuous mode, basically tells the network card I dont care if its addressed to me I want to see it.

 

I dont remember if wireshark does this by default or not. HPing is great if you want to send specially crafted packets.

[Sawbones 0]

It is important to know if you want to receive traffic not destine for your network card you need to tell Wireshark to switch you into promiscuous mode, basically tells the network card I dont care if its addressed to me I want to see it.

 

I dont remember if wireshark does this by default or not. HPing is great if you want to send specially crafted packets.

 

Depending on what kind of network you have, you might have to be creative. If you want ALL the traffic, you'll need to put an old-fashioned hub in between your target, and the network, then hook your sniffer machine to that hub. Hubs repeat all packets to all ports.

 

Alternatively, you can overflow or poison the ARP cache on a switched network and get the data that way.

[SectorSecurity 0]

It is important to know if you want to receive traffic not destine for your network card you need to tell Wireshark to switch you into promiscuous mode, basically tells the network card I dont care if its addressed to me I want to see it.

 

I dont remember if wireshark does this by default or not. HPing is great if you want to send specially crafted packets.

 

Depending on what kind of network you have, you might have to be creative. If you want ALL the traffic, you'll need to put an old-fashioned hub in between your target, and the network, then hook your sniffer machine to that hub. Hubs repeat all packets to all ports.

 

Alternatively, you can overflow or poison the ARP cache on a switched network and get the data that way.

 

You can achieve the same effect by switching your card into promisc mode. However you will only get what is on that switch segment, so if you have multiple switches you will not get all the traffic.

[hardwired 0]

It is important to know if you want to receive traffic not destine for your network card you need to tell Wireshark to switch you into promiscuous mode, basically tells the network card I dont care if its addressed to me I want to see it.

 

I dont remember if wireshark does this by default or not. HPing is great if you want to send specially crafted packets.

 

Depending on what kind of network you have, you might have to be creative. If you want ALL the traffic, you'll need to put an old-fashioned hub in between your target, and the network, then hook your sniffer machine to that hub. Hubs repeat all packets to all ports.

 

Alternatively, you can overflow or poison the ARP cache on a switched network and get the data that way.

This is another good reason why to get decent quality managed (or at least "smart" switches) that you can configure a port on to mirror all traffic going through that switch (some switches call it "mirroring", some call it a monitor port, etc)

 

That will allow your Wireshark monitor to see all traffic (at least on that switch).

 

I haven't explored the option, but I would think you would also be able to assign that monitor port to an individual VLAN from each switch, and then send whichever VLAN you want to look at to an central exit port with the Wireshark monitor on it (it would add a lot of traffic to the network, though).

[dvarapala 0]

I noticed a large number of checksum errors between the Exacq server and IP cameras, and between the Exacq server on one computer and the Exacq client on another computer. Given that everything seems to be working fine, I'm guessing these are not really errors. Is it possible Wireshark is not parsing the packets correctly?

 

This usually indicates that the checksums are being computed in hardware on the Ethernet card. As you noted everything is working fine so it's safe to ignore those errors.

[hardwired 0]

I noticed a large number of checksum errors between the Exacq server and IP cameras, and between the Exacq server on one computer and the Exacq client on another computer. Given that everything seems to be working fine, I'm guessing these are not really errors. Is it possible Wireshark is not parsing the packets correctly?

 

This usually indicates that the checksums are being computed in hardware on the Ethernet card. As you noted everything is working fine so it's safe to ignore those errors.

You can look for a setting called "TOE" or "TCP offload engine" in the card settings, or BIOS for onboard NIC. If you want to turn this off temporarily for testing, you can.

 

You typically will want it on, though, it reduces processor load by doing some of the work, and the errors shown by Wireshark are just because it's seeing the packets before the TOE engine has worked on them, and fixed them, before going out on the wire.