How Do I Troubleshoot Network Problems?

Network failure refers to a state in which the network cannot provide normal services or reduces service quality due to hardware problems, software vulnerabilities, and virus intrusions.

Chinese name: Network failure

Foreign name: network failure

Network failure for hardware

Network failures are generally caused by equipment that constructs the network, including network cards, network cables, routers, switches, modems and other equipment ^[1] . For this kind of failure, we can usually check it out through the PING command and the tracert command.

Network failure about software

It's a very complicated thing. System: If the general TCP / IP protocol fails, the network will definitely have problems. There may also be problems with user management. Sometimes firewall settings also affect the network.

Let's share the general method for network failure analysis of Kelai network analysis system. Many network failures, such as severe network packet loss, slow network speed, network attacks, etc., often make us feel unable to start. At this time, use Kelai network An analysis system, combined with network analysis, will allow us to do more with less. Of course, there will be many ways, if you have other opinions and opinions, welcome to discuss with the post!

Network fault characteristics

For the search of worms, in the Kelai network analysis system, you can first view the following parameters: TCP packets, TCP connections, network connections and sessions. The corresponding analysis views are summary statistics, charts, endpoints, and session views. Any kind of worm that has to spread on the network will have the same network behavior characteristics-scanning, will produce abnormal network communication, using these behavior characteristics, we can find the host infected with the worm virus.

Through the TCP packet and TCP connection data information in the summary statistics, we can roughly judge whether the TCP transmission of the network is normal. Normal TCP transmission. In theory, the synchronization data packet and the end connection data will be approximately equal, about 1: 1, but if the difference is very large, as shown in the figure above, the ratio is 8032: 1335, that is, the host sent 8032 synchronization positions. There are only 1335 data packets, but there are only 1335 end-connection data packets. It can be initially determined that the host is abnormal. Further analysis through endpoint and session views

In the endpoint view, you can analyze through network connection, sending data packets, receiving data packets, etc., while in the session view, you can view detailed communication. If there is scanning and other behaviors, it will continuously try to connect to the target host, and the communication traffic will be basically the same , As shown in 198B above, and generally only send data packets without receiving data packets. Of course, there are different types of worms, and the methods are slightly different for different types of viruses. In short, I hope the above content can give you a little reference and reference.

DOS Network failure DOS attack

If there is a DDOS attack on the network, how do we find it? First, you can also view the network connection, send data packets, and receive data packets in the endpoint view.

In the endpoint view, you can locate the suspicious host based on information such as network connection and data packet sending and receiving, and then check the data communication situation through the matrix view.

In the matrix view, you can see the communication status of the host very intuitively. For example, this IP host is currently in conversation with more than 1000 node IPs. It receives 608311 packets and 113MB of received traffic, and sends packets and sends All traffic is 0, indicating that the host may be under attack. If you want to further analyze the attack method, you can view it in the packet view and determine the attack method by decoding the packet, such as SYN Flood.

Network failure packet loss

Networks often experience slow network speeds and severe packet loss. This type of failure is usually one of the most common and headaches in network management. Many brothers in the forum have raised similar questions. Here, I will discuss with you some analysis methods of using Kelai's network analysis system when the network is slow.

Network failure slow speed

There are many reasons for the slow network speed, such as network loops, broadcast storms, traffic occupation, P2P downloads, viruses, and so on. When we encounter a slow network speed, how can we quickly find the source of the problem? Analysis system capture analysis is a better solution. My personal opinion is that you can first see whether there are more obvious faults, such as ARP scanning or spoofing, through the expert diagnostic view; if it is more implicit fault information (transport layer or network layer), you can view IP traffic in the endpoint view , Network connection, sending / receiving data packets, etc. if there is any abnormality, if you find a suspicious host, locate the host, analyze its session, matrix, and data packets, and you can quickly find the cause of the failure. Here, I also want to talk about the node browser of Kelai. I personally feel that this is a very good function. Quickly locating nodes and quickly filtering and filtering data are very useful in analyzing network failures. The previous serials have also been mentioned, I wonder if everyone has any impression.

The following figure is a screenshot of packet capture during a network failure. The network is very slow during packet capture. The ping delay of the external network is 2000ms. After searching from various directions, the root cause of the problem is still not found. Therefore, the network analysis system is used to capture packets. It was found that the communication of a host was extremely abnormal (the display in the matrix view was very intuitive), so it was disconnected from the network, and the ping value returned to normal immediately, about 10ms.

I have discussed several common network faults and the methods used to find them. I hope they can help you find network faults a little. Of course, network faults are intricate and complex. There are no methods or products that can ensure the stable operation of the network. When we encounter network faults, we can quickly find and resolve network faults with the help of Kelai's network analysis system, making our work and business Without loss, this is the most important.

Summary of network failures

1. Fault ^[2] Phenomenon: The settings of the network adapter (network card) conflict with the computer resources.

Analysis and elimination: Avoid conflicts with other computer resources by adjusting the IRQ and I / O values in the network card resources. In some cases, you need to adjust the conflict with other resources by setting jumpers on the motherboard.

2. Symptom: Other clients in the local area network of the Internet cafe can see each other on the "Network Neighborhood", and only one computer cannot see it, and it cannot see other computers. (Prerequisite: The LAN of the Internet cafe is connected to a star network structure through a HUB or a switch)

Analysis and elimination: check whether this computer system works normally; check the network configuration of this computer; check whether the network card of this computer works normally; check if the network card settings on this computer conflict with other resources; On; check if the contact of the network cable connector is normal.

3 Symptom: There are two network segments in the local area network of the Internet cafe. All computers on one network segment cannot access the Internet. (Prerequisite: The LAN of this Internet cafe is connected to two network segments through two HUBs or switches)

Analysis and elimination: The main line of the two network segments is broken or the joints at both ends of the main line are bad. Check the settings of the network segment in the server.

4 Symptom: All computers in the local area network of the Internet cafe can see each other on the "Network Neighborhood". (Prerequisite: The LAN of this Internet cafe is connected to a star network structure through a HUB or a switch)

Analysis and troubleshooting: Check whether the HUB or switch works normally.

5. Symptom: A client in the LAN of an Internet cafe can see the server on the "Network Neighborhood", but cannot access the Internet. (Premise: the server refers to the computer on the Internet that is used to proxy other Internet machines in the Internet cafe LAN, the same below)

Analysis and elimination: Check the client's TCP / IP protocol settings, check the IE browser settings in this client, and check the server's settings for this client.

6. Symptom: All computers on the entire LAN in the Internet cafe cannot access the Internet.

Analysis and elimination: whether the server system works normally; whether the server is disconnected; whether the modem works normally; whether the central office works normally.

7. Symptom: Except the server that can access the Internet, other clients in the Internet bar LAN cannot access the Internet.

Analysis and elimination: check whether the HUB or switch is working normally; check whether the network part (including: network card, network cable, connector, network configuration) connected to the server and the HUB or switch is working normally; check whether the software used by the agent to access the Internet is running normally; Whether the setting is normal.

8. Symptom: During dial-up Internet access, the Modem does not have dial-up sounds, it cannot always connect to the Internet, and the indicator on the Modem does not flash.

Analysis and elimination: whether the telephone line is busy; whether the connection to the server of the modem (including: connections and connectors) is normal; whether the telephone line is normal and there is no noise interference; whether the dial-up network configuration is correct; whether the modem configuration setting is correct, check Whether the tone or pulse mode of the dial tone is normal.

9. Symptom: The system cannot detect the modem (if the modem is normal).

Analysis and elimination: Reinstall the modem again, pay attention to the correct position of the communication port.

10 Symptom: The Internet connection is too slow.

Analysis and exclusion: Check whether the connection speed of the port set in the "dial-up network" of the server system is the set maximum value; whether the line is normal; you can improve the connection speed by optimizing the modem settings; you can also improve the Internet speed by modifying the registry Whether there are many clients accessing the Internet at the same time; if there are many, it is normal that the connection speed is too slow.

11. Symptom: A "Error 678" or "Error 650" prompt box appears on the computer screen.

Analysis and elimination: Generally, the server line you dialed is busy, busy, and temporarily unavailable. You can continue to redial after a while.

12. Symptom: Error 680: No dial tone. Please check if the modem is properly connected to the phone line. Or There is no dialtone. Make sure your Modem is connected to the phone line properly. Appears on the computer screen.

Analysis and elimination: Check whether the modem works normally and whether it is turned on; check whether the telephone line is normal, whether the modem is correctly connected, and whether the connector is loose.

13. Symptom: The prompt "The Modem is being used by another Dial-up Networding connection or another program. Disconnect the other connection or close the program, and then try again" appears on the computer screen.

Analysis and elimination: check if another program is using the modem; check if there is a conflict between the modem and the port.

14. Symptom: The prompt "The computer you are dialing into is not answering. Try again later" appears on the computer screen.

Analysis and troubleshooting: The telephone system is faulty or the line is busy. Dial again later.

15. Symptom: The prompt "Connection to xx.xx.xx. was terminated. Do you want to reconnect?" Appears on the computer screen.

Analysis and elimination: The telephone line is interrupted, and the connection between the dial-up connection software and the ISP host is interrupted. Try again later.

16. Symptom: The prompt "The computer is not receiving a response from the Modem. Check that the Modem is plugged in, and if necessary, turn the Modem off, and then turn it back on" appears on the computer screen.

Analysis and elimination: Check whether the power of the modem is turned on; check whether the cable connected to the modem is correctly connected.

17. Symptom: A "Modem is not responding" prompt box appears on the computer screen.

Analysis and elimination: indicates that the modem has not responded; check whether the power of the modem is turned on; check whether the cable connected to the modem is properly connected; the modem is damaged.

18. Symptom: NO CARRIER message appears on the computer screen.

Analysis and exclusion: indicates no carrier signal. This is mostly because the modem application is shut down improperly or the telephone line is faulty; check that the cable connected to the modem is properly connected; check that the modem's power is on.

19. Symptom: A No dialtone prompt box appears on the computer screen.

Analysis and elimination: No dial tone; check whether the telephone line and modem are properly connected.

20. Symptom: When the Disconnected prompt appears on the computer screen.

Analysis and elimination: indicates the termination of the connection; if the prompt appears during dialing, check whether the power of the modem is turned on; if the prompt appears during use, check whether the phone is being used.

twenty one. Symptom: ERROR prompt box appears on the computer screen.

Analysis and elimination: It is an error message; whether the modem is working normally and whether the power is on; whether the command being executed is correct.

twenty two. Symptom: "A network error occurred unable to connect to server (TCP Error: No router to host) The server may be down or unreadchable. Try connectin gagain later" appears on the computer screen.

Analysis and troubleshooting: It indicates a network error, possibly a TCP protocol error; there is no route to the host, or the server cannot be connected due to the shutdown of the server. At this time, only a retry is possible.

twenty three. Symptom: When the prompt "The line id busy, Try again later" or "BUSY" appears on the computer screen.

Analysis, exclusion: indicates that the line is busy, only retrying.

twenty four. Symptom: When the prompt "The option timed out" appears on the computer screen.

Analysis and elimination: indicates that the connection timed out, mostly due to a communication network failure, or the called party was busy, or the input URL was incorrect. Check with the central office whether the communication network is working properly. Check that the URL entered is correct.

25. Symptom: When the prompt Another program is dialing the selected connection appears on the computer screen.

Analysis, exclusion: indicates that another application is already using dial-up network connection. Only after stopping the connection can we continue our dial-up connection.

26. Symptom: Garbled characters appear when browsing Chinese websites with Internet Explorer.

Analysis and troubleshooting: Chinese characters caused by incompatible Chinese and Western software in IE browser will be displayed as garbled characters. You can try NetScape's browser to see it. The Chinese character code used in China is GB, and * is BIG5. If this is the cause Chinese characters are displayed as garbled characters. You can try RichWin to transform the internal codes.

27. Symptom: The browsing speed is slower than normal.

Analysis and elimination: The trunk line is congested, resulting in slower network speed; (normal condition) more people browse a certain web page, resulting in slower network speed; (normal condition) there is a problem with the modem setting; central line has a problem.

28. Symptom: Can access the Internet normally, but always intermittent.

Analysis and elimination: telephone line problems, poor line quality; modems are not working properly, affecting the stability of the Internet.

29. Symptom: When dialing up to the Internet, you cannot hear the dial tone and cannot dial.

Analysis and elimination: Check whether the modem works normally, whether the power is on, whether the cable is connected well, and whether the telephone line is normal. (Daily Network News)

30. Symptom: In the process of dial-up Internet access, dial tone can be heard, but there is no dialing action, but the computer prompts "No dial tone".

Analysis and exclusion: You can modify the configuration so that the dialer does not detect the dial tone. You can enter the properties window of "My Connection", click the "Configuration" tab, and remove the check box of "Waiting for dial tone before dialing" in the "Connection" column.

31. Symptom: During the process of dialing up to the Internet, a prompt appears on the computer screen: "It has been disconnected from your computer, double-click 'Connect' and try again."

Analysis and elimination: Poor telephone line quality and high noise can be dialed to 112 for repair. It may also be caused by a virus. Use antivirus software to kill the virus again.

32. Symptom: If the prompt "Dial-up Network cannot handle the compatible network protocol specified in the 'Server Type' setting" appears on the computer screen.

Analysis and elimination: Check whether the network settings are correct; whether the modem is normal; whether it is infected with a macro virus; use the latest antivirus software to kill the virus again.

33. Symptom: The domain and server cannot be found in Windows 98 Network Neighborhood, but other workstations can be found.

Analysis and exclusion: In "Control Panel Network Microsoft Network Client", change the connection between Windows 98 and the network from slow to fast connection when logging in.

34. Symptom: When viewing "My Network Places", the error message "Unable to browse the network. The network is unreachable. For more information, please check the" Network Troubleshooting "topic in the" Help Index "."

Analysis and exclusion: The first case is caused by clicking the "Cancel" button when the Windows network is required to enter the login password of the Microsoft network user. If you want to log in to the NT server, you must log in as a legitimate user and enter Correct password. The second case is conflict with other hardware. Open "Control Panel System Device Management". Look for * question marks, exclamation marks, or red question marks in front of the hardware. If so, you must manually change the interrupt and I / O address settings for these devices.

35. Symptom: Only the machine name of this machine can be found in "My Network Places" or "Explorer".

Analysis and elimination: Network communication errors, usually the network cable is disconnected or the connection with the network card is bad, or there may be a problem with the Hub.

Network troubleshooting diagram

Today, more and more business applications are running on the network architecture, ensuring the continuous, efficient, and secure operation of the network has become a huge challenge for network managers. However, despite careful deployment and strict security policies, despite the increasing investment in network management, network problems continue to emerge. Claris has newly launched the Claris Network Application Troubleshooting Map, which uses network analysis technology to help you quickly find the source of the problem.

Typical case of network failure

Example 1: Cannot access the server

First test whether the failure affects only one workstation, which can be confirmed by other workstations accessing the server. If workstations with similar faults appear on the same network segment or are connected to the same switch, then it is necessary to analyze whether the subnet mask of this network segment is set correctly and the switch is working normally. In addition, it is also necessary to see if the server has disabled the services of workstations on this network segment.

Example 2: "Insufficient Network Resources" Appears When Transmitting 100M Data

As a rule, network failures generally do not rule out the following: a problem with the network card, an improper crystal head, a problem with the network cable, a problem with the network card driver, or a network protocol. However, according to the failure phenomenon, the above guesses can be ruled out, because there is a problem in any place, it is impossible to carry out data transmission between the microcomputers, so it can be determined that the problem should be caused by environmental factors. Because a large amount of data transmission requires frequent data reading, this requires a relatively stable transmission environment, and when there is interference near the network card, this stable environment will be destroyed. Generally, make sure that the network card is not inserted in a slot close to the graphics card. Current graphics cards generally have a fan, and the graphics card fan will affect the work of the network card, especially when the graphics card is frequently operated, the impact will be more obvious. Unplug the network card and insert it into a slot farther away from the graphics card, which can solve the problems that occur when transmitting a large amount of data.