Diagnose network problems
with this utility
Network troubleshooting is always a complex task for a systems
administrator. A myriad of problems can occur on your network, including
problems with the network's physical layer (wiring), problems with the NICs
running on each machine, and even problems with the logical layer. Diagnosing
the exact problem is often a time-consuming, trial-and-error task.
To diagnose network problems, systems administrators generally use a network monitoring tool, sometimes known as a protocol analyzer. These devices can be either hardware or software that lets you review all packet traffic on your network and look for different problems. Basic hardware and software network monitoring tools do not provide diagnosis capability: They often
collect only statistics and packets that you must manually sort through to
figure out a problem. Advanced, multithousand-dollar hardware devices use
built-in artificial intelligence to determine what, if any, network difficulties you have.
Microsoft BackOffice users do not need to spend thousands of dollars on a network monitoring solution. The Systems Management Server (SMS) component of BackOffice includes one. Unfortunately, many administrators are unaware
of this feature and its power, because it is not adequately documented in
reference sources, third-party SMS books, or training videos available from a
variety of sources.
The Network Monitor lets you observe dozens of different protocols
traversing your network. These protocols include basic ones Microsoft products
use to communicate with one another, such as Server Message Block (SMB) for file
sharing, and other protocols such as Dynamic Host Configuration Protocol (DHCP)
and NetBIOS. The monitor supports all major TCP/IP protocol components,
including low-level TCP, IP, and User Datagram Protocol (UDP) packets, and
higher-level protocols such as FTP, NFS, and Domain Name System (DNS). For
NetWare-enabled environments, the Network Monitor lets you watch NetWare Core
Protocol (NCP), IPX, and SPX traffic. For a complete list of supported
protocols, refer to the SMS Administrator's Guide.
Where Is It?
When you install SMS, the Network Monitor component installs on your
BackOffice server by default. (You can manually choose not to install the
component.) To verify the presence of the Network Monitor, look in the SMS menu
from the Programs option on the Start menu (or look in the SMS Program Group if
you're running NT 3.51). If an SMS Network Monitor icon is present, the
component is available.
Before you use the Network Monitor for interactive debugging, you must
install the Network Monitor Agent. Unless you insert this agent into your
system's network configuration, you can use the Network Monitor only to view the
contents of capture files from other machines that have the Monitor Agent set
up. To install the Monitor Agent into your system's network configuration, you
must manually run the Network configuration program from the Control Panel and
add the Monitor Agent. Once you add the Monitor Agent, reboot to activate the
Monitor Agent in the system configuration.
To use the Network Monitor, you must have a NIC that supports promiscuous
mode operation. In promiscuous mode, the NIC routes all packets it sees on
the network to the controlling network driver. Ordinarily, a NIC disregards any
network traffic that does not have the NIC's Media Access Control (MAC) address,
a unique 12-character hexadecimal value each NIC manufacturer assigns to every
card. Typically, if a packet does not have the correct address, your NIC will
not route the packet to your computer's network device driver; the card will
discard packet.
You can launch the Network Monitor in two ways. In the first method, select
the SMS Network Monitor option from the Systems Management Server Programs menu
in NT 4.0. The Network Monitor will launch with no filtering defaults. Or,
launch the Network Monitor within the SMS Administrator by double-clicking the
Network Monitor option when you are reviewing a personal computer's properties
within the SMS Administrator. This approach will automatically set up Network
Monitor to filter packets for only that specific machine.
Information Overload
When you first launch the Network Monitor, information overload occurs. The
main Network Monitor window, the Capture Window, appears and displays
information regarding the network adapter the monitor is observing. If your NT
machine is multihoming (i.e., you have more than one network adapter), switch
between the adapters to make sure you're monitoring the correct network. To
switch adapters, select Capture, Networks from the menu.
The Capture Window consists of four panes--Total Statistics Pane, Graph
Pane, Station Statistics Pane, and Session Statistics Pane--and gives you an
overview of network performance and information on the monitor's capture status,
as Screen 1 shows. Above the four panes, you'll see a toolbar with several
option buttons that let you turn individual panes on and off and start, stop,
and view the packet capture buffer.
Before you can collect network performance statistics, you must specify a
packet filter and tell the Network Monitor to start collecting packets. A packet
filter is a set of Boolean rules to tell the Network Monitor the packets you
want to capture in the capture buffer and compute statistics with. Packet
filters have two components: an origin address and a destination address. You
can collect all packets that you plan to send to a particular address or those
that originate from a particular address, or a combination of the two. You can
also use a wildcard, ANY, to specify any address the Network Monitor observes.
By default, if you start the Network Monitor directly from the Start menu,
Network Monitor will use the ANY wildcard for both inbound and outbound packets.
If you start from the SMS Administrator, the packet filter will select packets
only for the particular machine you specify.
Previous
Register
