One of the most powerful network troubleshooting resources typically is overlooked on most network administrators’ top ten lists of handy tools. But a properly configured laptop can get you out of almost any pinch.
Let’s take a look at the hardware profile and favorite software tools I always deploy on laptops intended for troubleshootingnetwork issues. As you read through my list of must-have utilities, remember that there are all kinds of network problems. I like to keep a variety of software handy to assist me in coping with the mix of problems that I encounter.
People often think of network troubleshooting tools in terms of protocol analyzers and reporting tools, and these tools definitely have their place on a troubleshooting laptop. But in the real world, problems that can be diagnosed by such tools represent only a fraction of the network problems you’ll come across. Often, network problems are the result of failed servers, and although protocol analyzers and reporting tools will certainly help you to see that a server has gone offline, they do little, if anything, to fix the problem. So I also include some low-level diagnostic and repair tools on my laptop that help me diagnose and repair a failed server.
Although I’m particularly fond of Sony laptops, your machine’s brand matters a lot less than what’s under the hood. Lots of memory, a big hard disk, and a fast processor are important. For my particular troubleshooting laptop, I use a 700-MHz processor with 256 MB of RAM and a 20-GB hard drive. Perhaps the most important part of the machine’s hardware profile, however, is its network interface card (NIC).
I always keep three wireless NICs and three wired NICs with my network troubleshooting laptop, because I never know whether the network problem I’ll need to troubleshoot will be on a wireless or wired segment of the network. The wireless cards should conform to the 802.11b standard, and the wired network cards should support 10 and 100 Mbps speeds.
I keep three pairs of NICs because when doing consulting, I’m constantly moving from network to network. I reserve one wireless and one wired card for use at home. That way, when I go home, I can simply insert the appropriate network card and my laptop is configured and ready to go.
The wireless/wired card pair is for corporate network troubleshooting. No two networks are exactly the same, so I tend to have to reconfigure these cards every time I use them. The last card set serves as a spare in case I have doubts during the troubleshooting process as to whether my NIC is really working. I’ve also encountered situations when I needed to directly attach to two different network segments at once, which would be impossible without multiple network cards.
The operating system
As operating systems go, I recommend using Windows XP. Not only is it stable and reliable, but XP’s ease of network configuration makes it an excellent choice for network troubleshooting. Every version of Windows since Windows 95 has supported the use of hardware profiles, but Windows XP automates the process. XP recognizes every network card and corresponding configuration that you insert into a laptop. If you have a network card that you always use at home to attach to a home network, you can insert that card when you get home and your home network configuration profile would instantly become active, regardless of any network configuration changes that you might have made while using other NICs.
Now let’s talk troubleshooting applications. After all, without a few well-selected utilities, you’re limited to the troubleshooting tools that come with Windows. Granted, the TCP/IP utilities, terminal server client, and other tools that are part of Windows certainly have their place, but you can do so much more when you install some third-party software.
The first utility that I recommend installing onto your laptop is QCHECK, which can be downloaded free from the NetIQ Web site. QCHECK is an easy-to-use utility that allows you to test network throughput between two points. Simply install the QCHECK program on your laptop and the other machine at the end of the communication path you want to test. Then select the type of test that you want to perform; QCHECK can run TCP, UDP, IPX, and SPX communication tests between the two endpoints. These tests include checking response time and throughput. You can also perform a TCP or UDP TRACERT or test streaming UPD or IPX. Figure A illustrates how simple QCHECK is to use.
|With its minimalist interface, QCHECK is one of the simplest network monitoring tools available.|
LinkFerret Network Monitor
The LinkFerret Network Monitor is a great tool for discovering the types of traffic that are flowing across your network. As Figure B shows, LinkFerret provides a graphical display of various statistics, including packet sizes, frame types, and bandwidth utilization. The utility also lets you see what protocols are being used on the network and to what extent. You can also view individual packets as they flow across the network, or capture packets and then examine them in detail. You can download a free trial version of LinkFerret from ZDNet.
Another protocol analyzer that I sometimes use is Ethereal. My favorite aspect of Ethereal is that the version you download isn’t a watered-down shareware application; the program is genuine freeware. And Ethereal is compatible with various versions of Linux and UNIX. The utility gives you very detailed information. In Figure C, you can track my workstation’s connection to the TechRepublic.com Web site and see exactly what the session had to do to pass through my firewall.
Why two analyzers?
You’re probably wondering why I use two protocol analyzers. I tend to use Ethereal when I need lots of specific information. I use LinkFerret when I need some quick statistics.
Network Information is an easy-to-use shareware utility that quickly details anything you need to know about a server’s configuration. As you can see in Figure D, the utility allows you to view configuration information for the host, adapter, interface, IP, and TCP. There are also Statistics and Connections functions available under the General Information section. If you look at the bottom-left corner of the figure, you’ll notice the Network Resource and Network Tools buttons. The Network Resource button lets you perform tasks such as viewing sessions, disconnecting sessions, and opening and closing files, while the Network Tools section includes graphical versions of PING and TRACERT.
|Network Information can give you server configuration information quickly.|
Perhaps my favorite utility for server repair and troubleshooting is the Administrator’s Pak from Winternals Software. The Administrator’s Pak is available for about $700 and includes five tools: ERD Commander 2002, Remote Recover, Disk Commander, NTFSDOS Professional, and Monitoring Tools.
ERD Commander 2002 lets you to boot a server to a Windows-like environment that can be used to repair the system. From this environment, you can gain full read and write access to all partitions without having to know any passwords. You can also do things like edit the registry, change the startup settings for devices and services, and reset passwords. The built-in operating system also allows TCP/IP-based network access and lets you access the machine’s event logs, system information, and logical volume utilities.
I use ERD Commander 2002 religiously. If I had to do away with every utility I own except one, this would be the one that I keep because it has helped me repair so many servers. When a server fails, it’s usually either the result of a critical hardware failure or because some software component has changed. Perhaps the registry has been modified, or a new service or device driver has been installed. ERD Commander 2002 will help you recover from all of these problems because it allows you to replace files and modify Windows settings from outside Windows. Finally, there’s an answer to the question of how to repair an operating system when your operating system won’t boot.
I’ve also enjoyed working with ERD Commander because of its ability to reset network passwords. I’ve been on countless consulting jobs in which either no one knew the Administrator’s password or a service account password, or the people involved refused to give me the password. ERD Commander allows you to change any network password without having to know any password, including the Administrator’s.
Occasionally, a server may be damaged beyond repair. When this happens, you can use Remote Recover to boot an unbootable machine to a special operating system. From there, you can access the machine’s hard drives as local volumes from another machine on the network. This allows you to copy any salvageable data off the dead machine and place it in a location of your choosing.
Someone once asked me why I don’t just transplant the hard drives from a dead server into another machine when I need to recover data. Certainly, transplanting the drives is easier most of the time. However, sometimes you may not have any empty drive bays or SCSI ports available on the machine where you would like to transplant the drives. Likewise, you may have a hard disk or RAID array on the dead server that uses a different version of SCSI controller than is available on the machine where you’re trying to transplant the drives. Furthermore, you may not have the mass storage device drivers available, making a transplant impossible. My point is that there are a million situations in which using Remote Recover will help you salvage data that may otherwise be very difficult or impossible to get to.
Disk Commander is a different type of data recovery utility. Disk Commander allows you to recover data from damaged, reformatted, or deleted partitions. Once files have been located, Disk Commander gives you the option of either repairing the partition (if possible) or moving the data to a safe location. We’ve all had situations in which someone accidentally wiped out an entire disk partition or a partition suddenly became corrupted for no apparent reason. Disk Commander is one of the best tools that I’ve found for recovering from such disasters.
NTFSDOS is a utility that allows you to use a boot disk to access NTFS partitions through a DOS-style environment. This utility gives you full read and write access to the partition without the need for a password. NTFSDOS capabilities are included in ERD Commander. The only reason for using NTFSDOS rather than ERD Commander is that it doesn’t require nearly as much time to load as ERD Commander does. If you simply need to create or delete a file from an NTFS partition and you don’t have a password, booting the system using NTFSDOS is the fastest way of getting the job done.
Monitoring Tools include both file-monitoring and registry-monitoring tools. Both utilities constantly monitor the system for changes and can provide useful information when problems occur. I found these tools most helpful in an office that I once worked in, where another administrator liked to experiment with production servers. Most of our network crashes were related to his tampering. I soon learned that by creating logs of changes to the files and to the registry, I could see exactly what this individual had changed and could undo the damage without spending hours manually troubleshooting the problem.
Always be prepared
And there you have it: a laptop ready for nearly any network emergency. But don’t forget to prepare the laptop itself. Don’t put yourself in a situation that I’ve encountered where your precious troubleshooting laptop is the only means to get your network up and running, and then you find the battery is dead. Keep the battery charged, retain a spare battery, and keep this laptop off the production network to avoid attracting malicious attention or viruses. Keep your troubleshooting notebook tucked away and treat it as a specialty tool designed for one job and one job only. With this philosophy, and the tools described above, your network troubleshooting will be much smoother than you ever dreamed.