TCP/IP has replaced IPX as the lifeblood of the NetWare network, shuttling packets of information from node to node. But when bottlenecks occur and packets get dropped, you need to be able to pinpoint where the problems originate. How can you check to make sure packets are flowing smoothly on your network? If you’re running NetWare, you can use the TCP/IP Console (TCPCon). With this utility, you can check on many aspects of TCP/IP. In this Daily Drill Down, I’ll show you how the TCPCon works and what you should watch for to identify problems.

What does TCPCon do?
TCPCon has been around since NetWare 3.x, but because it deals with packets and the protocol, it’s not a tool you use as a part of your daily routine unless you’ve noticed problems with your network. However, it can be very useful to:

  • Monitor activity.
  • View configuration and statistics information for IP, ICMP, UDP, TCP, OSPF, and EGP.
  • View IP routes known to a TCP/IP node.
  • View ports used by the server.
  • View connections and services.

Running TCPCon
Because it’s an NLM, you can only run TCPCon from your server. However, it’s text-based, which means you don’t have to actually visit the server to run it. You can connect to your server using RConsole or RConsoleJ and access the utility remotely.

To start TCPCon, go to the server’s console prompt, type load tcpcon, and press [Enter]. When you do, you’ll see the Available Options menu appear, as shown in Figure A.

Figure A
Load TCPCon from your server’s console to access the main menu.

The top of the main screen displays information about your TCP/IP configuration. The numbers on this screen constantly change because TCPCon monitors your network and updates the information. If you notice the numbers of receive and send packets change, then TCP/IP should be working correctly. Information on this screen includes:

  • Host—This field displays the name of the server you’re using. Don’t be surprised if the value for this field is Local Host rather than the name of your server. It may also display the TCP/IP address of your server. You can change the value of this field in the SNMP Access Configuration menu.
  • Uptime—Look here to find out how long your server’s been running.
  • System—This field shows the operating-system version of the server. However, you can basically disregard this field if you’re running NetWare 5.x. If you’re running NetWare 5.0 or NetWare 5.1, this field will show your server version as NetWare 5.00.09.
  • IP Received—Here you will find the number of IP requests received from all interfaces.
  • IP Sent—This field will list the number of IP packets transmitted. The number doesn’t count any packets forwarded to other nodes on the network.
  • IP Forwarded—The number of IP packets forwarded from one network node to another across your server can be found in this field. It displays the value Disabled if you haven’t configured the server to act as an IP router.
  • TCP Received—This field shows the number of TCP segments received.
  • TCP Sent—This value represents the number of TCP segments sent, not counting retransmitted data.
  • TCP Connections—Here you will find the number of currently established TCP connections.

From the Available Options menu also on this screen, you can change the configuration of your server and get more information about TCP/IP on your network. The choices from the Available Options menu will take you to other screens where you make the actual configuration changes. Menu choices include:

  • SNMP Access Configuration—When you go to the SNMP Access Configuration menu, you can configure how TCPCon gathers information.
  • Protocol Information—You can use this menu choice to go to the Protocol Information screen to view protocol information for the server.
  • IP Routing Table—This choice takes you to a submenu where you can view the routing table for the server.
  • Statistics—Use this option to pick from a list of protocols and view TCP/IP statistics about those protocols.
  • Interfaces—This menu shows statistics for the different NICs and configured interfaces on your server.
  • Display Local Traps—You’ll use this choice to view the local SNMP trap log maintained by SNMPLOG.NLM using this option.

Putting the information to use
Having the information about TCP/IP on your server at your fingertips is only half the fun. Here are a few concrete examples of how you can use this data to identify problems.

Checking ports
There are instances where services such as the NetWare Enterprise Web Server and the NetWare Management Portal may want to use the same port. When services share the port, a conflict can occur whereby a service can’t respond because the port it uses is already in use by another service.

To view which TCP/IP ports are currently in use, select Protocol Information | TCP | TCP Connections from the Available Options menu. When you do, you’ll see the TCP Connections screen shown in Figure B.

Figure B
TCPCon shows you the TCP/IP ports in use on your server.

On this screen, the Local Host column shows your server’s current IP address. The Local Port column shows the port number used locally by a given service. Most of the time, you can guess the service by the port number used. For example, Web services almost always use port 80.

The Remote Host column shows the IP address of the device accessing the port. The Remote Port column lists the outgoing port on the remote device. Finally, the State column shows the state of the connection. Connections can be in one of two states: Established or Listen. Established means there’s a connection between two hosts, while Listen means that the port is waiting for an incoming connection. After you’ve checked the columns to see which ports are in use, you can then select a different port for the service that’s not working.

Troubleshooting DHCP problems
Since DHCP uses UDP at the transport layer, you can use TCPCon to verify whether or not you have any UDP errors when you’re having problems with DHCP on your network.

To do so, select Statistics from the Available Options menu. When the TCP/IP Statistics menu appears, select UDP. Check the Invalid Datagrams Received field. This field should be zero or very close to it. A higher number indicates there’s a problem with TCP/IP on your network.

If you’re having problems with DHCP, check the Address Resolution Protocol (ARP) cache. The ARP cache consists of a list of recently resolved IP addresses, along with their Media Access Control (MAC) address mappings. Remember, the MAC address represents a unique physical address embedded in each network adapter. If there’s a problem with the ARP cache, packets may wind up going to the wrong computer.

To display all mappings currently in the ARP cache, select Protocol Information from the Available Options menu. When the Protocol Information menu appears, select IP to view the IP Protocol Information screen. On this screen, select IP Address Translations menu and press [Enter]. When the IP Address Translations screen appears, select and delete all entries in the IP Address Translations Table.

Check routing problems
Many TCP/IP problems occur because the default gateway, also known as the default route, is set incorrectly. To use TCPCon to make sure the default gateway is set properly, select IP Routing Table from the Available Options menu. Next, press [Enter] on the Proceed option to display the IP Routing Table screen.

Make sure the value in the Next Hop column points to the TCP/IP address of the router on your network. When you have verified that you do have the correct IP address for your default gateway, you can use the ping command at the server console prompt to verify that you can ping your default gateway’s IP address. If your default gateway is not connected to the network or is not functioning properly, the ping request will fail. If you don’t have the proper default gateway specified, you’ll have to use the Inetcfg utility from your server’s console prompt to correct the address. TCPCon only reports the information; it doesn’t allow you to change it.

Check data fragmentation
If your network seems to be running especially slowly, you can check the IP statistics for fragmented and reassembled packets. If you find a lot of them, you may have filtering issues, a lack of resources available to process packets, or possible routing loops.

Check the IP statistics by selecting Statistics from the Available Options menu. Next, select IP. When the IP Statistics screen appears, check the Local Errors field in both the Incoming Discarded Datagram and the Outgoing Discarded Datagram sections. Make sure the values are not incrementing on a regular basis. If they are incrementing on a regular basis, enable logging in TCPCon and capture the packets. From there, you can try to determine where the invalid datagrams are coming from. If SNMP logging doesn’t work, you may have to employ a packet sniffer.

TCPCon can make troubleshooting TCP/IP on your NetWare network much easier. It can provide valuable data when you’re having problems with ports, DHCP, routing, and data fragmentation, which can make network administration much smoother for you.