OpenBSD Journal

y Network Troubleshooting Tools

Contributed by Dengue on from the dept.

I can still manage to read a book now and then. I find that amazing, given the pace of work and life and the necessity of watching Samurai Jack on Cartoon Network. Even rarer, is when I get an opportunity to write about one. Well here it is, a review of O'Reilly's Network Troubleshooting Tools .

Network Troubleshooting Tools
By Joseph D. Sloan
Copyright© 2001 O'Reilly & Associates, Inc.
ISBN 0-596-00186-X
$59.95 CAN, $39.95 US
346 pages

Network Troubleshooting Tools is an August 2001 addition to the O'Reilly catalog. The author, Joseph D. Sloan, teaches mathematics and computer science at Lander University in Greenwood, South Carolina. Network Troubleshooting Tools is a good primer for administrators who are working or interested in highly networked environments. It does a fine job of providing administrators and system programmers with a toolkit and methodology for troubleshooting connectivity related issues.

This is a good well-rounded text. It covers simple things, such as how ping and traceroute work, to more complex tasks, such as using nemesis and hping to test firewalls with hand-crafted packets. The author focuses on UNIX and public-domain/OpenSource tools. To my delight, Windows tools are only lightly touched upon, with netmon getting the most attention. Network Troubleshooting Tools is broken down into the following sections:

  1. Network Management and Troubleshooting
  2. Host Configuration
  3. Connectivity Testing
  4. Path Characteristics
  5. Packet Capture
  6. Device Discovery and Mapping
  7. Device Monitoring with SNMP
  8. Performance Measurement Tools
  9. Testing Connectivity Protocols
  10. Application Level Tools
  11. Miscellaneous Tools
  12. Troubleshooting Strategies

The first few chapters are overview and simple things all system administrators should know. You have to get into the book before it really begins to shine.

Chapter 5: Packet Capture has a good review of using tcpdump that is easier to read than the tcpdump(8) man page. Also covered in this chapter are methods of analyzing, sanitizing and presenting tcpdump output.

Chapter 6: Device Discovery and Mapping covers the use of nmap , arpwatch and queso for device discovery and OS fingerprinting. For network mapping and diagramming, coverage is given to tkined .

Chapter 7: Device Monitoring with SNMP provides a good overview of SNMP and the Net-SNMP (formerly UCD-SNMP) tools. This chapter focuses more on using the Net-SNMP tools for discovery and statistics gathering and doesn't cover the configuration of the SNMP daemon. If you only need to grab information from existing configured SNMP-aware devices, then it is a good reference. For more in-depth work with SNMP, I recommend O'Reilly's Essential SNMP by Mauro and Schmidt.

Chapter 8: Performance Measurement Tools covers ntop , mrtg , rrd and cricket . Again, for more detailed coverage of SNMP tools such as mrtg , I recommend O'Reilly's Essential SNMP , which devotes a full chapter to mrtg .

Chapter 9: Testing Connectivity Protocols gives excellent coverage to hping and obecian's nemesis . Examples of how to use both of these programs are provided.

Chapter 10: Applicaton-Level Tools provides an overview of application level protocols such as POP , FTP , SMTP and HTTP . Since this is only a troubleshooting guide, only an overview is presented. Overviews and examples are also provided for nslookup , dnswalk and dig .

In-depth analysis of protocols and tools is not the focus of this book. It really functions well as a guide to troubleshooting, pointing out tools and scenarios that work well together. It would be hard for most administrators to read this book and not learn something. For users of OpenBSD , most of the tools mentioned in the book are available in the OpenBSD Ports Collection .

Keep in mind as you work through this book that the use of many of these tools will light up a NIDS like a Christmas tree. These are not tools that you should be running against hosts on the Internet unless they're yours. A number of them are designed specifically to generate large amounts of suspicious looking traffic and could get you a nasty-gram from your ISP.

I certainly recommend Network Troubleshooting Tools for all but the most experienced system and network administrators. If you are less than a genius, there is something in it for you.

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]