TCP/IP Essentials

While there are plenty of specialized

network-management applications to help identify and fix problems, less than a

dozen of them are absolutely essential for troubleshooting. These are the tools

you'll use the most, so make sure your toolkit is equipped with these 10 basic

necessities for effective, efficient network management.

1. Ping. Ping tests end-to-end connectivity by sending an Internet Control Message Protocol packet to see if a node or device is online and responding.

One of the first steps in troubleshooting a network is to use the generic IP loopback address 'ping' to test the local device.

You can also use ping to test the maximum transmission unit -- the maximum amount of data that can be carried in each packet end-to-end. Moreover, you might use ping to determine the round-trip time in milliseconds to another device on the network.

However, any tools that generate a lot of traffic through your ISP's routers will probably trigger an alarm. If your traffic increases CPU usage or saturates a link to the Internet, your ISP may investigate and limit your activities.

2. Traceroute. Traceroute builds on the functionality of ping by evaluating the hops along a path and calculating the time it takes a packet to travel from one router to the next.

For example, say you ping a remote device but it takes a long time to receive a response. To learn where the delay is occurring, use traceroute to examine the round-trip time to each of the routers along the path.

3. Protocol analyzer/network analyzer. A protocol analyzer (sometimes called a network analyzer) is an absolute necessity for understanding what your network is doing. Analyzers capture all packets, or specific packets defined in a filter, into a trace buffer. The analyzer decodes the packets to give you a readable definition of the contents. Some more advanced analyzers, such as Network Associates' Sniffer Pro, can also interpret the communications patterns to provide alarms and troubleshooting recommendations.

AG Group's EtherPeek is another popular analyzer, and Windows NT comes with a no-frills analyzer called Network Monitor. EtherPeek and Network Associates' Sniffer Basic cost less than US$1,500, whereas Sniffer Pro and other more advanced analyzers cost closer to $10,000.

4. Port scanner. Port scanning can tell you what services are available on a remote device. The screen shot shows the results of a port scan to using Northwest Performance Software's NetScanTools Pro 2000.

Just as using ping could get you into trouble, your ISP or the targeted system may construe port scanning or port probing as a hostile action or intrusion.

Moreover, port scanning may violate your ISP usage agreement.

5. Nslookup/DIG. Basic nslookup utilities make queries to Domain Name System (DNS) servers. An nslookup query will ask the default DNS server for host name-to-IP address resolutions. Domain Internet Grouper (DIG) is similar to nslookup, but provides a more detailed reply from the DNS server. For example, a simple nslookup reply for returns the following information:


IP address:

DIG returns the information above plus the following:

Name servers:AUTH00.NS.INT.NET

IP address:


IP address:

6. ARP. Address Resolution Protocol keeps track of IP addresses and their corresponding physical network addresses. You can read ARP tables to identify the hardware address that is being used to send packets.

7. Route. Route is a utility that lets you read and manipulate IP routing tables on a local device. The tables determine the next hop along a path to a host or network. These tables also contain the default gateway entry if one exists.

8. SNMP tools. SNMP management tools provide a way to gather and display Management Information Base (MIB) data extracted from devices that support SNMP agents. You can track SNMP devices via an alarming/alerting system that notifies the SNMP manager when a user-defined threshold has been exceeded.

However, one of the main obstacles to implementing an SNMP management system is the lack of a true cross-platform product.

9. Cable tester. You need a cable tester to precisely test and troubleshoot network wiring. Tools such as Microtest' OmniScanner often come configured with an entire set of tests to evaluate cable integrity and interference. Cable testers can report total cable lengths, pass/marginal/fail test results, near-end crosstalk, attenuation, impedance and more.

Some cable-tester manufacturers define their tools as network analyzers.

Although these devices may provide some information about the packet types crossing the wire, such as broadcasts, they are no substitute for true network analyzers that display packet contents.

10. Combination tools and miscellaneous utilities. There are several indispensable combination troubleshooting tools, including NetScanTools Pro 2000 and the AG Group's NetTools. Each provides a group of utilities that let you port scan, ping, trace route and perform nslookup, saving hours of troubleshooting time. Of the two, NetTools is less expensive and offers a subset of the tools included in NetScanTools Pro 2000.

You may also want to consider other utilities that provide basic configuration and connection information, such as Windows WINIPCFG, IPCONFIG and netstat. An IP address calculator is another handy tool to have around, and you may even be able to find a freeware version on the Internet.

Having the right tools makes the job of troubleshooting TCP/IP networks less painful and less mysterious.

(Chappell is a senior protocol analyst with Network Analysis Institute, a network analysis, research and training firm in Saratoga, California. She can be reached at

Join the newsletter!

Error: Please check your email address.

More about GatewayMicrotest

Show Comments