Diagnosing Network Connectivity Issues
This document outlines items to check on your NetIntercept
box to detect basic network connectivity issues, including physical
connectivity, how to check what subnet you're on, and how to see
which routers your NetIntercept system is connected to. This will
enable you to communicate the network issue you may be experiencing
to your local Network administrator, so it can be fixed promptly.
Physical Connectivity
If you are having troubles seeing ANY network, such as it
looks like absolutely no traffic is being captured by your
NetIntercept box, or you are not capable of accessing your computer
remotely, you may have a physical connectivity issue.
- Is the network cable firmly clicked into your NetIntercept box's
appropriate network port? You may wish to unhook it, then plug it in
again. If the port is in use, a light will turn on at the port. Check
to see if the light is on or not when the cable is plugged in. If the
cable is plugged in firmly, but the light is not on, no signal is
coming to the computer. Ensure that the cable is not physically
faulty, or that the router/switch it is attached to has that port set
up properly, is plugged in firmly, etc. If the cable is plugged in and
there is still no light, it is likely that there is a problem outside
of the NetIntercept box, such as a general network failure, or the
router/switch is not performing properly.
- List all your network ports by typing:
ifconfig
Check that the status line of both the Capture and Control
ports are "active". If either port does not register as "active" you
have a connectivity problem. Also confirm that the Flags line
for your capture port includes the word "MONITOR". If the Flags line
for the capture port does not state "MONITOR" you need to refer to the
section below on Capture Port issues for more information. Be sure to
resolve the connectivity issues before working the "MONITOR"
issue.
- If you're having throughput problems, you may need to check if you
are expecting your network to run on FULL-DUPLEX. If ifconfig states
you are running on HALF-DUPLEX for that port, you will need to set the
port to the proper duplex setting. Check your man page for the port
driver (i.e. "man em" or "man fxp") for instructions on how to use
ifconfig to set up your port properly. A properly configured Control
port will have an "inet" line with values for the internet address,
netmask and broadcast specific to your environment. It should look
similar to:
inet 10.2.6.11 netmask 0xffff0000 broadcast 10.2.255.255
- Capture Port issues. If your issue is with the Capture
port, please refer to the troubleshooting guide, Chapter 10 Troubleshooting, Section 10.7
Capture and Parse Issues in your NetIntercept manual.
If your NetIntercept appliance is not capturing traffic, check that
NetIntercept is operating properly. First is to look at the icon in
the lower right corner of the GUI. If the "lightning bolt" icon is green,
then NetIntercept believes the capture network is set up properly. A red
lightning bolt indicates no capture network is connected. If the bolt is
green, but you still see no traffic, look at the NetIntercept GUI,
Traffic tab. Set it to "minutes" mode (Traffic tab, select the "Time"
drop down menu, select "Minutes".) If traffic appears, you do have
some physical connectivity. If it looks like there is no traffic,
take a short swipe of the window. At the top of the chart, you will
see "Selection" and it will tell you how many bytes are in the
selection you just swiped. If this continues to state 0 bytes, you
may have physical network problems.
Talking to Yourself
To make sure you can actually use your network capability, you need to
be able to have your own computer "talk to itself". By convention, a
computer calls itself "localhost" and the IP address for localhost is
127.0.0.1. From your NetIntercept console, type:
ping 127.0.0.1
To exit out of the "ping" command, type control-C. If the ping command is
successful, you will get multiple lines appearing slowly on your screen. If
no lines or one line appears, wait about 10 seconds, then hit control-C to
exit. a "100% packet loss" means the ping failed. It can also fail by
giving you a a message indicating that the command has timed out.
Once you confirm that you can communicate to your own computer, now
try to communicate to yourself by using your assigned IP address. For
example, if your computer's address is 123.123.123.123, and your
computer's name is "mycomputer.mysite.com", type
ping 123.123.123.123
Be sure that this trial utilizes your computer's own IP address, not
your computer's resolved name at this point. This test should never
fail. If it does, you will need to reboot your NetIntercept box, and
retest this. If it still fails after reboot, there is a configuration
issue present, and you should contact Sandstorm Enterprises Support for
further instructions.
Exchanging IP Packets Locally
If you've proven you have physical connectivity, you need to start
diagnosing logical local connectivity. You need to contact another
host on the local subnet, by IP Number.
Locate another host on the same local network, and ping it by IP
number. Thus, if another host's IP number was 123.123.12.12, and
the name was "computer2@yoursite.com" you would type:
ping 123.123.12.12
To exit out of the "ping" command, type control-C.
If you get no responses received, you need to use a packet monitor to
diagnose what might be wrong. Re-check your system's settings to
ensure that you are indeed on the same subnet as the computer you wish
to contact.
Note: If you don't know how to calculate if a system is in your local
subnet, consult your local network administrator, refer to RFC 950, or read up
on networking in a good networking book.
Exchanging IP Packets outside your subnet
To check on a computer outside your local subnet, you
will need to find out what your default router is. To find this
default router, type netstat -nr
The first item
under the "Internet" section should have a destination of "default"
and a gateway IP address. If you have no default router, you have not
set up your connectivity properly. This is configured in /etc/rc.conf,
which you can modify by logging in as root and running modrcconf.sh.
To see if you can communicate with a computer outside your local
subnet, select an IP ADDRESS (not a resolved name) of a computer that
is not within your default router, and ping that machine. Please note
that if your system administrators state that your default router is
unping-able, select an IP Address of a computer that is reachable only
through the router, for example, not in your subnet.
Finding your Nameserver
Your nameserver is in the file /etc/resolv.conf. Display the file
(i.e. "cat /etc/resolv.conf") to see the domain name of your network
and the IP address of your nameserver. Ping the nameserver's IP
address to see if you can access it. Note that the nameserver may not
be on your local subnet, and if it is not, and you are having
connectivity issues regarding accessing other systems by name, the
nameserver may be down. In most cases, this host is on your local
subnet. If it isn't, your NetIntercept system just have a router
configured which understands how to route packets to other networks.
The next step is to ping something by name, and include the entire
name. For example, ping sample.example.com, don't simply ping sample.
System Configuration File
To enable the system to set all the options properly
upon each restart, most network configuration information is stored
in the file /etc/rc.conf. When the system boots up, the
settings from this file are applied to the computer, and networking is
enabled per the items in this file.
Modifications to this file must be precise. To allow the NetIntercept
user to easily set up their networks with a minimum possibility of
accidental error, we have supplied the script named
/root/modrcconf.sh, which enables a person logged in as root to
follow prompts to appropriately enter items into /etc/rc.conf,
/etc/resolv.conf, and other system configuration files.
If you have any questions, please contact Sandstorm Enterprises at
support@sandstorm.net, or phone us at 781-333-3200.
| 
Sandstorm Home
Products
