Network Path Discovery Tools

 Tracert - Traceroute

Both of these are command-line tools. Both use ICMP for the discovery.

Tracert

Windows uses tracert for path discovery. When executed it will show the path the data takes from the source to the destination. Tracert will list each router (hop) the data passes through. It will also show the round-trip time (RTT). This can help determine if there is congestion at each hop.

Tracert switches:

• -d suppresses name resolution, making the results much quicker
• -h specifies the maximum number of hops, default is 30.
• -4 forces IPv4 only
• -6 forces IPv6 only

There are other switches for most of these command line tools, just type in the command, space, and enter /? to see all of the available switches.

Traceroute

Traceroute is supported by Linux & Cisco IOS.

The switches and commands are different than tracert but produce the same results.

Ping Commands

 Ping and Switches to Know

Ping is used to see if a system is up and responding. In a Windows environment make sure that network discovery is turned on or you will not receive a response.

To enable network discovery:

Click the start button in Windows

Select on the left side the Setting icon

Select Network & Internet

Select Ethernet

On the right-hand side select Network and Sharing Center

Then select Private and enable Network Discovery

Switches commonly used with ping:

• -t unlimited pings until stopped
• -a to resolve a hostname to an IP address
• -n for the number of echo requests to send
• -4 force using IPv4
• -6 force using IPv6

Error Messaging - ping

 ping Error Messages

Expired in transit

• Routing loop

Destination host unreachable

• No or bad default gateway
• Routing configuration error

No Reply

• Possible routing loop
• Host does not respond

Hardware - Protocols and the OSI Layers

 

OSI Layers

Layer 1 - Physical

• Transceiver
• Repeater
• Hub
• Media Converter
• Modem

Layer 2 - Data Link 

• NIC
• Bridge
• Switch 
• Wireless Access Point
• MAC Address (AKA Layer 2, hardware, & physical address)
• 802.3
• 802.11

Layer 3 - Network

• Router
• Layer 3 Switch
• IP
• IPSec
• ICMP
• IGMP

Layer 4 - Transport

• Multilayer switch
• Load balancer
• Firewalls
• IDS (Intrusion Detection System
• TCP
• UDP

Layer 5 - Session

• Establishes, maintains, & tears down the session

Layer 6 - Presentation

• Data formatting and data translation
• Encryption
• Compression
• IMAP
• JPEG
• MPEG
• SSH
• SSL

Layer 7 - Application

• Multilayer switch
• NGFW
• DNS
• FTP
• HTTP
• HTTPS
• SMTP

OSI Layers, Mnemonics, & How the data is packaged

 OSI (Open Systems Interconnection)

Here is how the OSI is laid out and how the data is packaged, The top 3 layers deal with data, the first layer where encapsulation takes place is Layer 4 (Transport) as it prepares to leave the system.

Traffic Analysis Tools - Part 2

 Network Flow and Data Analyzer

NetFlow - Cisco Product (Rebranded to IPFIX)

This tool collects all the packet metadata, not the entire packet.

A NetFlow exporter can be enabled on network devices such as switches, routers, and firewalls. 

It uses a NetFlow collector to aggregate flows from the exporters. 

Here are some of the items it collects:

• Source and destination MAC addresses

• Source and destination IP addresses

• Source and destination ports

• Packet and byte counts sent and received

• Timestamps

• TCP flags and encapsulated protocols

Traffic Analysis Tools - Part 1

 Throughput Testers

To test the performance of your network, you can transfer a large file between 2 PCs. Take the size of the data and divide it by the time it took for the transfer to complete. There are several online throughput calculators to help you.

The best way to test throughput on your network is to perform the test during the busy part of the day.

Here is a listing of a few throughput testers:

• iperf: iperf
• Ttcp: Ttcp
• bwping: bwping