TCP/IP Troubleshooting Checklists

Kenn's
Tech
Notes

19980103: TCP/IP Troubleshooting Checklists

January/1998
Tech Note #3

This note has been updated! See October/2000, Tech Note #9. For the latest information regarding the revisions to DHCP and TCP/IP network addressing necessitated by the transition to ADSL, please see the ADSL Network Config document at the shop ftp site, or contact Information Systems.

Troubleshooting TCP/IP-related problems is not difficult, but sometimes it is tricky to know where to start. Whether you are working in a school which has just had a router installed, or troubleshooting a network which had previously been working, you may find the following checklists helpful. After the checklists, I've added some more detailed (boring) background material, which should help explain the rationale of the checklists.

Checklist for school-wide Internet problems -

a. At the NT server, ping the router.
- if unsuccessful, check local network wiring, repeaters, and router, also check the TCP/IP configuration (ipconfig /all or winipcfg) for IP address, subnet mask, and default gateway; if you get "bad command or file name" install the TCP/IP protocol.
b. At the NT server, ping mail.wsd1.org.
- if unsuccessful, ping 206.45.96.66; if no system on the network can ping that (the Alpha): power cycle the router, also check with Information Systems to see if the ISDN line is down.
- if you can ping 206.45.96.66, but you can't ping mail.wsd1.org, check the TCP/IP configuration (ipconfig /all or winipcfg) for the DNS server list.
c. Run DHCP Manager, and check the scopes. There should be one active scope for each network card in the machine (usually two).
- Both scopes should show the following global options:
   015 Domain Name: wsd1.winnipeg.mb.ca
   046 WINS/NBT Node Type: 0x8
   044 WINS/NBNS Servers: Usually, 206.45.xx.21. (More exactly, it is the IP address of the first card bound to TCP/IP on the WINS server. If you're not sure, don't worry about this entry. It will not affect current network operation. It has been put in place for future use.)
- The Educational Scope should additionally have these options:
   003 Router: 206.45.xx.1 (full class C) [OR 206.45.xx.65 or .129 (split class C)]
   006 DNS Servers: 206.45.96.66, 204.112.178.11, 130.179.16.67
and these properties:
   Range: 206.45.xx.22 to 206.45.xx.250 mask 255.255.255.0 (full class C)
      [OR 206.45.xx.71 to 206.45.xx.122 or 206.45.xx.135 to 206.45.xx.186 mask 255.255.255.192 (split class C)]
   Lease Duration: 7 days
   Name: Educational Scope
   Comment: Valid IP Addresses
- The Wingate Scope should additionally have this option:
   006 DNS Servers: 192.168.0.1
and these properties:
   Range: 192.168.0.22 to 192.168.0.250 mask 255.255.255.0
   Lease Duration: 7 days
   Name: Wingate Scope
   Comment: Private IP Addresses

Checklist for workstation on educational LAN -

a. Ping the router.
- if unsuccessful, check local network wiring, repeaters, and router, also check the TCP/IP configuration (ipconfig /all or winipcfg) for IP address, subnet mask, and default gateway; if you get "bad command or file name" install the TCP/IP protocol.
b. Ping mail.wsd1.org.
- if unsuccessful, ping 206.45.96.66; if no system on the network can ping that (the Alpha): power cycle the router, also check with Information Systems to see if the ISDN line is down.
- if you can ping 206.45.96.66, but you can't ping mail.wsd1.org, check the TCP/IP configuration (ipconfig /all or winipcfg) for the DNS server list.
Note: if the TCP/IP configuration on a workstation is incorrect, release the IP address lease (using IPCONFIG /RELEASE or WINIPCFG), and reboot. If the problem persists, you will need to correct the configuration problem. This is done at the NT Server, in DHCP Manager, not at the workstation.

Checklist for workstation on administrative LAN -

a. Ping 192.168.0.1.
- if unsuccessful, check local network wiring; if you get "bad command or file name" install the TCP/IP protocol.
b. Ping mail.wsd1.org.
- the ping will be unsuccessful, but you should get the first line:
"Pinging wsd1.org [206.45.100.195] ..."
- if you do not get the IP address returned in the "pinging" line, check the TCP/IP configuration (ipconfig /all or winipcfg) for IP address and subnet mask, and re-check local network wiring.
c. If you can ping 192.168.0.1 (the Wingate server) and you can obtain the IP address for mail.wsd1.org, but Internet applications are not working, check the TCP/IP configuration (ipconfig /all or winipcfg) for default gateway (must be left blank).
d. If no systems on the administrative LAN can access the Internet, but the educational LAN can, stop and restart the Wingate Service on the NT Server. If this doesn't fix the problem, the Wingate service may need to be reconfigured or reinstalled.
e. If only certain systems and/or certain applications on the administrative LAN cannot access the Internet, the client software may not be configured properly. Netscape requires proxy server settings for HTTP and SOCKS. Eudora requires proxy server settings for SMTP and POP3 server. Anzio requires the host connection 192.168.0.1:2000.
Note: if the TCP/IP configuration on a workstation is incorrect, release the IP address lease (using IPCONFIG /RELEASE or WINIPCFG), and reboot. If the problem persists, you will need to correct the configuration problem. This is done at the NT Server, in DHCP Manager, not at the workstation.

TCP/IP Basics -

While the above checklists should help with many problems you might run into, you will fare better if you have a firm understanding of the rationale behind these steps, and especially if you understand why some of the numbers involved vary from school to school, and from network to network. Here then are the basics:

At the bare minimum, a workstation with TCP/IP requires an IP address, subnet mask, and default gateway.

The IP address is a series of four numbers, separated by dots. The IP address identifies the computer (or "host"), and therefore must be unique. No two hosts on the Internet may have the same IP address. For example, the division web server's IP address is 198.163.179.17.

The subnet mask is likewise a series of four numbers, separated by dots. The subnet mask, however, is known only by the host itself. This set of numbers is used by the host when it decides where to send IP datagrams. Any time a computer wishes to communicate with another host on the Internet, it needs to know whether it can address that system locally (ie. it can send the message "direct"), or if it needs to send the information to a gateway that connects to the rest of the Internet (ie. the message needs to be "routed"). The two subnet masks you will see most commonly are 255.255.255.0 and 255.255.255.192.

The default gateway is the IP address of the host (usually a router) which is directly connected to the rest of the Internet. This address must be "local" as far as all clients connected to it on the local area network are concerned. (Ie. When the host compares its own IP address, subnet mask, and the IP address for the default gateway, the default gateway must be locally addressable. The host can only send datagrams to another local host, so if the ultimate destination is non-local, they must first be sent to a local gateway for forwarding. It's sort of like mail. No, that's probably a bad analogy...) In our schools, the default gateway for the educational LANs is the IP address of the router. On the administrative LANs, the default gateway must be left blank, because the proxy server software we are using replaces the functionality of the default gateway.

Perhaps this will make some sense if we work through an example.

Suppose your workstation has the IP address 206.45.xx.78. (Most division LANs addresses begin with 206.45.something. The "xx" can be whatever number you like for the purpose of this example.) The workstation's subnet mask is either going to be 255.255.255.0 or 255.255.255.192. Which it is determines what range of addresses the host will consider local. If the subnet mask is 255.255.255.0, the host will consider 206.45.xx.1 through 206.45.xx.254 all to be local addresses. In such a case, the IP address for the router, which is the default gateway, will customarily be 206.45.xx.1. Such a network is called a "full class C".

If the subnet mask was instead 255.255.255.192, then the host will consider 206.45.xx.65 through 206.45.xx.126 to be local addresses. A subnet mask of 255.255.255.192 may also mean the local subnet ranges from 206.45.xx.129 to 206.45.xx.190. Which range is represented is determined by the host's IP address. Because our example is 206.45.xx.78, which is between 206.45.xx.65 and 206.45.xx.126, we know that that would be the implied local subnet. This smaller subnet is called a "split class C".

Default gateways (router IP addresses) for the split class C subnets are customarily 206.45.xx.65 and 206.45.xx.129.

For this example, our client will have an IP address of 206.45.xx.78, a subnet mask of 255.255.255.0, and a default gateway of 206.45.xx.1. This is sufficient for using the "ping" command to determine whether access to the Internet is available.

Ping sends a simple request for an echo to a host on the Internet: "hello, are you there?"

To confirm that the workstation can see the router, enter the following on the command line (DOS prompt within Windows):

PING 206.45.xx.1
(Remember that "xx" is the appropriate number for your subnet, and that .1 at the end will be .65 or .129 if you have a split class C.)

If the network is working, you should get something like this:

Pinging 206.45.xx.1 with 32 bytes of data:

Reply from 206.45.xx.1: bytes=32 time=4ms TTL=255
Reply from 206.45.xx.1: bytes=32 time=2ms TTL=255
Reply from 206.45.xx.1: bytes=32 time=2ms TTL=255
Reply from 206.45.xx.1: bytes=32 time=2ms TTL=255
If you get:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
then you have problems. The router is down, disconnected, the local network is down, the network card or connector is bad, or your TCP/IP configuration is incorrect. Assuming workstations are logging on to the NT domain and receiving logon validation, connecting to shared resources, etc., you can rule out most of the network hardware components as potential problems, and focus on the router and TCP/IP.

If you get:

Bad command or file name.
install TCP/IP!

Once you have confirmed connectivity to your router, check your connection to the router at the administration building by entering:

PING 206.45.96.66
If this ping is successful, then you have successfully generated an ICMP echo from the division's Alpha. This means that the ISDN line to the administration building is working, and the routers are functional.

To confirm that the administration building's connection to Merlin (our Internet Service Provider) is up:

PING 204.112.178.11
This is the address of MBnet's DNS server. If you can ping this host successfully, you are connected to the Internet. (Unless MBnet is having problems, of course!)

However, simply being able to ping IP addresses, while helpful in determining line status, is not sufficient for running Internet applications. You need to be able to use IP names instead of IP addresses. Although every host on the Internet has a unique IP address, Internet applications don't usually use the address. They use the name, instead. Each name corresponds to an address. For example, the division web server, which is 198.163.179.17, has the IP name www.winnipeg.mb.ca. In order to be able to use IP names, you must specify one or more DNS servers in the client's TCP/IP setup.

To see a client's DNS server list, type:

IPCONFIG /ALL
at the command prompt, for Windows for Workgroups 3.11 or Windows NT. The information provided in Windows NT may exceed one screen, in which case type:

IPCONFIG /ALL|MORE
In Windows 95, run:

WINIPCFG
The standard set of DNS servers in the division is: 206.45.96.66, 204.112.178.11, 130.179.16.67.

On workstations, the list of DNS servers is obtained via DHCP. On servers, this information is entered manually.

To confirm DNS is working, enter:

ping mail.wsd1.org
You should get something like:

Pinging wsd1.org [206.45.100.195] with 32 bytes of data:

Reply from 206.45.100.195: bytes=32 time=56ms TTL=126
Reply from 206.45.100.195: bytes=32 time=32ms TTL=126
Reply from 206.45.100.195: bytes=32 time=30ms TTL=126
Reply from 206.45.100.195: bytes=32 time=29ms TTL=126
Note that for the purposes of establishing whether DNS is working, only the first line is important here! As soon as you seen "Pinging wsd1.org [206.45.100.195]" you know that DNS is working, because the IP name has been translated to an IP address. On an administrative LAN, this ping will always be unsuccessful, because there is no default gateway and the proxy server does not relay pings. It is useful only for checking whether DNS is working. On administrative LANs, to check network connectivity, ping 192.168.0.1, the address of the card in the NT server which is running Wingate.

The administrative LANs in all schools use the same addresses: 192.168.0.1 to 192.168.0.254. These addresses are reserved by international convention for private use. That means that you can never see these addresses on the Internet. The proxy server software we use - Wingate - "listens" to requests from that segment via the network card at 192.168.0.1, and sends and receives IP datagrams on behalf of the clients on the administrative LAN via the network card on the educational LAN (206.45.xx.21).

In order for the clients on the administrative LAN to access the Internet, the client software must be configured to use proxies. In a web browser, you need to set the HTTP proxy to 192.168.0.1, port 80 and the SOCKS host to 192.168.0.1, port 1080. In Eudora, you need to set the SMTP server to 192.168.0.1 and the POP account to userid#mailserver@192.168.0.1. Anzio requires a connection to 192.168.0.1, port 2000. In Wingate, corresponding proxies are set on each of these ports, to ensure that Wingate can send and retrieve the data for these applications. Wingate also has a DNS proxy, which is why you need to set the DNS server setting in the administrative LAN clients to 192.168.0.1.

Finally, a reminder: TCP/IP configuration is done entirely via Windows NT. The NT server's configuration is set manually in the Network Control Panel. All workstations' configurations are determined automatically by the scopes which are configured in DHCP Manager. If it becomes necessary to make changes to a scope, all the workstations should have their IP address leases released and renewed.

DISCLAIMER: This document is intended for the reference of computer support personnel within Winnipeg School Division No. 1. There is no warranty or liability if procedures recommended here have an adverse affect on any systems. Use them at your own risk. Any trademarks mentioned are the property of their owners, none of whom have certified any information provided here. Opinions expressed here are personal only and do not represent the policy of Winnipeg School Division No. 1 or any other organization anywhere.


Got a Tech Note to share? Submissions are most welcome! [Click here.]
To return to the Tech Notes home page, click here.
To download a copy of all the January/1998 Tech Notes in Rich Text Format, click here.
Click here to visit the Information "Super-Cul-De-Sac". This page was updated
2001 June 9

This page hosted by
Get your own Free Homepage
Check out my neighbours here in Silicon Valley Peaks by clicking here.