How do you diagnose network issues on Windows?

Question

I often run into problems where I can't get something to connect to something else. I usually forget to check something obvious. Can you help with:

• A tip/technique for diagnosing a connection issue
• The name of a tool or application that can help (and the situation in which it's useful)

I know the question is a little non-specific, but hopefully the answers can form a useful starting point for anybody who's stuck trying to get computers/programs talking to each other.

Please can you give one answer per answer so the best ones can be voted up.

Answer 1

You need to be use the process of elimination, for example if you can ping the ip address but not the hostname then there's DNS issues. If you can ping the system but not connect to a share etc.

Answer 2

When in doubt, check to see if the windows firewall is messing with your communications. 8 times out of 10, it's at fault.

Answer 3

Wireshark

Latest versions of ProcMon

netstat

Answer 4

Using tracert is a good start to see how far along the chain you are getting.

For virtual machines it's usally a good idea to make sure you have the loopback adapter set correctly in the Host os.

Answer 5

• Most frequently used tool is the ping. It can be used both to test your connection and the availability of a target
• Second tool is the tracert if you want to see where the packets get lost.
• For more advanced debugging I use the following tools: nmap, wireshark, etc.

Answer 6

Windows has a netstat utility which is pretty similar to the Unix netstat and can do a number of different things that might help you solve network issues.

Random example:

netstat -r displays routing information

netstat /? for usage information

Answer 7

Since you said you're using 2 virtual machines I would hazard a guess that both machines are setup in a NAT configuration (rather than a unique network device) -- In the NAT configuration, neither machine would (typically) be able to ping the other.

If you're familiar with the command line, you can try the "netstat" command.

You can also try "arp -a" to list all the IP/MAC addresses known to your PC.

The "tracert [ip address]" command will show you how many gateways/routers your packets jump through on their way to their destination. (This is probably not helpful if both machines are on the same network, though.)

And don't forget to check your Windows firewall settings.

Otherwise, if you want to get down and dirty, you can try the packet sniffer known as Wireshark: http://www.wireshark.org/ (aka. Ethereal)

Answer 8

Pull the network cable out

If you can get some communications to a device (eg a ping), but can't get your program to talk to a service on the computer. Then, try pulling the network cable out and see if the ping stops. This will verify you're communicating with the computer you really think you are.

Answer 9

Wireshark www.wireshark.org

Wireshark is a network protocol analyzer for Unix and Windows.

Features:

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text.

Answer 10

work the OSI model from the bottom up

1. Physical (Do you have a network adapter/connection)

2. Link layer (arp, ethernet port blocked by network team (I've seen this where locked down environments see two MAC addresses coming from one workstation port and shut down the port)

3. Network layer (ipconfig, tracert, ping,)
   • Do you have a network address (DHCP, fixed)
   • Are you on a proper subnet/have routing between subnets
   • Is something in the middle blocking you
   • firewalls, routing tables

Answer 11

Simple checks to run when debugging network problems:

1. Has each machine got an IP address, Go to command prompt and run ipconfig. Key things to check here are the interfaces and ensuring the appropriate ones have IP addresses.
2. Check both machines IP addresses are in the same range and subnet if you are running it on an internal or Virtual network.
3. Try pinging each machine from the other to see if they can communicate with each other. Note that some firewalls will block ping requests.
4. If Pinging fails then check to see if firewalls are active. If the communication is within a 'safe' internal network then try disabling the firewalls and re-pinging.
5. If the connections are over a wireless network then check signal strength.
6. If pinging fails and you are connecting through several networks then try running a tracert to see at which will may show you where on the network the connection is failing.
7. If you are able to ping but not connect then check firewall settings and network connection settings. Windows 2000+ has the capability of setting port an ip access on a connection properties.
8. Try drawing a network diagram of the connections to help in visualising the problem.
9. If you are connecting through routers, firewalls and loadbalancers then check that all devices are not tied to any specific ip addresses and that the IP address redirection (if in place) is correct. Also check any NAT logs to see if connections are being received and properly re-directed.

Answer 12

DNS out of sync

If you're using a virtual machine and you perform a roll-back on it, then it could become out of sync with the DNS (Domain name server). Try to remove and re-add the machine to the domain, or if you've got access to the DNS machine, then get it to flush its cache.