ISA Server troubleshooting Tool
10.1.1.6 Network Monitor
Network Monitor or NetMon is a tool used to capture and display frames received by Windows2000 from the LAN. To simplify network communication analysis, 40 common network protocols are combined for network monitor differentiation. This means that for most network communications, the network monitor actually displays all information related to network sessions, including source and destination ports and addresses, server responses, and effective communication.
The following is an example of frame content from a network monitor trace file or captured:
Network Monitor trace wed 03/07/2001 08:55:17 am capture1.txt
Frame: Base Frame Properties
Ethernet: etype = ox0800: protoco: IP: DOD Internet protoco
IP: IP = 0xad6; proto = TCP; Len: 327
TCP: Ap..., Len: 287.seq: 3184161250.3184161537, Ack: 4040781620, win: 17520, Src: 1225 DST: 80
HTTP: GET request (from client using port 1225 ).
For each frame displayed, the encapsulation protocols included in the display are arranged from the exterior of the frame to the interior, or from the Internet perspective in the ascending order of the lowest layer. Click the number of each row to display more information about the given protocol. The second row, called frame, is the frame captured by the introduction added by the Network Monitor. Line 3 shows the data link layer protocol (Ethernet in this example) that places frames on the network ). This type of protocol represents the lowest-layer protocol in the frame and corresponds to the layer 2nd of the OSI model. The next step is the network layer protocol or 3rd layer. In this example, the IP protocol is used. The next step is the transport layer protocol, or the 4th layer, which is the TCP protocol in the given frame. Finally, in this example, HTTP is the highest level protocol in the frame.
Each protocol layer contains information related to the current connection or transmission. For example, in a TCP row, the SRC and DST parameters represent the source port and destination port of the TCP connection related to frames or packets. In this packet, the source port is TCP port 1225 of the client, and the destination port is TCP port 80. By viewing the TCP or UDP lines in the frames captured in the network monitor, you can find the source and destination of network communication. This is an essential tool for firewall configuration.
In addition, by creating network activity tracking, you can analyze network communication and determine the source of network problems. For example, if the user complains about the login delay through the VPN connection. After the network monitor capture is run, the trace displays the communication traffic between L2TP and PPTP during logon. When the locaisa VPN wizard is configured to connect to a remote network, L2TP is used by default. When L2TP is unavailable, PPTP is used. If L2TP is unavailable on the remote VPN Server, your user may encounter a login delay when connecting through these two protocols. You can use the network monitor to find out when L2TP is unavailable. In this way, you can configure the ISA Server to connect to the remote VPN Server through the PPTP protocol to improve the login latency.
Even if no VPN is used in the network environment, network monitor capture can also display protocols that are not needed for network communication and cause slow network speed. For example, a dedicated LAN connection does not require the tunnel protocol PPTP.
10.1.2 route table
Each computer that uses TCP/IP as the network protocol has a route table. The route from one computer to another depends on the route table of the computer that sends the packet.
The route command line tool can be used to view and modify route tables. Enter route print in the command line to display the local route table. 10.2.
10.1.2.1 route Decision Process
To use a single route to forward an IP packet, the IP protocol uses the route table for the following processing:
1. for each route entry in the route table, the IP protocol performs a logical and operation between the subnet mask and the destination IP address to determine whether the network is local or remote. The IP protocol compares the operation results with the network objective to see if they match. If yes, the IP protocol marks the route as a route that matches the destination IP address.
2. In the matched route list, IP protocol determines the route with the most subnet mask bits. The maximum number of digits that the route matches with the destination IP address. Therefore, it is the most accurate route for this IP packet. This process is to find the longest or closest matching route.
3. If several matching routes are found, IP protocol uses the route with the lowest measurement value.
4. If several matching routes are found with the lowest measurement value, IP protocol selects a route randomly.
The final result of the route decision process is to select a single route in the routing table. If a proper route is not found in this process, IP protocol reports a route error.
10.1.2.2 route table troubleshooting
Practical Use of IPProgram, Such as ping and tracert, you can determine when some network segments are inaccessible to the rest of the network. When installing ISA server in a complex network, you can use the route command to modify the route table and configure feasible routes for all network segments. For example, if the ISA server does not have an interface on a given (remote) subnet, you need to add a static route to allow network communication to be forwarded to this subnet. (Static Routing is a route entry that cannot automatically appear in the route table ).
To add a static route, use the route utility as follows.
Route add 172.16.41.0 mask limit 255.0 172.16.40.1 metric 2
In this example, the route add command indicates that to use mask 255.255.255.0 to reach subnet 172.16.41.0, you must use the gateway 172.16.40.1. Note: In this example, set the measurement value to 2 because the subnet is two hops. (The measurement value is usually the number of hops to the network, or the number of routers that pass through ). In this example, you also need to add a static route in the downstream router to inform the data packet of how to return to the 172.16.40.0/24 subnet.
Because the route table on the computer is automatically re-created every time it is restarted, you need to add a persistent route entry in the routing table so that the static route entry can be retained in the routing table. Each time a route table is rebuilt, the persistent items are automatically inserted into the routing table. You can use the route add-p command to add persistent items.
Static Routing can also be added through the Routing and Remote Access console in Windows2000. When this method is used, all static routes are processed as persistent items.
Follow these steps to add a static route entry to Routing and Remote Access:
1. Click Start, point to programs | Administrative Tools, and click Routing and Remote Access.
2. Double-click IP routing and expand the object.
3. Right-click static routes and select new static route.
The static route dialog box appears.
4. Complete Static Routing fields if necessary.