CHAPTER 12 : Network Troubleshooting Methodology 616
(for example, how much hard disk space is available). To install the
SNMP service on a Windows computer, you need to be logged on as
a member of the Administrators group. The SNMP agent software is
installed as a Windows Component and runs as a service.
 Telnet Telnet is a TCP/IP-based service that allows users to log
onto a computer from a remote location, run character-mode or
command-line utilities on the remote computer or device, and view
files on a remote device. Windows 2000 and 2003 Server computers
include both Telnet server and Telnet client software, while
Windows client operating systems such as Windows 2000 and XP
Professional only include the Telnet client. Telnet differs from FTP
in that you cannot transfer files from one computer to another
(upload or download). Telnet is often used to access a UNIX shell
account on an ISP’s server and delete e-mail messages directly from
the server without downloading them to the local machine. The
Telnet server service uses TCP port 23 to listen for Telnet requests.
 SMTP The Simple Mail Transfer Protocol is used for sending
e-mail messages, typically across the Internet. SMTP is a simple
ASCII protocol and is not vendor-specific. Because SMTP has
limited capability in queuing messages at the receiving end, most
e-mail client programs use SMTP for sending e-mail only, and
either Post Office Protocol version 3 (POP3) or Internet Message
Access Protocol (IMAP) for storing any messages that are received
by an e-mail server. The SMTP service uses TCP port 25 to send
messages using SMTP.
 HTTP The HyperText Transfer Protocol is perhaps the most
familiar of the application layer protocols because it is used on the
World Wide Web, the most popular Internet service. HTTP allows
Exam Warning
SNMP management software is not currently included with the Windows operating

system and has to be purchased and installed separately.
Exam Day Tip
Because it usually sends usernames and passwords in clear-text the use of Telnet has
been almost entirely superseded by Secure Shell Host (SSH). If you are troubleshooting
a remote device like a router or a switch, you can use SSH for better security whenever
required.
Troubleshooting the Application Layer 617
computers to exchange files in various formats (text, graphic images,
sound, video, and other multimedia files) via client software called
a Web browser. A computer running a Web server program, such as
Microsoft’s Internet Information Server, stores files in HyperText
Markup Language (HTML) format that can be accessed by the client
browser. These HTML pages often contain hyperlinks for quickly
and automatically connecting to other files on the Internet, on an
intranet, or on the local machine. The HTTP protocol uses TCP
port 80 to send and receive information to Web servers and clients.
 NNTP Network News Transfer Protocol (NNTP) is used for managing
messages posted to private and public newsgroups. NNTP servers
provide for storage of newsgroup posts, which can be downloaded by
client software called a newsreader. Windows 2000 and 2003 Server
include an NNTP server as a part of IIS. Outlook Express, which is
part of the Internet Explorer software included with Windows 2000,
XP, and 2003, provides both an e-mail client and a newsreader. The
NNTP service defaults to using TCP port 119.
 DNS The Domain Name System is used by most of the other
applications in the TCP/IP suite to resolve hostnames to IP addresses.
A Web browser, for example, cannot establish a connection to a Web
server unless it knows the IP address of the server. DNS is used to
resolve hostnames, such as www.microsoft.com, to IP addresses.
DNS is a distributed database that is essential for TCP/IP to be used

on a massive Internet-sized scale. It provides a function that hides
the complexity of IP addresses from users, and makes things such as
e-mail and the World Wide Web much easier to use.
 DHCP The Dynamic Host Control Protocol is used to dynamically
assign TCP/IP addresses and configuration information to clients and
servers. IP addressing information is leased by a DHCP server for a
specific period of time, usually three days, before the lease must be
renewed by the client. You can also use a DHCP server to centrally
configure TCP/IP client options such as the default gateway, subnet
mask, and DNS servers for your DHCP clients. This is particularly
convenient because if you need to change one of these options you
can change it once on the DHCP server rather than needing to make
a change on every single client in your environment. Windows NT,
2000, 2003, and UNIX/Linux servers can act as a DHCP server;
all Windows and UNIX/Linux can act as clients. You can use the
ipconfig /release and ipconfig /renew commands to refresh the DHCP
configuration on a particular workstation.
CHAPTER 12 : Network Troubleshooting Methodology 618
Determining the Impact of Modifying, Adding or Removing
Network Services for Network Resources and Users
Because the application layer is the layer at which name resolution services
like DNS and WINS (Windows Internet Naming Service) function, this is
the layer you’ll be working at if you run into a troubleshooting scenario
involving clients that cannot access resources using their Fully Qualified
Domain Names (FQDNs) or NetBIOS names.
This builds from the troubleshooting that you performed at all of the layers
below: at the physical layer, you looked for broken cables or malfunctioning
NICs to isolate physical connectivity problems. At the network layer, you
used ping and tracert (or traceroute for a UNIX/Linux computer) to determine
if network packets were being properly routed from one host to another.

Troubleshooting the application layer means that all of the underlying layers
are functioning properly, but your clients are still running into problems.
If you can ping a remote host using its IP address, but pinging its FQDN
returns a Request Timed Out error, then you have an issue with DNS name
resolution. You can use nslookup or dig to troubleshoot an existing DNS
server, as we discussed in the previous chapter. If, on the other hand, you are
working on an internal network that doesn’t have a DNS server in place, you
should consider implementing one so that your clients can access remote
resources by using easy-to-remember hostnames rather than IP addresses.
Likewise, if your clients are unable to access remote hosts using their
NetBIOS names, but they are able to access computers using their associated
IP addresses, then you need to put a mechanism in place to allow your
clients to perform NetBIOS name resolution. This is especially necessary to
allow access to file and print services on a Windows network, because these
services rely heavily on NetBIOS name resolution. On a small network with
only two or three hosts, you can do this by placing an lmhosts file on each
computer. An lmhosts file is a plain text file that includes the IP address of
the host in question, followed by its NetBIOS name, as you can see here:
10.0.0.8 SERVER1
10.0.0.1 SERVER2
10.0.0.105 SERVER3
Exam Warning
Windows DHCP clients are able to use Automatic Private IP Addressing (APIPA) if
they are unable to contact a DHCP server. This allows for limited connectivity using the
169.254.0.0 Class B address that does not include DNS name resolution or a default
gateway.
Troubleshooting the Application Layer 619
Once you go beyond a small number of clients and hosts, though,
lmhosts files become difficult to manage. For larger networks, you should
install a WINS server to provide NetBIOS name resolution on a larger

scale, and configure your network clients to use this WINS server to reg-
ister their NetBIOS names so that other clients can locate the resources
that they need. You can think of a WINS server as performing the same
function for NetBIOS name resolution that DNS does for Internet-based
name resolution.
Layer 7 Troubleshooting
You’ll probably spend quite a bit of time troubleshooting application layer
issues, because these are the most visible to an end user. This can be some-
thing as simple as “My Internet Explorer won’t work” to troubleshooting
mail routing issues for an e-mail server that’s running SMTP. One of the
most useful utilities for troubleshooting application layer protocols is Telnet,
because you can use this tool to connect to many different application layer
services by specifying the port that’s used by the service. So you can Telnet
to a Web server, specifying port 80, to see if the Web server is listening on
that port. If the Web server doesn’t respond, then you know that something
is wrong with the Web service on that particular server. On the other hand, if
you can successfully Telnet to port 80, then you know that the problem lies
elsewhere and you can concentrate your troubleshooting efforts on problems
with client configuration or name resolution.
Identifying a Client’s Remote Network Access Problem
There are multiple reasons that a client may encounter connectivity problems
in gaining access to the network or network resources. In Exercise 12.3,
we’ll go through the steps of troubleshooting the SMTP service on an e-mail
server by using Telnet.
Test Day Tip
For a small number of clients, you can use a local host file for basic DNS resolution. A
host file provides a similar format as an lmhosts file, except that it will use FQDNs instead
of NetBIOS names.
Exam Day Tip
To troubleshoot name resolution problems, you can use the nslookup utility that we

discussed at length in Chapter 11.
CHAPTER 12 : Network Troubleshooting Methodology 620
EXERCISE 12.3 Using Telnet to Troubleshoot FTP
Click 1. Start | All Programs | Accessories | Command Prompt to
access the Windows command prompt.
Type 2. telnet servername 25. Servername indicates the IP address
or DNS name of the e-mail server that you are troubleshooting. 25
specifies that you are Telnetting to port 25 of that server. So to con-
nect to the mail.example.com server, you would type telnet mail.
example.com 25 at the command prompt. If this is successful,
you’ll see something like this:
220 mail.example.com Microsoft Exchange Internet Mail
Connector
From here, you can try to send a test e-mail message directly from 3.
the Telnet window. Begin by typing the following (substitute the
domain of a valid e-mail address for example.com):
HELO example.com
If this command works, you’ll see the following:4.
250 OK
Next, specify the e-mail address that the test message is from by 5.
entering the following, using a valid e-mail address:
MAIL FROM:
If this was successful, you’ll see the following:6.
250 OK – MAIL FROM
Next, specify the e-mail address to send the test message to. Type 7.
the following, using a valid recipient address that’s located on the
server you’re testing (so if you’re troubleshooting the example.com
e-mail server, try sending a test message to
rather than ). Use the following syntax to
specify the recipient’s e-mail address:

RCPT TO:
If this was successful, you’ll see the following:8.
250 OK – Recipient
Type 9. DATA to begin entering the text of your message. Then type
the text of the test message that you want to send.
Summary of Exam Objectives 621
To let the SMTP server know that you’re finished, type a period (.) 10.
on a blank line and then press Enter. If the message was created
successfully, you’ll see the following:
250 OK
Type 11. QUIT to exit the Telnet session. Verify that the recipient
received the test message. If it did not, you can check the error logs
generated by the e-mail server, as well as the configuration of the
recipient’s e-mail client.
SUMMARY OF EXAM OBJECTIVES
Troubleshooting TCP/IP and other network connectivity issues is made
easier if you follow the “10 Commandments of Troubleshooting”:
Know thy network.1.
Use the tools of the trade.2.
Take it one change at a time.3.
Isolate the problem.4.
Recreate the problem.5.
Don’t overlook the obvious.6.
Try the easy way first.7.
Document what you do.8.
Practice the art of patience.9.
Seek help from others when you need it.10.
There is a great deal of troubleshooting information for TCP/IP and other
network issues. Be sure to take advantage of the following:
Microsoft documentation, including Help files, the resource kits, white 

papers, TechNet, official newsgroups, and the Microsoft Web site.
Third-party documentation, including Internet mailing lists, 
Usenet public newsgroups, Web resources, local user groups, and
books and magazines.
Following an organized set of troubleshooting steps allows you to
organize the troubleshooting process and makes it less likely that you will
CHAPTER 12 : Network Troubleshooting Methodology 622
overlook something important along the way. The problem-solving models
used by other professions can be applied to network troubleshooting as well.
Gathering information is always one of the first steps in problem solving. In
network troubleshooting, as in most areas, this involves asking questions.
Which questions to ask (and of whom) vary according to the situation, but
the following can serve as a guideline to get you started::
Exactly what task were you trying to perform when the problem 
occurred?
Were you doing anything else in addition to this primary task at the 
time?
What error message(s), if any, were displayed?
Is anyone else on the network experiencing the same problem?
Have you ever been able to perform this task on this computer?
When was the last time you were able to do so?
What changes have occurred since the last time you were able to do so?
To make a diagnosis or analysis of the information, you must organize
it in a logical manner. This means learning to sift through and discard
irrelevant information, and looking for patterns in the data. This also means
setting priorities according to such factors as who is affected by the problem,
how many are affected by the problem, and what production activities are
affected by the problem, and how often the problem occurs. Solutions, once
formulated, should also be prioritized according to cost, time involved,
longevity, and long-term effect on performance.

EXAM OBJECTIVES FAST TRACK
How to Use the OSI Model in Troubleshooting
Being able to isolate which layer a problem stems from allows you 
to identify the types of components that may be involved in the
issue, thus helping you troubleshoot the problem.
You should remember that the OSI model consists of seven lay-
ers. When one computer communicates with another one, data at
the sending computer is passed from one layer to the next until the
physical layer finally puts it out onto the network cable.
The most important thing that you can do when troubleshooting

is to be organized and methodical in your approach to solving
Exam Objectives Fast Track 623
problems. If you work in a rushed fashion, you’re likely to miss
a crucial troubleshooting step or forget what you did to solve the
problem the next time it occurs. When you are troubleshooting,
remember the seven general steps outlined in this chapter.
Troubleshooting the Physical Layer
The physical layer is the lowest layer of the OSI model, and it 
is concerned with the physical cabling and network devices that
connect you to the network.
Troubleshooting often begins at the physical layer, where you 
need to determine if your network cards, hubs, and cabling are
functioning and connected correctly.
Be sure that you are using the correct type of NIC for your 
network type and the correct cabling to allow for network
connectivity.
Troubleshooting the Data Link Layer
The data link layer is responsible for taking the information it gets 
from the physical layer and organizing it into frames.

The devices that operate at the data link layer are switches and 
bridges. Troubleshooting these devices includes verifying that the
correct frame type is being used and that any VLANs are configured
correctly.
The Spanning Tree Protocol (STP) can be used to prevent the 
possibility of loops on a switched or bridged network.
Troubleshooting the Network Layer
A great deal of your troubleshooting time will be spent at the 
network layer, as this actually controls how traffic is transmitted or
routed between two computers.
The most important device that operates at the network layer is the 
router, and router troubleshooting will include troubleshooting the
physical device as well as how it is configured.
ICMP operates at the network layer, and it is used to provide

troubleshooting information for TCP/IP troubleshooting utilities
such as ping, tracert, and traceroute.
CHAPTER 12 : Network Troubleshooting Methodology 624
Troubleshooting the Transport Layer
The TCP and the UDP both exist at the transport layer, which controls 
whether communications between computers are connection-oriented
and acknowledged, or connectionless with low overhead.
Use  netstat –a to see a list of which TCP and UDP ports are
currently listening on a particular server.
You can use Telnet to test connectivity at the transport layer in 
addition to testing the application layer.
Troubleshooting the Session Layer
The session layer controls how two computers will create, 
maintain, and tear down a conversation (also called a session)
between them.

The session layer also controls whether a connection is full-duplex 
(able to transmit in both directions simultaneously), or half-duplex
(only able to transmit in one direction at a time).
A mismatch in full- versus half-duplex can create significant 
performance degradation between two computers that are
attempting to communicate.
Troubleshooting the Presentation Layer
The presentation layer handles the way that data is formatted 
between different systems, such as translating text from a system
that uses EBCDIC encoding and one that uses ASCII.
In many cases, the function of the presentation layer is handled by 
the application layer service like HTTP, so isolating presentation
layer problems can be difficult.
Certain types of gateways also function at the presentation layer, 
such as Gateway Service for Netware in Windows 2000 Server.
Troubleshooting the Application Layer
The application layer is the top layer of the OSI model, and it pro-
vides services to actual end user applications on the desktop or server.
Be sure that you understand the difference between the application 
layer protocol, like HTTP, and the actual application that it
supports, like Internet Explorer.
Exam Objectives Frequently Asked Questions 625
You can use Telnet to connect to specific ports on a server to see if 
the HTTP, SMTP, and FTP protocols are functioning.
EXAM OBJECTIVES FREQUENTLY ASKED QUESTIONS
Is it possible for me to disable NetBIOS over TCP/IP (NetBT)?Q:
Microsoft states that you can remove NetBT once you have a pure A:
Windows 2000 environment. Because WINS relies on NetBT, you
cannot disable NetBT until you are no longer relying on WINS for
name resolution. Additionally, legacy applications and logon scripts

often use NetBIOS names, and these must be modified to use DNS
name resolution before you can remove NetBT. You can disable
NetBT via DHCP on Windows 2000 clients when you are ready to
make the change.
What types of networks are most likely to use OSPF instead of RIP?Q:
Large enterprise networks and very large internetworks, A:
such as corporate campuses and global networks. Microsoft
documentation generally recommends that OSPF be used for
internetworks that include more than 50 networks. OSPF is also
appropriate for networks in which the topology changes frequently,
and those that include more than one path between pairs of end-
points.
What is a gateway, and why would I need one?Q:
The word A: gateway has many different meanings in the Information
Technology (IT) world. A protocol-translating gateway translates
between different protocols. Think of it as the United Nations inter-
preter of the networking world. If the president of the United States
needs to exchange information with the chancellor of Germany, but
neither speaks the other’s language, they can call in someone who
is fluent in both to help them get their messages across. Similarly, if
a mainframe system and a Windows 2000 computer need to com-
municate with one another – perhaps the mainframe has important
files that need to be accessed by the PC – but they don’t know how
to “talk” to each other, you can install a gateway to clear up the con-
fusion. The gateway is even more skilled than the interpreter is; it
actually fools the mainframe into believing it’s communicating with
another mainframe, and makes the PC think it is having a “con-
versation” with a fellow PC. Gateway is also the term used to refer
to the address of a router that connects your network to another,
acting as the gateway to the “outside world”.