There are number of protocols that are used in network for various purposes.These protocols help perform various tasks in network, e.g running web services, sending email, transfer files, connecting to neighboring computers and so on.
Common Protocols For Network Troubleshooting
Let us begin with some of these protocols that can be very useful while working on a network irrespective of intranet or Internet. This group of protocols are very useful for troubleshooting network issues. Here are some of them : ICMP, Telnet, SSH. Let us see how these work and help us work.
ICMP or Internet Control Message Protocol is one of the most common protocols used for network troubleshooting. Many of us have used command line utilities like ping, traceroute, etc which use this protocol to test connectivity between machines on the network. This protocol help us diagnose whether a particular machine’s network is up or down. We can ping a machine’s ipaddress and the response or icmp reply will tell us whether that machine is active or not.Here are some common icmp responses examples.
ping 188.8.131.52 PING 184.108.40.206 (220.127.116.11) 56(84) bytes of data. 64 bytes from 18.104.22.168: icmp_seq=1 ttl=63 time=54.6 ms 64 bytes from 22.214.171.124: icmp_seq=2 ttl=63 time=54.0 ms 64 bytes from 126.96.36.199: icmp_seq=3 ttl=63 time=53.8 ms
The above response shows that the destination machine with ip 188.8.131.52 is active and sending a reply back.
While below response Request timeout means the remote ip 184.108.40.206 is not active.It might be due to various reasons like remote machine may be shutdown, or its Ethernet interface may not be up or they may be a firewall blocking the icmp ports.
ping 220.127.116.11 PING 18.104.22.168 (22.214.171.124): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2
While below response Destination Host Unreachable means there is no machine with the ip address 172.17.42.3 on the network. It is because there is no route to that host, either from the pinging machine, or from it’s gateway.
ping 172.17.42.3 PING 172.17.42.3 (172.17.42.3) 56(84) bytes of data. From 172.17.42.1 icmp_seq=1 Destination Host Unreachable From 172.17.42.1 icmp_seq=2 Destination Host Unreachable From 172.17.42.1 icmp_seq=3 Destination Host Unreachable
Telnet is another very important protocol that helps establishing connectivity with computer on a particular port. It helps testing whether any service is running on that particular port on that machine. By default telnet establishes connection on port 23.But we can specify any port that we would want to connect to using telnet. For instance, if you want to test whether port any service is hosted on port 80 on a remote machine, you can check using telnet.Here is how telnet output looks like.
Connected: means there is a service running on port 80 on remote machine with ip address 126.96.36.199 and it accepts connection.
telnet 188.8.131.52 80 Trying 184.108.40.206... Connected to google-public-dns-a.google.com. Escape character is '^]'.
Operation timed out: means either port 23 is not open or no service is running on port 23 on the remote machine
telnet 220.127.116.11 23 Trying 18.104.22.168... telnet: connect to address 22.214.171.124: Operation timed out telnet: Unable to connect to remote host
Connection refused: means the remote machine 192.168.56.103 does not allow incoming connection on port 80.Service might be running on port 80 but it does not allow others from outside to connect to it due to security reasons.
telnet 192.168.56.103 80 Trying 192.168.56.103... telnet: connect to address 192.168.56.103: Connection refused
Note : It is always a good practice to use both ping and telnet while troubleshooting a network issue.
SSH or Secure Shell is an encrypted network protocol for initiating text-based shell sessions on remote machines in a secure way. The default port for ssh is 22. This is most commonly used in machines with Linux operating systems like centos, ubuntu etc. There are two modes of authentication in ssh for a user to login to a remote machine: Password: You can login to a Linux machine with ssh using a user id and password that is created in that machine and has been granted permission in ssh config.
Password less or Key based: This is key based authentication mode, where is the user who logins has a private and public key pair , public being copied to the remote machine’s ~/.ssh/authorized_keys file.This mode of authentication does not prompt for password once enabled.More details on how to enable ssh key based authentication can be found here: SSH Key Based Authenticationn
Scenario: You have a Linux machine with ip 192.168.56.101.You are unable to login using ssh.Here is how you troubleshoot this issue using the flowchart below.