Lessons & Learnings

from real life experiences and examples

Network Protocols - Part I

There are number of protocols that are used in network for various purposes.These protocols help perform various tasks in network, e.g running web services, sending email, transfer files, connecting to neighboring computers and so on.

Common Protocols For Network Troubleshooting

Let us begin with some of these protocols that can be very useful while working on a network irrespective of intranet or Internet. This group of protocols are very useful for troubleshooting network issues. Here are some of them : ICMP, Telnet, SSH. Let us see how these work and help us work.

ICMP:

ICMP or Internet Control Message Protocol is one of the most common protocols used for network troubleshooting. Many of us have used command line utilities like ping, traceroute, etc which use this protocol to test connectivity between machines on the network. This protocol help us diagnose whether a particular machine’s network is up or down. We can ping a machine’s ipaddress and the response or icmp reply will tell us whether that machine is active or not.Here are some common icmp responses examples.

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=54.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=54.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=63 time=53.8 ms

The above response shows that the destination machine with ip 8.8.8.8 is active and sending a reply back.
While below response Request timeout means the remote ip 9.9.9.9 is not active.It might be due to various reasons like remote machine may be shutdown, or its Ethernet interface may not be up or they may be a firewall blocking the icmp ports.

ping 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

While below response Destination Host Unreachable means there is no machine with the ip address 172.17.42.3 on the network. It is because there is no route to that host, either from the pinging machine, or from it’s gateway.

ping 172.17.42.3
PING 172.17.42.3 (172.17.42.3) 56(84) bytes of data.
From 172.17.42.1 icmp_seq=1 Destination Host Unreachable
From 172.17.42.1 icmp_seq=2 Destination Host Unreachable
From 172.17.42.1 icmp_seq=3 Destination Host Unreachable 

Telnet:

Telnet is another very important protocol that helps establishing connectivity with computer on a particular port. It helps testing whether any service is running on that particular port on that machine. By default telnet establishes connection on port 23.But we can specify any port that we would want to connect to using telnet. For instance, if you want to test whether port any service is hosted on port 80 on a remote machine, you can check using telnet.Here is how telnet output looks like.

Connected: means there is a service running on port 80 on remote machine with ip address 8.8.8.8 and it accepts connection.

telnet 8.8.8.8 80
Trying 8.8.8.8...
Connected to google-public-dns-a.google.com.
Escape character is '^]'.

Operation timed out: means either port 23 is not open or no service is running on port 23 on the remote machine

telnet 8.8.8.8 23
Trying 8.8.8.8...
telnet: connect to address 8.8.8.8: Operation timed out
telnet: Unable to connect to remote host

Connection refused: means the remote machine 192.168.56.103 does not allow incoming connection on port 80.Service might be running on port 80 but it does not allow others from outside to connect to it due to security reasons.

telnet 192.168.56.103 80
Trying 192.168.56.103...
telnet: connect to address 192.168.56.103: Connection refused

Note : It is always a good practice to use both ping and telnet while troubleshooting a network issue.

SSH:

SSH or Secure Shell is an encrypted network protocol for initiating text-based shell sessions on remote machines in a secure way. The default port for ssh is 22. This is most commonly used in machines with Linux operating systems like centos, ubuntu etc. There are two modes of authentication in ssh for a user to login to a remote machine: Password: You can login to a Linux machine with ssh using a user id and password that is created in that machine and has been granted permission in ssh config.

Password less or Key based: This is key based authentication mode, where is the user who logins has a private and public key pair , public being copied to the remote machine’s ~/.ssh/authorized_keys file.This mode of authentication does not prompt for password once enabled.More details on how to enable ssh key based authentication can be found here: SSH Key Based Authenticationn

Exercises

Scenario: You have a Linux machine with ip 192.168.56.101.You are unable to login using ssh.Here is how you troubleshoot this issue using the flowchart below.

Next
Previous

Comments