An excellent Cisco network engineer should be able to solve problems in the fastest and most efficient way in case of network failure. A good troubleshooting tool will bring better efficiency. Today, I will recommend some network troubleshooting tools commonly used by Cisco network engineers.
Network packet capture
The network packet capture has many uses, one of which is troubleshooting. The most common use is to determine whether the network behavior is normal by the number of packets captured. For example, a large number of ARP data packets will be received in the event of an ARP virus outbreak; The attack behavior is often reflected in a large number of data packets (generally, it is not the first step to determine the attack behavior, but it is necessary to capture the packets when determining the attack characteristics); Of course, there are many other cases that can be analyzed by the number of packets captured.
Simple Network Management Protocol (SNMP)
In the enterprise environment, SNMP tools, such as SolarWinds network performance monitor, HPE network node manager i(NNMI) or CA Spectrum, can monitor the health of network devices and specific interfaces. These tools can also set alerts to notify Cisco network engineers when a specific interface or device is down, which helps administrators quickly clear the root cause of network outages.
Protocol analyzer
Protocol judgment: for example, when communicating with win2008 and Win2003, the windows are too small due to incompatibility of windows scale. When the program design is appropriate, the communication changes are extremely slow. These judgments are based on packet capture protocol analysis; In addition, protocol analysis may also be used for SIP communication docking of different manufacturers.
The protocol analyzer is very useful for investigating the data flow to the packet level. Through this tool, you can view the specific interaction between the client and the server. It is a software that intercepts and records data packets. For example, if the connection between a specific PC and the application residing on the server is slow, you can use the protocol analyzer to identify any communication and delay problems or other problems that may be the root cause.
NetFlow analysis
NetFlow is a data exchange mode. Its working principle is that NetFlow uses the standard exchange mode to process the first IP packet data of the data stream and generate a NetFlow cache. Then, the same data is transmitted in the same data stream based on the cache information, and no longer matches the relevant access control policies. NetFlow cache also contains the statistical information of the subsequent data stream.
For example, Plixer’s Scrutinizer or SevOne’s NetFlow tool can be used to drill data for multiple purposes. From the perspective of network troubleshooting, NetFlow analysis can quickly track phenomena such as changes of top-level applications, top-level hosts, and network flow behavior to find problems such as bandwidth pig.
Centralized log system
Decrypting network device logs is a very useful troubleshooting technique. The software we need to use is syslog-ng and php-syslog-ng. The machine installed with syslog-ng and php-syslog-ng (of course, it also needs the support of Apache, PHP and MySQL) serves as the server of the system. All other servers or network devices serve as clients and send syslog information to the syslog-ng-server through UDP protocol. The syslog-ng server records these logs as log files or inserts them into the MySQL database. This operation is simplified by collecting and storing the logs of all network devices into the central repository. Then, the analysis function is used to correlate the log events from multiple devices to identify and quickly solve network problems.
In addition, professional Wi-Fi analyzers, such as Netscout AirMagnet or Ekahau spectrum analyzer, can well solve the needs of enterprises to maintain high reliability and ubiquitous Wi-Fi.
Barry Lachey is a Professional Editor at Zobuz. Previously He has also worked for Moxly Sports and Network Resources “Joe Joe.” He is a graduate of the Kings College at the University of Thames Valley London. You can reach Barry via email or by phone.