12. Resource Monitor
Windows 7 provides Resource
Monitor so that you can view processor, disk, network, and memory
utilization. Open Resource Monitor in one of two primary ways:
Click Start, All Programs, Accessories, System Tools, and Resource Monitor.
Open Task Manager, click the Performance tab, and then click Resource Monitor.
In the context of troubleshooting
network issues, the Network section is the most interesting section of
the Resource Monitor. The Network section displays bytes per minute that
each process on your computer is using. With this information, you can
identify a process that is transmitting large amounts of data and stop
it if it should not be communicating on the network. To identify and
terminate a process that is using the network, follow these steps:
Expand the Network section. Click the Total column heading to sort the process list by bandwidth utilization.
The
topmost process is sending and receiving the most data. Make note of
the process name (in the Image column), the PID, and the remote computer
(in the Address column). If this is enough information to identify the
process, you can close the application now.
If
the process is SvcHost.exe, you might not be able to identify the
specific application generating the network traffic, because it is a
Windows feature (or it is using a feature for communications). If it is a
different process, open Task Manager.
In Task Manager, click the Processes tab, click the View menu, and then click Select Columns.
In the Select Process Page Columns dialog box, select the PID check box. Click OK.
Click
the PID column to sort by process ID. Click the process that
corresponds to the PID you identified as generating the network traffic
using the Resource Monitor. If the PID does not appear, click Show
Processes From All Users.
To identify the service, right-click the service and then click Go To Service. To stop the process, click End Process.
In most cases, an application
that is sending or transmitting a large amount of data has a legitimate
need for that data, and you should not terminate it. However, in some
cases, the process may be associated with malware. Verify that the
computer has Windows Defender enabled and that Windows Defender is up to
date.
13. Ping
Ping is of limited usefulness today because most new computers drop Ping requests (which use ICMP). Therefore, you might ping a computer that is connected to the network
but not receive any response. Additionally, a computer might respond to
Ping requests even if a firewall is dropping all other
traffic—misleading you into thinking that you had connectivity.
However, Ping is still the
best tool to easily monitor network connectivity on an ongoing basis.
After using PathPing to identify network hosts that respond to ICMP
requests, you can use Ping to constantly submit Ping requests and
thereby easily determine whether you currently have connectivity to the
host. If you are experiencing intermittent connectivity problems, a Ping
loop will indicate whether your connection is active at any given time.
To start a Ping loop, run the following command.
ping -t hostname
Replies indicate that the
packet was sent successfully, while Request Timed Out messages indicate
that the computer did not receive a response from the remote host. The
following example indicates how to monitor the connection to a host at
the IP address 192.168.1.1.
ping -t 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Request timed out.
Request timed out.
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Note that Ping loops
provide only an approximate estimation of connectivity. Ping packets
will occasionally be dropped even if connectivity is constant.
Additionally, because Ping sends requests sooner if a reply is received
than if the reply times out, you cannot use the ratio of replies to
time-out errors as a useful indication of network uptime.
|
Finding Blackhole Routers
Tim Rains, Program Manager
Windows Networking
Ping can be useful in determining whether upstream routers are black hole routers, which drop datagrams larger than a specific size. For more information, see http://support.microsoft.com/kb/314825.
|
If you want to use Ping from a
Windows PowerShell script, use the Test-Connection cmdlet. The
functionality is almost identical to Ping, with the added benefit of
being able to specify the –Source parameter to initiate the ICMP requests from a remote computer.
14. PortQry
Directly query critical
services on the remote host to determine whether it is available and
accessible. You can use two troubleshooting tools to query services on a
remote host: PortQry (Portqry.exe) and Telnet Client. PortQry is more
flexible and simpler to use than Telnet Client; however, because it is
not included with Windows (but can be downloaded from the Microsoft Web
site), it might not be installed on all systems. Use Telnet Client to
query remote services only when PortQry is not available.
PortQry version 1.22 is a TCP/IP
connectivity testing utility that is included with the Windows Server
2003 Support Tools. For information on how to download these tools, see http://support.microsoft.com/kb/892777.
PortqryV2.exe is a new version of PortQry that includes all the
features and functionality of the earlier version and has new features
and functionality. For information concerning PortqryV2.exe and how to
download it, see http://support.microsoft.com/kb/832919. The following examples can be performed using either version.
Note:
Information concerning PortQryUI, a user Interface for the original Portqry.exe command-line port scanner, can be found at http://support.microsoft.com/kb/310099, which includes a link for downloading this tool.
14.1. Identifying the TCP Port for a Service
A single computer can host
many network services. These services distinguish their traffic from
each other by using port numbers. When testing connectivity to an
application by using Telnet, you must provide Telnet with the port
number that the destination application is using.
Note:
Most services allow
the administrator to specify a port number other than the default. If
the service does not respond to the default port number, verify that the
service has not been configured to use a different port number. You can
run Netstat on the server to list listening ports.
14.2. Testing Service Connectivity
After you have identified the port number for the service, you can use PortQry
to test connectivity to that service. To test connectivity to a
service, open a command prompt and run the following command.
portqry -n destination -e portnumber
For example, to test HTTP connectivity to www.microsoft.com, type the following command at the command line.
portqry -n www.microsoft.com -e 80
This command produces output similar to the following.
Querying target system called:
www.microsoft.com
Attempting to resolve name to IP address...
Name resolved to 10.209.68.190
TCP port 80 (http service): LISTENING
The destination might be a
host name, computer name, or IP address. If the response includes
LISTENING, the host responded on the specified port number. If the
response includes NOT LISTENING or FILTERED, the service you are testing
is not available.
Note:
Netcat is a great non-Microsoft tool for testing
connectivity to specific ports or determining on which ports a computer
is listening for connections. Netcat is an open-source tool freely
available from http://netcat.sourceforge.net/.
14.3. Determining Available Remote Management Protocols
When troubleshooting a
computer remotely, you might need to determine which remote management
protocols are available. PortQry can test the default port numbers for
common remote management protocols and identify which protocols are
available.
To determine which management protocols are available on a remote host, open a command prompt and run the following command.
portqry -n destination -o 32,139,445,3389
This command queries the remote host to determine whether Telnet Server, NetBIOS, Common Internet File System (CIFS), and the Remote Desktop are available.
|
Specifying the Source Port
Tim Rains, Program Manager
Windows Networking
The Portqry –sp
option allows you to specify which source port you want to use for the
connectivity test. Use this parameter to specify the initial source port
to use when you connect to the specified TCP and UDP ports on the
destination computer. This functionality is useful to help you test
firewall or router rules that filter ports based on their source ports.
|
The following PortQry
output indicates that the remote system will respond to NetBIOS, CIFS,
and Remote Desktop requests, but not to Telnet requests.
Querying target system called:
192.168.1.200
Attempting to resolve IP address to a name...
IP address resolved to CONTOSO-SERVER
TCP port 32 (unknown service): NOT LISTENING
TCP port 139 (netbios-ssn service): LISTENING
TCP port 445 (microsoft-ds service): LISTENING
TCP port 3389 (unknown service): LISTENING
Why PortQry Is Great
Tim Rains, Program Manager
Windows Networking
The real advantage that PortQry has over Telnet
Client and other such tools is the support for UDP-based services.
Telnet Client can help test connectivity only on TCP ports, but you can
use PortQry to test UDP ports as well as TCP ports. The UDP ports that
PortQry can test include Lightweight Directory Access Protocol (LDAP), Remote Procedure Calls (RPCs), DNS, NetBIOS Name Service, Simple Network Management Protocol (SNMP), Microsoft Internet Security and Acceleration (ISA) Server, Microsoft SQL Server 2000 Named Instances, Trivial File Transfer Protocol (TFTP), and Layer Two Tunneling Protocol (L2TP).
