Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Users from the finance department access an Oracle server for their operations.

ID: 3846797 • Letter: U

Question

Users from the finance department access an Oracle server for their operations. The computers on the finance department network are assigned public IP addresses. The Oracle server is on a different network than the finance department network. The users complain of slow response from the Oracle server. A detailed observation of the traffic flow in and out of the server shows many ICMP echo and echo-reply packets. Consider that you are part of the network administration team of the organization. Imagine yourself as a network administrator.

Based on your understanding of the above scenario, create a Microsoft word document answering the following:

How will you resolve the problem?

Which would be the first place that you would look at for excessive echo and echo-reply packets?

Explain in detail of the various commands and in what order you would diagnose to efficiently pinpoint the issue in quickest possible time.

Explanation / Answer

An Echo is simply we call a 'ping' and the Echo Reply is as the 'ping reply'. ICMP Echos are used mostly for troubleshooting, when there are 2 hosts have communication problems, a few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems with the routes packets are taking in order to get to the other side.

The 'ping' command (ping www.firewall.cx) is very well known, but the results of it are very often misunderstood and for that reason we have to explain all those other parameters next to the ping reply, but we will have a look at that later on.

If the packet was an ICMP Echo (ping), then the Type field takes a value of 8 and if it's an ICMP Echo Reply (ping reply) then it would take a value of 1.

The first thing workstation need to resolve that URL to an IP address. This was done using DNS. Once the DNS server returned the IP address of www.firewall.cx, the workstation generated an ICMP packet with the Type field set to 8.

Notice the ICMP type=8 Echo field right under the ICMP Header section. This clearly shows that this packet is being sent from the workstation and not received. If it was received, it would have been an 'Echo Reply' and have a value of 0.

The next weird thing, if anyone noticed, is the data field. Look at the command prompt and notice the value there and the value the packet sniffer is showing on the left. One is 32 Bytes, and the other is 40 Bytes. The reason for this is that the packet sniffer is taking into account the ICMP header files (ICMP type, code, checksum and identifier).

We analyzed the ICMP headers and we notice that the lengths (in Bits) of the various fields are as follows: 8, 8, 16, 16, 16. These add up to a total of 64 Bits. Now 8 Bits = 1 Byte, therefore 64 Bits = 8 Bytes. Take the 32 Bytes of data the workstation's command prompt is showing and add 8 Bytes and we have 40 Bytes in total.

ICMP messages provide feedback on communication problems such as the following:

A client has been configured with the wrong IP address for its Domain Naming System (DNS) server. The destination device sends an ICMP message, indicating that this device does not support the DNS port.

An application does not permit fragmentation of its communications, but fragmentation is required to communicate with the destination device. The router that would normally fragment the packet sends the source device an ICMP message, indicating that the packet could not be forwarded because the packet's "don't fragment" bit was set.

A client sends all communications to a default router although another router offers the best route. The default router sends an ICMP message that includes the IP address of the router that provides the best route.

A packet arrives at a router with a Time To Live (TTL) value of 1. All IP headers contain a Time to Live (TTL) value. Unlike the IPX hop count, which increments as the packet is forwarded through each router, the IP TTL value decrements as the IP packet is forwarded through each router. If an IP packet has a TTL value of 1, the router cannot decrement the TTL value by one and then forward the packet. Instead, the router discards the packet and sends an ICMP message, indicating that the packet's TTL expired in transit.

Before you can use ICMP to troubleshoot your company's network, you must capture the ICMP traffic on that network. You can set up a network analyzer to capture all TCP/IP traffic and filter just the ICMP traffic (post-filtering), or you can set up a prefilter to capture just ICMP traffic (if the network analyzer you are using provides prefiltering capabilities). For example, I use post-filtering with Novell's LANalyzer for Windows and ManageWise, but I use prefiltering with Network Associates's Sniffer and Sniffer Pro. (See "Using Sniffer to Read ICMP Messages.")

After setting up the network analyzer to filter ICMP traffic, take a good look at the ICMP traffic that crosses the network. It is typical to have some redirect messages (especially during start-up hours in the morning), but if one device is constantly being redirected before communicating with other devices on the network, we need to assign that device a different default gateway.

Network and host unreachable messages may indicate a route or routing failure. For example, if a router cannot forward a packet addressed to a certain device or network because that device or network is considered "down," the router will send a network unreachable or host unreachable message to the source device. This problem could be caused by a faulty IP stack on the destination device or by routing failures that have made a network unreachable.

Port unreachable messages, on the other hand, may indicate that a device is configured incorrectly. For example, if a device continually sends DNS queries to a specific IP address and receives port unreachable messages, the IP address for the DNS server may not be valid.

Related Questions

Useful background for this problem can be found in Multiple-Concept Example 2. O
Question #1643111
Useful background for this problem can be found in Multiple-Concept Example 2. O
Question #2212667
Useful conversion formulas: OC to OF Multiply by 9, then divide by 5, then add 3
Question #92517
Useful equations and constants hc h 6.626x 10* J.s c 2.998 x 10° m.s 1nm 10 m 1.
Question #716376
Useful facts specific heat of stone, 800 J/(kg K) specific heat of water, 4186 J
Question #1557034
Useful facts specific heat of stone, 800 J/(kg K) specific heat of water, 4186 J
Question #1605615
Useful for expressing problems where it is not obvious what the functions should
Question #3585826
Useful formulas/constants: 1/[A] = 1/[A]_0 + kt ln ([A]_0/[A]) = kt R = 0.0821 L
Question #536060
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Users are required to enter the correct passcode to start the application. The s
Next
Users leave comments on other users \"walls\". What I would like to do is to all

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.