Thursday, 27 November 2008

Basic Network Skills

It seems to me that there are a large amount of medical equipment technical people out there with little or no networking skills. I come from an IT background so I often battle to understand how some people can be so silly when it comes to certain things.
For instance we have been having problems with our one CT scanner sending images through to our Conquest archive. Eventually we managed to get the technician on site and go into thier settings. It turns out they set the defualt gateway incorrectly. It is such a basic thing, but many people out there actually don't know what a default gateway does!

With this in mind I have compiled a list of links that I think are manditory for anyone who wishes to setup or troubleshoot network connections:

7 Layers of the OSI model
The 7 Layers of the OSI model define the basic levels of network communication. It is critical for a technician to have an understanding of the various layers of the OSI model and understand how information traverses these layers.
For instance DICOM is a layer 7 protocol that will have to traverse all the other layers for a connection to be estabished. This will mean that layer 1 - 7 all need to be operational before any images can be sent.

Command Line
The command line is a network admininstrators greatest friend! You can do a massive amount of troubleshooting and diagnostic work from command line. Here are a couple of basic commands to get you started:

this command is used to test basic end to end connectivity. If you can ping a device then there is network connectivity between the two. If you cannot ping a device then you know that something is going wrong between the two computers.

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
            [-r count] [-s count] [[-j host-list] | [-k host-list]]
            [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

    -t             Ping the specified host until stopped.
                   To see statistics and continue - type Control-Break;
                   To stop - type Control-C.
    -a             Resolve addresses to hostnames.
    -n count       Number of echo requests to send.
    -l size        Send buffer size.
    -f             Set Don't Fragment flag in packet (IPv4-only).
    -i TTL         Time To Live.
    -v TOS         Type Of Service (IPv4-only).
    -r count       Record route for count hops (IPv4-only).
    -s count       Timestamp for count hops (IPv4-only).
    -j host-list   Loose source route along host-list (IPv4-only).
    -k host-list   Strict source route along host-list (IPv4-only).
    -w timeout     Timeout in milliseconds to wait for each reply.
    -R             Use routing header to test reverse route also (IPv6-only).
    -S srcaddr     Source address to use.
    -4             Force using IPv4.
    -6             Force using IPv6.

This command shows you the route a packet takes to get to its destination. Tracert is critical when you need to know if there are any routing problems on the network.

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout]
               [-R] [-S srcaddr] [-4] [-6] target_name

    -d                 Do not resolve addresses to hostnames.
    -h maximum_hops    Maximum number of hops to search for target.
    -j host-list       Loose source route along host-list (IPv4-only).
    -w timeout         Wait timeout milliseconds for each reply.
    -R                 Trace round-trip path (IPv6-only).
    -S srcaddr         Source address to use (IPv6-only).
    -4                 Force using IPv4.
    -6                 Force using IPv6.

ARP stands for address resolution protocol. You can use this command to get the mac address of a computer on the local network. Please note that if you use this command to try get the mac address of a computer that is not on the same subnet as you the command will return the local interface mac address of your router.

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr] [-v]

  -a            Displays current ARP entries by interrogating the current
                protocol data.  If inet_addr is specified, the IP and Physical
                addresses for only the specified computer are displayed.  If
                more than one network interface uses ARP, entries for each ARP
                table are displayed.
  -g            Same as -a.
  -v            Displays current ARP entries in verbose mode.  All invalid
                entries and entries on the loop-back interface will be shown.
  inet_addr     Specifies an internet address.
  -N if_addr    Displays the ARP entries for the network interface specified
                by if_addr.
  -d            Deletes the host specified by inet_addr. inet_addr may be
                wildcarded with * to delete all hosts.
  -s            Adds the host and associates the Internet address inet_addr
                with the Physical address eth_addr.  The Physical address is
                given as 6 hexadecimal bytes separated by hyphens. The entry
                is permanent.
  eth_addr      Specifies a physical address.
  if_addr       If present, this specifies the Internet address of the
                interface whose address translation table should be modified.
                If not present, the first applicable interface will be used.
  > arp -s   00-aa-00-62-c6-09  .... Adds a static entry.
  > arp -a                                    .... Displays the arp table.

This tool allows you to see all the networking information about your computer.
The most common usages of this command are:
ipconfig /all      - this will give you all the information about your networking connections.
ipconfig /flushdns   - This flushes the DNS cache. (i.e. clears your DNS tables)
ipconfig /renew     - this gets a new DHCP address

    ipconfig [/allcompartments] [/? | /all |
                                 /renew [adapter] | /release [adapter] |
                                 /renew6 [adapter] | /release6 [adapter] |
                                 /flushdns | /displaydns | /registerdns |
                                 /showclassid adapter |
                                 /setclassid adapter [classid] ]

    adapter             Connection name
                       (wildcard characters * and ? allowed, see examples)

       /?               Display this help message
       /all             Display full configuration information.
       /allcompartments Display information for all compartments.
       /release         Release the IPv4 address for the specified adapter.
       /release6        Release the IPv6 address for the specified adapter.
       /renew           Renew the IPv4 address for the specified adapter.
       /renew6          Renew the IPv6 address for the specified adapter.
       /flushdns        Purges the DNS Resolver cache.
       /registerdns     Refreshes all DHCP leases and re-registers DNS names
       /displaydns      Display the contents of the DNS Resolver Cache.
       /showclassid     Displays all the dhcp class IDs allowed for adapter.
       /setclassid      Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

    > ipconfig                       ... Show information
    > ipconfig /all                  ... Show detailed information
    > ipconfig /renew                ... renew all adapters
    > ipconfig /renew EL*            ... renew any connection that has its
                                         name starting with EL
    > ipconfig /release *Con*        ... release all matching connections,
                                         eg. "Local Area Connection 1" or
                                             "Local Area Connection 2"
    > ipconfig /allcompartments      ... Show information about all
    > ipconfig /allcompartments /all ... Show detailed information about all

Other Tools
There are a host of networking related tools on the internet. Here are a list of the ones that I use on a daily basis.

Superscan is a port scanning program. It basically finds all the computers in a specific ip range. I find this too usefull when I need to find a computer on the network or when I need to find computers running specific services on the network.
I prefer version 3.0. The latest version irritates me a bit.

Ping a ding ding
This is a very basic tool that pings an IP address and makes a noise when it can or cannot see the remote device. I find this very useful when a machine has lost connectivity and I need to know as soon as it is available again.

UltraVNC remote admin tool that allows you to take over the remote computer.

The Dude
I have written about the dude before. This is an awsome application for monitoring your network infrastructure. We use it to monitor all of our core networking devices and some of our servers including the serivces on those servers i.e. DICOM services.