NetMon 없이 네트워크 문제 해결하기
? ??? ??? ??? ??? ??? ???? ??? ????. ????? ??? ????.
https://blogs.technet.com/askds/archive/2007/12/18/troubleshooting-networks-without-netmon.aspx
?????? ??(Ned)???. ?? ???? ? ?? ???? ?? ??? ?? ?? ?? ?? ???? ???. ??? ???? ??? ??????? ??? Kerberos? ????? ?? ??? ??? ??? ???? ???. ???? ?? ??? TCP/IP? ?? ?? ? ?? ????.
???? ???, Active Directory? ?? ??? ???? ? ??? ????.
??? ????? ???? ??? ???? ??? ????? ?? ???? ??? ???? ???? ?? ???? ???? ???. ? ??? ????? ??? ? ??? ?? ???? ???? ??? ??? ?? ????? ??? ??? ???? ???. ??? ???, ??? 3? ??? ??? ??? ???? ??? ???? ???? ????? ???? ??? ???? ????. ??? ????, 80%? ???? ??? ???? DNS ?? ??? ?????.
??? ??? ???? ??? ??(Guru)? ? ? ???, ??? ?? ?? ??? NetMon3.1 (?? Wireshark, Ethereal, Packetyzer, ??)? ???? ??? ?? ??? ???? ?? ????? ?? ???? ??? ?????. ????, ???? ??? ???? NetMon? ??? ? ?? ? ?? ??? ?????? ?? Microsoft? ???? ??? ? ?? ??, ?? ??? ?? ??? ???? ?? ??? ??? ????? ???? ? ????.
??? ??? ?????.
??? ??? ??, ?? ? ?? ?? 99.9998%? IPv4? ???? ??????.
10,000?? ???? ???? ?? ????
?? ???? ????? ???? ?? ??? ???? ????. ?? ??? ? ??? ????? ??.
??? ???, ?? ?? ???? ?? ?? ??? ???.
1. ??? ??? ????? ?????
2. ???? ???? ??? ??????
3. ?? ??? ? ????
4. ?? ? ?? ??? ??? ????? ???????
?? ??? ??? ??? ????. '?? ???? ?? ???? ??? ????' ??? ?? ????, ??? ????? 1??? ???? ??? 2??? 3??? ???? ?? 4??? ?????. ??, ??? ????, ??? ????? ??? ??? ?? ???.
?? : ???? ?????, ????? ????? ??? ???? ??? ??? ?? ????? ????. ???? ??? ?? ?? ??? ??? ????.
IP address - 10.10.0.128 (SRC-CLIENT-01.contoso.com)
Subnet Mask - 255.255.0.0
Default Gateway - 10.10.0.1
DNS Server - 10.20.0.20 (DNS-01.contoso.com)
WINS Server - 10.20.0.30
Our Destination DC - 10.30.0.166 (DEST-DC-01.contoso.com)
1. ??? ??? ????? ?????
??? ????? ???? ?? ?? ?? ??? ?????. ??? ???? ??? ????? ??? ???? ??? ????? ??? ????. ??? ?????? SYSVOL? ???? ????? ???? ???? ? ???? ????? ???? ???? OSI-TCP/IP? ??????? ???? ????? ??? ????? ?? ??? ???? ???.
2. ???? ???? ??? ??????
???? ?? ??? ????? ????? ?????. ????? ?? ??? ?? ?? ??? ???? ???. ??? ??? ?? ????? ??. ???? ???? ??? ????? ???? ?????.
PING ? ?? ????? - ?? Windows ???? ???? ?? ??
l ?? ????? ??? ?? ??? ? ????.
PING 127.0.0.1
PING 10.10.0.128
PING 10.10.0.1
??? ??? ?? ?????.
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
NIC? ???? ???, IP ??? ???? ???, ?????? ?? ??? ???? ???? ? ????. ?????? ??? ? ??? NIC? ?????, ??? ?? ????? ??? ??????. ???? ???? ????(?? ??? ???? ??? ???? ?? ??????) ??????? PING? ???? ????. ?? ???? ?????? ???? PING? ???? ???? ?? ?????.
l ??? ???? ????? ????? ?? ??? ??? PING? ??? ?? ? ? ????.
PING 10.30.0.166
PING DEST-DC-01.contoso.com
PING DEST-DC-01
??? ?? ??? ???(?? ????) ????? ?? ??? ??? ? ??? ?????. ? ???? ????? ICMP? ??? ???? ??? ? ???, ?? ??? ????? ???? ????? ??? ????. (??? ?? ????. ????? ?? ??? ?? ?????. LAN??? ??? ???? ICMP? ???? ???/??? ??? 10???????. ??? ?? ???? ?????) ??? ?? PING? ????, ?? ???? ?? ?? ?????. DESTINATION UNREACHABLE ?? REQUEST TIMED OUT? ????? ??? ?? ?? ????? ??? ???? ???? ???. COULD NOT FIND HOST ? ?? ??? ? ? ?? ???? ?? ?? ???? ???? ???. ‘PING ?F ?L 1472’ ???? PING? ? ? ??? 1500 ???? ??? ????? PING ?? ?? ??? ? ????.
TRACERT / PATHPING / ARP / ROUTE ? ?? ??? ??? - ?? Windows ???? ???? ?? ??
l ?? ???? ?? ???? ????? ??? ???? ???? ??? ? ????.
PATHPING 10.30.0.166
??
TRACERT 10.30.0.166
? ?? ??? ????? ?? ?? ?????, ???? ???? ?? ?? ????? ?????, ??? ??? ????? ? ? ????. TRACERT ? ??? ????, ???? ??? ?????.
Tracing route to DEST-DC-01.contoso.com [10.30.0.166] over a maximum of 30 hops:
1 1 ms 1 ms <1 ms router1.network.contoso.com [10.10.0.1]
2 <1 ms 1 ms <1 ms router2.network.contoso.com [10.30.0.1]
3 <1 ms <1 ms <1 ms DEST-DC-01.contoso.com [10.30.0.166]
??? PATHPING? ??? ? ???? ?? ??? ??? ?????.
Tracing route to DEST-DC-01.contoso.com [10.30.0.166] over a maximum of 30 hops:
0 SRC-CLIENT-01.contoso.com [10.10.0.128]
1 router1.network.contoso.com [10.10.0.1]
2 router2.network.contoso.com [10.30.0.1]
3 DEST-DC-01.contoso.com [10.30.0.166]
Computing statistics for 75 secon???? ???...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 SRC-CLIENT-01.contoso.com [10.10.0.128]
0/ 100 = 0% |
1 0ms 0/ 100 = 0% 0/ 100 = 0% router1.network.contoso.com [10.10.0.1]
0/ 100 = 0% |
2 0ms 0/ 100 = 0% 0/ 100 = 0% router2.network.contoso.com [10.30.0.1]
0/ 100 = 0% |
3 0ms 0/ 100 = 0% 0/ 100 = 0% DEST-DC-01.contoso.com [10.30.0.166]
l ?? ????? ???, ???? ?? ??? ??? ??? ?? ? ?? ????.
ARP -a
???
ROUTE PRINT
3. ?? ??? ? ????
?? ????? ????? ?????, ?? ?? ?? ??? ???? ???? ? ? ??? ??? ???. (?? ??, ??? ????? ???? ??? ??? ??? ??? CNAME ?? SRV ???? ???? ? ?? ?????.) ??? ? ?? ??? ???? ??? ?? ?? ?? ???? ??? ??? ????? ??? ?? ???? ??? ??? ????.
?? : ?? ?? ???? ?????? ??? ??? ???? ??? ?? ???? ???? ?? ?????.
IPCONFIG /flushdns
NBTSTAT -R
NSLOOKUP ? ??? ?? ?? ??? - ?? Windows ???? ???? ?? ??
l DNS ??? ???? A ???? ???? ?? ??? ?? ?????.
NSLOOKUP DEST-DC-01.contoso.com 10.20.0.20
??? ?? ??? ?????.
Server: DNS-01.contoso.com
Address: 10.20.0.20
Name: DEST-DC-01.contoso.com
Address: 10.30.0.166
FQDN(fully qualified domain name)? ???? A ??? ??? ????? ?????. NSLOOKUP? ???? ??? ??? ??? UDP DNS ??? ???? ???, ??? DNSCMD ???? DNS?? ???? ???? ?? RPC ??? ??? DNS ???? ??? ?? ?? ???? ?? ????.
DNSCMD ? NSLOOKUP? ??? ?? ?? ??? - ???? ???? Windows 2000/XP/2003
l DNS ???? ??? ????? CNAME? SRV ???? ?? ???? ??? ?? ?????.
DNSCMD /EnumRecor???? ??? _msdcs.contoso.com @ /Type CNAME
???
NSLOOKUP
>set type=all
_ldap._tcp.dc._msdcs.contoso.com
_kerberos._tcp.dc._msdcs.contoso.com
A ???? ?? ??? ???? ??? ??? ???? ??? ?????? ?? ?????. ?? SRV ???? CNAME ???? ????. LDAP, Kerberos, ?? ?? ? ? ??? AD ????? ?????. ??? ??? ???? ?? ?? ??? ????? ??? ????? ???.
NBTSTAT ? ?? ?? ?? ??? - ?? Windows ???? ???? ?? ??
l WINS? ???? ?? ???? ??? ?? ?????.
NBTSTAT -c
NBTSTAT -n
??? ???? ????, WINS? NetBIOS ?? ??? DFS Namespaces, Netlogon, Terminal Services licensing ?? ?? ?? ???? ??? ???? ??? ?????.
?? ?? ??? ??? ????, ?? ???? ??? ??? ??? ???? ???.
4. ?? ? ?? ??? ??? ????? ???????
? ????? ???? ???? ?? ??? ?????, ????? ?????? ??? ????. ????? ??????, ???? ??? ??? ???? ?????? ?? ???? ??? ????. ??? ???? ???? ??? ????? ??.
LDP ? PORTQRY ? ??? LDAP ??? - ???? ???? Windows 2000/XP/2003, Portqry ????
l DC/GC? LDAP? ????? ??? ?? ??? ? ????.
PORTQRY -n DEST-DC-01.contoso.com -p tcp -e 389
PORTQRY -n DEST-DC-01.contoso.com -p tcp -e 636
PORTQRY -n DEST-DC-01.contoso.com -p both -e 3268
PORTQRY -n DEST-DC-01.contoso.com -p tcp -e 3269
??? ??? ???? ???? ???? ???? ?????.
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LISTENING ? ????. :-) TCP ??? LDAP ??? DC/GC? ?? LISTENING ?? NOT LISTENING ?? FILTERED? ???? ????. UDP ??? ??? LISTENING ?? FILTERED (?????? ??? ??)? ?????. TCP?? FILTERED ?? NOT LISTENING ?? ??? ?? ???? ???? ????? LDAP ???? ????? ?? ?????.
?? : ??? ??? ??? ??? ? ?? ???? ? ????.
l LDP? ???? ??? ????? ??? ?? ??? ? ????.
LDP
Connection --> Connect --> DEST-DC-01.contoso.com
Connection --> Bind
View --> Tree --> Select the domain naming context
Browse a few levels deep.
?? ?? ??? ? ?? ??(????, ??? LSAP?? A???? ???I? ???? ??? LDAP ?? ??? ?? ??????? ??)? ???? ??? LDAP ???? ??? ???? ?? ? ? ????. ?? ??? ????? ???? ?? ? ? ????.
NET USE? PORTQRY ? ???? SMB ????? - Portqry ????
l ??? ?? 138 ??? 445 ??? listening ?? SMB? ??? ? ????.
PORTQRY -n DEST-DC-01.contoso.com -p udp -e 138
PORTQRY -n DEST-DC-01.contoso.com -p both -e 445
LISTENING ? FILTERED? ??? ?? ??? ?????. ????? 138?? 445? ??? ?? ? ???, ???? ??? ?????? ?????, ??? ???? ?? ??? ?? ? ? ????. ?? SMB? ??? ??, ?? ??, ????, ??? ???(Named pipes) ?? ?? ?????, ?? ??????? ??? ????.
l ??? ?? SMB? ??? ? ????. (??? ?? ??)
NET USE \\DEST-DC-01.contoso.com\C$ /p:n
? ???? ????? ???? SMB? ?? ??? ????? ??? ? ?? ?? ?????. ?? ??? NTLM ??? ???? ?? ?????.(?? NTLM?? ??? ??, IP ??? ???? ???.) ??? ?? Kerberos TGS ??? ??? ??? Resource Kit? ?? KLIST ?? KERBTRAY? ???? ? ? ????.
COMPMGMT? PORTQRY ? ??? RPC ??? - Portqry ????
l ??? ?? ?? ??(Endpoint mapper)? ??????, ???? ????? ??? ? ????.
PORTQRY -n DEST-DC-01.contoso.com -p tcp -e 135
?? ??? TCP 135???? ?? LISTENING ??(?? FILTERED ?? NOT LISTENING ?? ????) ?? ??? ?? ??? ??? ???? ?????. ?? ?? ??? ??? ????? ?????, ??? ?? ??????? ??? ????.
l ??? ?? ??? ??? ??? ? ????.
COMPMGMT.MSC
Computer Management --> Connect to another computer
Expand ‘System Tools’
COMPMGMT? ??? ??? RPC ??? ??? ?? ???????. ??? ???? MSRPC ???, ?? ??? ?? RPC ??? ??? ??? ???, ????? ???? RPC ??? ?? ?? ??? ???????. RPC ??? ??????? ??? AD ??, FRS ??, DFS ?? ? ??? ????. (Microsoft ?? ??? ?? ?? ??? ???????)
PORTQRY ????
?????, ?? ???? ???? ??? ??? ???? ???? ??? ???? ??? ? ?? ?? ??? ????. ??? ?? ??? ???? ???? ???? ?? ??? ?? ???? ??? ???? ?? ?? ??? ?????. ??? ?? ?????, HTTP/HTTPS ? ???? ????. ? ???? ????? ???? ? ?? ?? ?????. Microsoft ???? ??? ???? ?? ??? ? ?? ??? ????. J
@echo off REM Sample batch wrapper script for portqry.exe REM Designed to verify responsiveness of remote server specified on commandline REM Requires PORTQRY.EXE in same directory as script REM Example: checkports.cmd DEST-DC-01.contoso.com REM Please note that this script is provided "AS IS" with no warranties, and confers no rights. REM Use of included script sample is subject to the terms specified at REM https://www.microsoft.com/info/cpyright.htm ECHO Querying DNS Portqry -n %1 -p both -e 53 > %1_checkports.txt ECHO Querying DHCP Portqry -n %1 -p udp -e 67 >> %1_checkports.txt ECHO Querying HTTP portqry -n %1 -p tcp -e 80 >> %1_checkports.txt ECHO Querying Kerberos KDC Service portqry -n %1 -p both -e 88 >> %1_checkports.txt ECHO Querying NTP Time Service Portqry -n %1 -p udp -e 123 >> %1_checkports.txt ECHO Querying RPC EndPoint Mapper Service portqry -n %1 -p tcp -e 135 >> %1_checkports.txt ECHO Querying NetBIOS Name Service (WINS) portqry -n %1 -p both -e 137 >> %1_checkports.txt ECHO Querying NetBIOS Datagram Service portqry -n %1 -p udp -e 138 >> %1_checkports.txt ECHO Querying NetBIOS Session Service portqry -n %1 -p tcp -e 139 >> %1_checkports.txt ECHO Querying LDAP portqry -n %1 -p tcp -e 389 >> %1_checkports.txt ECHO Querying HTTP over SSL portqry -n %1 -p both -e 443 >> %1_checkports.txt ECHO Querying SMB portqry -n %1 -p both -e 445 >> %1_checkports.txt ECHO Querying Kerberos Logon portqry -n %1 -p both -e 464 >> %1_checkports.txt ECHO Querying LDAP over SSL portqry -n %1 -p tcp -e 636 >> %1_checkports.txt ECHO Querying Win2000/2003 AD Logon and Directory Replication portqry -n %1 -p tcp -o 1025,1026 >> %1_checkports.txt ECHO Querying Global Catalog portqry -n %1 -p both -e 3268 >> %1_checkports.txt ECHO Querying Global Catalog over SSL portqry -n %1 -p tcp -e 3269 >> %1_checkports.txt ECHO Querying Terminal Server / Remote Desktop Portqry -n %1 -p tcp -e 3389 >> %1_checkports.txt start notepad %1_checkports.txt |
????
https://blogs.technet.com/networking/ Microsoft ???? ?? ?? ???
https://blogs.technet.com/netmon/ NetMon ???? ?? ???
Windows Server system ? ?? ??? ??? ???? ?? ????
??? ?????.
- Ned Pyle