Is Your Network Connected?

Finding Out Which Network Devices Are Responding


Laura Chappell

One of the first steps in troubleshooting your company's network is checking the connections among the servers, workstations, and other devices. In an intraNetWare or NetWare environment, you can use the IPX Diagnostic Responder or the IPX Ping utility to check whether a server or a worksta-tion is communicating properly. You can also use the IPX Diagnostic Responder or the IPX Ping utility to test the response time of one network device or of all network devices. In addition, you can use these tools to test the speed of any network link.

This article explains how the IPX Diagnostic Responder and the IPX Ping utility work. This article also describes the packet formats used by the IPX Diagnostic Responder and the IPX Ping utility and discusses the information these tools provide about your company's network.

SHOULD YOU USE THE IPX DIAGNOSTIC RESPONDER OR THE IPX PING UTILITY?

If you have worked in the NetWare environment for a long time, you may be familiar with the NetWare Care utility, which was included with older versions of NetWare. The NetWare Care utility used the IPX Diagnostic Responder, a feature that generated a query packet which the NetWare Care utility then broadcast on the network. The NetWare Care utility used the responses it received to build a map of active network devices.

By default, the IPX Diagnostic Responder still runs on all intraNetWare and NetWare servers and on all Novell client software. However, the IPX Diagnostic Responder does not include a transmission utility. You must use a third-party utility to build, send, and receive the IPX Diagnostic Responder packets.

For example, my company, ImagiTech Inc., runs the IPX Diagnostic Responder with LANQuest's Net/WRx LANLoad, Novell's LANalyzer for Windows, Network General's Sniffer, and NCC's LAN Network Probe. To research this article, I used the Net/WRx LANLoad utility to transmit the IPX Diagnostic Responder query packets on the network. I then toggled to a LANalyzer for Windows screen to check the reply packets coming back.

In addition to providing the IPX Diagnostic Responder, Novell created the IPX Ping utility, which is similar to the Ping utility in the TCP/IP environment. Novell's IPX Ping utility is available with intraNetWare, NetWare 4.11, and NetWare MultiProtocol Router (MPR) 3.0 and above. Novell also included the IPX Ping utility in its 32-bit client software, such as intraNetWare Client for Windows 95 and intraNetWare Client for Windows NT.

Servers running NetWare 4.1 or below and workstations running Novell's Virtual Loadable Module (VLM) client software or Novell's NETX client software do not support the IPX Ping utility. If you use the IPX Ping utility to check a workstation running client software that does not support this utility, you do not receive any response. In other words, the workstation appears not to be responding on the network because the workstation doesn't respond to the IPX Ping utility. However, the workstation could actually be working fine.

If your company's servers and workstations support the IPX Ping utility, I recommend that you use this utility. Otherwise, you need to use the IPX Diagnostic Responder with a third-party utility. However, you should be aware that some routers, such as Cisco routers, do not support the IPX Diagnostic Responder. (See "Choosing Between the IPX Diagnostic Responder and the IPX Ping Utility".)

HOW DOES THE IPX DIAGNOSTIC RESPONDER WORK?

An IPX Diagnostic Responder query packet includes an IPX header with destination socket number 0x0456 and a 1-byte Exclusion Address Count field. (See Figure 1.) If you want specific devices to ignore the IPX Diagnostic Responder query packet, you can specify the number of devices that should not respond to this packet in the Exclusion Address Count field. You can then include these devices' hardware addresses or media access control (MAC) addresses in the Excluded Address fields. (These fields are described in more detail later in the article.)

To use the IPX Diagnostic Responder, you must know the network address and the MAC address of the destination device. If this device is on the other side of a router, you must also know the router's MAC address.

For example, suppose that you managed a simple internetwork with two LAN segments. (See Figure 2.) To use the Net/WRx LANLoad utility to query the BLDG2 server on network 0x00-00-22-22 from a device on the same network, you would send an IPX Diagnostic Responder query packet through the local router to the BLDG2 network: You would need to include the BLDG2 server's network address and MAC address in the IPX header. You would also need to include the local router's MAC address in the Ethernet header that is used to get the query packet to the local router.

You can use the IPX Diagnostic Responder to test the following on your company's network:

Testing the Response Time of One Network Device

If you want to test a device on the same network as the workstation on which your third-party utility is running, you include the device's MAC address in the MAC header (such as the Ethernet header), and you include the device's network address and MAC address in the IPX header.

In the IPX header (which includes a network address and a MAC address), you can also use destination network address 0x00-00-00-00 to indicate that you are checking only the local network. Figure 3 shows how you specify destination network addresses in the Net/WRx LANLoad utility.

You must also specify your workstation's network address and node address so that you can trace the IPX Diagnostic Responder reply packets with a network analyzer. For example, if a device received the query packet shown in Figure 3, the device would send a reply packet to node 0x99-99-99-99-99-99 on the local network.

To make it easier to trace the IPX Diagnostic Responder reply packets, you could use a false node address instead of your workstation's node address. For example, if you sent a query packet from MAC address 0x99-99-99-99-99-99 (an unusual MAC address) to a device on the local network, the reply packet sent to that MAC address would be easy to spot.

When a device responds to an IPX Diagnostic Responder query packet, the reply packets contain a list of the device's primary network components. (See "Responding to an IPX Diagnostic Responder Query Packet".) Although the list does not provide detailed information, this list does identify the functionality of each network component. For example, component 2 is a LAN driver.

A server's IPX Diagnostic Responder reply packet is especially useful because this packet includes the addresses of each network to which the server is attached. A server's reply packet also includes the server's internal IPX address.

Testing the Response Time of All Devices on the Network

To test all of the devices connected to a network, you specify the broadcast MAC address in the IPX header. (See Figure 1.) All devices that support the IPX Diagnostic Responder send an IPX Diagnostic Responder reply packet, and the third-party utility you are using to receive reply packets should list the devices and their relative response times.

Testing the Speed of a Network Link

To test the speed of a network link, you must run two IPX Diagnostic Responder sessions, querying one side of the link in each session. Then you use the difference between the round-trip times of each session to determine the speed of the network link.

For example, Figure 4 shows a WAN link between an office in California and an office in New York City. Suppose that you wanted to test the speed of this WAN link. If you were running a third-party test utility from the California office, you would complete the following steps:

  1. Measure the round-trip time between the third-party test utility attached to the network at the California office and Router A.
  2. Measure the round-trip time between the third-party test utility attached to the network at the California office and Router B.
  3. Subtract the Router A time from the Router B time. This value is the round-trip time for the WAN link.
  4. Divide the round-trip time for the WAN link in half. This value is the approximate one-way time.

To test the speed of a network link at the ImagiTech labs, I use the Net/WRx LANLoad utility to transmit the IPX Diagnostic Responder query packets and LANalyzer for Windows to receive and time stamp the reply packets. I also use LAN Network Probe, which simultaneously transmits and receives packets.

THE FORMATS OF AN IPX DIAGNOSTIC RESPONDER PACKET

The IPX Diagnostic Responder uses two packet formats:

The IPX Diagnostic Responder Query Packet

As mentioned earlier, an IPX Diagnostic Responder query packet includes an IPX header with destination socket number 0x0456. This socket number indicates that the query packet contains IPX Diagnostic Responder information and should be handled by the IPX Diagnostic Responder. The Destination Network Address field and the Destination MAC Address field in the IPX header indicate which device or devices should respond to this query packet. (See Figure 3.)

For example, to query the BLDG2 server on the network shown in Figure 2, you would address an IPX Diagnostic Responder query packet to network 0x00-00-22-22 and node 0x00-20-C5-00-5F-C1. To query all of the devices on this network, you would address the query packet to network 0x00-00-22-22 and node 0xFF-FF-FF-FF-FF-FF (the broadcast node address).

The data portion of an IPX Diagnostic Responder query packet typically contains only one field: the Exclusion Address Count field. (See Figure 5.) This field indicates the number of devices that should not respond to the query packet. If you did not want to exclude any device from responding to this query packet, you would pad the Exclusion Address Count field with 0x00. This field requires 1 byte.

If you wanted to prevent particular devices from responding to an IPX Diagnostic Responder query packet, the Exclusion Address Count field would contain a number to indicate how many devices are excluded from responding. (See Figure 6.) You would then use one or more of the Excluded Address fields to specify the MAC addresses of these devices. In this case, you must specify values in multiples of 6 bytes. However, ignoring reply packets from some devices that are of no interest is easier than locating the MAC addresses of relevant devices and entering these addresses in the query packet.

The IPX Diagnostic Responder Reply Packet

When a device receives an IPX Diagnostic Responder query packet, the device sends a reply packet. Like the query packet, the reply packet contains source socket number 0x0456 in its IPX header, indicating that this packet contains IPX Diagnostic Responder information. (See Figure 7.)

In addition, the IPX Diagnostic Responder reply packet contains information about the device sending this packet. For example, the reply packet indicates how many network components the device has and what these components are. If the device is a server or a router, the reply packet contains additional information such as the number of networks to which this device is attached and the type of network (internal or external). (See "The Contents of an IPX Diagnostic Responder Reply Packet" and Figure 7.)

HOW DOES THE IPX PING UTILITY WORK?

Instead of using the IPX Diagnostic Responder, you can use the IPX Ping utility to determine whether one or more devices are responding on the network. The IPX Ping utility actually sends an IPX Ping query packet that contains the word Ping to the destination device's network address and MAC address. (See Figure 8 .) The reply packet echoes the data portion (the word Ping) of the query packet. (See Figure 9.) Unlike the IPX Diagnostic Responder, the IPX Ping utility does not require devices to exchange information about their network components.

You run the IPX Ping utility on an intraNetWare or NetWare 4.11 server. To launch the IPX Ping utility, you enter the following command at the server console:

LOAD IPXPING

When the New Target menu appears, you enter the network address of the destination device--the device you want to test. If you enter 0xFF-FF-FF-FF (the broadcast network address), the IPX Ping utility does not transmit anything, ensuring that you do not flood the internetwork with IPX Ping broadcast packets.

You must also enter the destination device's node address. The default node address is 0x00-00-00-00-00-01. To ping all of the devices on a network, you enter the broadcast node address, which is 0xFF-FF-FF-FF-FF-FF.

In addition, you specify the number of seconds the IPX Ping utility should wait between each ping. The lower you set this value, the more traffic you generate on the network.

To test one server or one workstation, you address the IPX Ping query packet directly to that server's or that workstation's network address and MAC address. To test multiple servers or workstations, you enter the exact network address and the broadcast node address.

To use the IPX Ping utility to test the speed of a network link, you define multiple IPX Ping query packets to run simultaneously. For example, to test the speed of a WAN link, you would send a query packet to the router on each side of the link and find the difference between the routers' response times. Figure 10 shows a ping test using multiple query packets.

The IPX Ping utility lists the response times for each ping test and provides some trend information. (See Figure 10.) The IPX Ping utility's report includes the following information:

The Format of an IPX Ping Packet

Unlike the IPX Diagnostic Responder, the IPX Ping utility uses the same format for both query packets and reply packets. (See Figure 11.) These packets include seven fields, which contain the following information:

When using the IPX Ping utility, you must send all query requests to destination socket number 0x9086.

HOW CAN YOU FIND OUT MORE?

If you want to learn about other tools you can use to troubleshoot communications problems on your company's network, you can read Novell's Guide to LAN/WAN Analysis: IPX/SPX, which will be published in April by Novell Press. This book explains the basics of network analysis and provides in-depth information about configuration options and troubleshooting techniques for IPX, SPX, and other protocols. (To order Novell's Guide to LAN/WAN Analysis: IPX/SPX, look for the NetWare Connection Bookstore order form in the next issue of NetWare Connection.)

CONCLUSION

The next time users complain that they cannot connect to a server, you have two good tools to begin the troubleshooting process: If you want to test servers running NetWare 4.1 or below or workstations running Novell's NETX or VLM client software, you can use the IPX Diagnostic Responder with a third-party utility. If you need to test servers running intraNetWare or NetWare 4.11 or workstations running Novell's 32-bit client software, you can use the IPX Ping utility.

The IPX Diagnostic Responder and the IPX Ping utility help you determine whether servers, workstations, and other devices are responding on the network. These tools also help you determine how fast network traffic is flowing, even across routers.

Laura Chappell researches, writes, and lectures on NetWare protocol performance, troubleshooting, and optimization. Laura also speaks at NetWare Users International (NUI) conferences and presents customized training courses on network analysis. You can reach Laura via e-mail at chappell@imagitech.com.

NetWare Connection, March 1998, pp. 16-24