Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Reusable content - InfoDev > NetPath

NetPath

This page includes reusable steps for NetPath troubleshooting articles.

Capture the inbound NetPath ICMP Type 11 packets at the inside interface of the firewall

  1. Find the IP address of the NetPath agent that probes the service.
  2. Locate the inside interface where the inbound ICMP packets are expected to exit the firewall.
  3. Refer to the firewall manual, and execute the command to capture ICMP Type 11 packets on the inside interface with matching criteria: from any IP address to the IP address of the NetPath agent.

Capture the inbound NetPath ICMP Type 11 packets at the outside interface of the firewall

  1. Find the IP address of the NetPath agent that probes the service.
  2. Find the source NAT IP address if the source address translation applies to outbound NetPath TCP probing packets.
  3. Locate the outside interface where the inbound ICMP Type 11 packets are expected to enter the firewall.
  4. Refer to the firewall manual, and execute the command to capture ICMP Type 11 packets on the outside interface with matching criteria: from any IP address to the IP address of the source NAT IP address.

Capture NetPath probing packets on the NetPath probe computer

For NPM 12.0

  1. Download and install Wireshark.
  2. Find the IP address port from the service that has issue.
  3. Find the IP address of the NetPath probe that probes the service.
  4. Select the interface for your NetPath outgoing traffic.
  5. Apply the icmp Capture Filter.

    5-wireshark-1.png

  6. Apply the following display filter:

    icmp.type == 11 and ip.dst == endpoint_ip

    Replace endpoint_ip with your IP address.

    6-wireshark-2.PNG

For NPM 12.0.1 and later

  1. Open the NetPath Service page with ?debug appended to the end of the URL.
  2. Edit the path you want to troubleshoot.
  3. Select Enable logging, and click Save.
  4. Wait for two probing intervals for the selected path.
  5. Check the pcap file in the polling engine (not the Agent computer) where the selected path is collected from.

    7-netpath-debug.png

Capture the outbound NetPath TCP probing packet at the inside interface of the firewall

  1. Find the IP address and TCP port from the service that has issue.
  2. Find the IP address of the NetPath agent that probes the service.
  3. Locate the inside interface where the NetPath probing traffic is expected to enter the firewall.
  4. Refer to the firewall manual, and execute the command to capture TCP packets on the inside interface with matching criteria: from the IP address of the NetPath agent and any source port, to the IP address and port of the service with the issue.

Examples for packet capture commands:

Capture the outbound NetPath TCP probing packet at the outside interface of the firewall

  1. Find the IP address and TCP port from the service that has issue.
  2. Find the IP address of the NetPath agent that probes the service.
  3. Find the source NAT IP address if the source address translation applies to NetPath TCP probing packets.
  4. Locate the outside interface where the NetPath probing traffic is expected to exit the firewall.
  5. Refer to the firewall manual, and execute the command to capture TCP packets on the outside interface with matching criteria: from the IP address of the NetPath agent (or IP address of the source NAT IP address) and any source port, to the IP address and port of the service with the issue.

Check if the firewall is dropping logs for NetPath probing packets

  1. Find the endpoint IP address and TCP port from the service that has the issue.
  2. Find the IP address of the NetPath agent that probes the service.
  3. Locate the firewall that the NetPath probing traffic traverses. The firewall may or may not display in the NetPath graph.
  4. Make sure the log is enabled for Drop rules, including Default and Implicit Drop rules.
  5. Based on the firewall manual:
    1. For the outbound direction from agent to endpoint, find the firewall drop logs for TCP packets from the IP address of the NetPath agent and any source port, to the endpoint IP address and port of the service with the issue.
    2. For the inbound direction from endpoint to agent, find the firewall drop logs for ICMP Type 11 packets from any IP address to the IP address of the NetPath agent.

Check firewall logs

Open Check Point SmartView Tracker > All Records > Add filters.

For outbound NetPath probing packets, add the filter for:

  • Service: TCP service specified in NetPath Services
  • Source: NetPath probe
  • Destination: Endpoint

For inbound NetPath probing packets, add the filter for:

  • ICMP Type 11
  • Destination: NetPath probe

1-checkpoint.png

The log option must be enabled for rules that can allow or deny NetPath probing traffic.

Open Web Console > Monitor > Logs > Traffic.

For outbound NetPath probing packets, add the filter for:

  • Service: TCP service specified in NetPath Services
  • Source: NetPath probe
  • Destination: Endpoint

For inbound NetPath probing packets, add the filter for:

  • ICMP Type 11
  • Destination: NetPath probe

2-palo-alto.gif

Open Web Console > Log > View.

For outbound NetPath probing packets, add the filter for:

  • Service: TCP service specified in NetPath Services
  • Source: NetPath probe
  • Destination: Endpoint

For inbound NetPath probing packets, add the filter for:

  • ICMP Type 11
  • Destination: NetPath probe

3-sonicwall.png

Open ASDM console > Monitoring > Logging > Log Buffer (or Real-Time) > View ... > Add filters.

For outbound NetPath probing packets, add the filter for:

  • Service: TCP service specified in NetPath Services
  • Source: NetPath probe
  • Destination: Endpoint

For inbound NetPath probing packets, add the filter for:

  • ICMP Type 11
  • Destination: NetPath probe

4-asa.png

Check if the IP ID masking rule is enable for a Checkpoint firewall

  1. Open the Check Point SmartDashboard.
  2. Navigate to IPS > Protections.
  3. Search for IP ID Masking.
  4. Check if the rule is Active.

Check if the NetPath agent has a missing component

  1. Open an RDP session to the NetPath agent computer.
  2. From the Windows Control Panel, open Program and Features.
  3. Check if the following items are installed:

Check if the NetPath probe is running on VirtualBox with NAT enabled

  1. Open VirtualBox if the NetPath probe is running there.
  2. Click Settings > Network.
  3. Click the tab of the outgoing adapter, and check the value of the dropdown labeled Attached to.

    8-virtualbox.png

Check if the next node gateway has proxy or WAN optimizer enabled

  1. Do you have access to the default gateway configuration?
    • Yes: Check if the proxy or WAN optimizer is enabled.
    • No: Skip to the next step.
  2. Run a Trace Route from the NetPath probe to the endpoint, and count the number of response nodes. Check if there is more than one response node.

Check if the web proxy is enabled

  1. Open an RDP session to the NetPath probe computer.
  2. Run inetcpl.cpl from the Windows Start Menu.
  3. Click Connections > LAN settings.
  4. Check the following settings:
    • Automatically detect settings
    • Use automatic configuration script
    • Use a proxy server for your LAN

Check if WinPcap is installed properly

  1. From the Windows Control Panel, open Program and Features.
  2. Check if WinPcap is installed.
  3. Run cmd from the Windows Start Menu as administrator.
  4. Run sc query npf from the command prompt.
  5. Check if the results show that the NPF service exists and is in a Running state.

    9-npf-service.png

Check the NetPath ConnectionBasedProbing flag

  1. Open C:\ProgramData\Solarwinds\Orion\NetPath\NetPathAgent.cfg.
  2. Check if the EnableConnectionBasedProbing flag is true.

Check the NetPath graph for the same endpoint but non-web traffic

  1. Create a new service for the same endpoint on the same NetPath probe, but with the following settings:
    • Five-minute interval
    • A well-known non-web port, such as 25 or 53 (It is OK if those ports are not open on the endpoint)
  2. Wait 5 - 10 minutes, and then check the graph.
  3. Check if the graph contain external nodes, or if it has the same problem without any external nodes.

Check the distance from the endpoint to the NetPath agent

  1. Capture the NetPath probing response packet (TCP ACK).
    1. Find the IP address and port from the service that has issue.
    2. Find the IP address of the NetPath agent that probes the service.
    3. Download and install Wireshark.
    4. In Wireshark, use the following capture filter to capture response packets:

      tcp and src host endpoint_IP_address and src port endpoint_port

  2. Extract the TTL value from the response packet header.

    10-wireshark-3.png

  3. Find the minimal positive number N from N1 to N4 below.
    • N1 = 255 - TTL
    • N2 = 128 - TTL
    • N3 = 64 - TTL
    • N4 = 32 - TTL

    The minimal positive number is the estimated distance (in nodes) between the packet sender and the NetPath agent.

Check if the NetPath agent plug-in installed successfully

  1. From the Orion Web Console, click Settings > All Settings > Manage Agents.
  2. Select the NetPath remote agent, and click More Actions > View installed plug-ins report.
  3. Check if the NetPath plug-in is installed and has a green status.

Check if the NetPath remote agent installed successfully

  1. From the Orion Web Console, click Settings > All Settings > Manage Agents.
  2. Check the status of the NetPath remote agent.
  3. If the installation succeeded, that status reads "Agent is running, Connected." If not, the status reads "Installation in progress."

Test the HTTP port on the endpoint

  1. Identify the IP address from the endpoint with the issue.
  2. Add a new NetPath service using port 80 and that IP address.
  3. Wait two or more probing intervals to get the NetPath probing results.
  4. Check if the issue with intermittent endpoint connectivity exists here as well.

Test TCP connectivity

  1. Download and extract PSTools.zip from Microsoft.
  2. Identify the IP address from the endpoint with the issue.
  3. Run psping from the command prompt to test end-to-end latency and packet loss to the NetPath service.

    psping -t endpoint_ip_address:endpoint_port

  4. After receiving 20 results, press Ctrl+C to stop.
  5. Look at the packet loss in the results. Check if it reads "Access is Denied" or if the packet loss less than 5%.

 

Last modified

Tags

This page has no custom tags.

Classifications

Internal Use Only