5.5 Given a scenario, use the appropriate tool or protocol to solve networking issues.

Question 1

What is a protocol analyzer?

Answer 1

• Solves complex application issues
• Gathers frames on the network (or in the air)
• Sometimes this is built into the device.
• Allows you the agility to view traffic patterns.

Question 2

ping

Answer 2

• Tells you if a device on the network is reachable using ICMP.
• Internet Control Message Protocol
  – a set of rules that network devices use to communicate error messages and operational information. It is a key part of a network’s error reporting and testing process.

Question 3

traceroute/tracert

Answer 3

• Determine the route a packet takes to a destination, mapping the entire path between you and that secondary device.
• Uses a different aspect of ICMP TTL exceeded error message (hops)
• TTL=1 is for the first router, TTL=2 is the second router, etc.
• Not all devices will reply with ICMP TTL exceeded error messages.

Question 4

nslookup / dig

Answer 4

• Allows you to look-up information from DNS servers (canonical names, IP addresses, cache timers, etc.)
• nslookup has been deprecated (instead you should be using the dig command that provides more advanced information for you).

Question 5

tcpdump

Answer 5

• this tool captures packets from the command line without needing to download a separate application.
• Available for more Linux/Unix OSs (WinDump for Windows)
• pcap format is how the data is save to be used in other applications.

Question 6

netstat

Answer 6

• Network Statistics
• Who we are communicating with over the network and who might be communicating with us.
  (-a) = show all active connections
  (-b) = show binaries (windows)
  (-n) = do not resolve names (IP addresses ONLY)

Question 7

ip/ifconfig/ipconfig

Answer 7

• This tool helps determine TCP/IP and network adapter information along with some additional details.
  1. (ipconfig) - Windows TCP/IP configuration
  2. (ifconfig) - Linux interface configuration
  3. (ip address) - the latest Linux utility

Question 8

arp

Answer 8

• Determines the MAC address based on an IP address
• (-a) allows you to view your local ARP table.

Question 9

Nmap

Answer 9

• Network Mapper
• Find and learn more about network devices (visual representation of the network).
• Port scans, operating system scan, service scans
• This is an active scanning tool.

Question 10

LLDP

Answer 10

• Link Layer Discovery Protocol
• This can help you identify the port number, MAC Addresses, VLAN IDs, etc.
• Vendor neutral and not specific to any one device.

Question 11

CDP

Answer 11

• Cisco Discovery Protocol
• This can help you identify the port number, MAC Addresses, VLAN IDs, etc.
• Specific to Cisco devices.

Question 12

Toner

Answer 12

• Puts analog sound on the wire using an inductive probe, meaning it doesn’t need to touch the copper
• You can hear the tone through a small speaker.

Question 13

Cable Tester

Answer 13

• This tests continuity of the cable.
• Can identify missing pins or crossed wires.

Question 14

Taps / Port Mirrors

Answer 14

• It allows you to intercept traffic and send a copy to a packet capture device.
• Physical Taps: placed in the middle and can be passive or active.
• Port Mirror: non-physical tap located in the actual switch device; limited functionality but can be used in a pinch.

Question 15

Wi-Fi Analyzer

Answer 15

• This will help you with signal coverage or potential interference.
• Hardware based analyzer is more specialized and will allow you to view all of the 802.11 information in the air.

Question 16

Visual Fault Locator

Answer 16

• A flashlight for optical fiber
• Light will show through the fiber jacket where fiver is broken (may need to turn out the lights to see).

Question 17

Basic Networking device commands

Answer 17

1. show mac-address-table
2. show route
3. show interface
4. show config
5. show arp
6. show vlan
7. show power

Question 18

“Show mac-address-table” command

Answer 18

• All switches maintain a MAC address table
• show command lists these out and there are many options available for showing information.

Question 19

“Show ip route” command

Answer 19

• Routers maintain a list of next hops
• View the current routing table
• Dynamic routes can change and static routes must be manually configured.
• You will use this list to find errors (or) use the table to manually determine the next hop

Question 20

“Show interfaces” command

Answer 20

• This command will show you the status of an interface (up/down, connected, disabled, speed, duplex, etc.)
• View configuration information (speed, MTU, encapsulation type, etc)
• Identify Errors (CRC errors, drops, input/output errors)

Question 21

“Show config” command

Answer 21

• View the device settings (configurations)
• Displays the currently running configuration (or config settings that are stored on that device).
• Bit of a learning curve to for the syntax of the information.

Question 22

“Show arp” command

Answer 22

• This command allows you to view the ARP protocol information/cache.
• Useful when troubleshooting connectivity (Do we see the MAC address associated with the IP address?)

Question 23

“Show vlan” command

Answer 23

• This command allows you to view the VLANs associated with the switch interfaces
• Allows you to view default VLAN ID and assigned VLAN ID numbers
• This will be usefully for needing to confirm the assignment for each interface.

Question 24

“Show power” command

Answer 24

• This will allow you to display power-related information (power supply status, Power over Ethernet usage).
• Monitor power usage (available, used, and remaining power)
• Manage PoE devices (plan for future PoE devices)