Messer - 5. Network Troubleshooting & Tools Flashcards
What are the seven steps of network troubleshooting?
- Identify problem
- Establish theory
- Test theory
- Plan solution
- Implement solution
- Verify results
- Document everything
[Identify. Then two related to theory. Then two related to solution. Then two related to results]
Explain what is involved in the following step of the network troubleshooting methodology:
- Identify problem
• Gather information
-Determine scope (i.e. area affected)
(e.g. single station? floor? entire network?)
-Check docs (e.g. install & maintenance logs)
-Vendor knowledge bases
• Question users (open and closed questions)
• Identify symptoms
-Maybe make physical inspection
• Duplicate problem, if possible
• Determine if anything has changed
-Did it ever work?
-What changed since last working?
• Approach multiple problems individually.
Explain what is involved in the following step of the network troubleshooting methodology:
- Establish theory
• Question the obvious
• Step through what should happen
-And identify where it breaks down
-Prove functionality of each component in sequence
• Consider multiple approaches
• OSI model:
-Start at bottom
-Start at top
-Start at most likely layer (aka divide and conquer)Explain what is involved in the following step of the network troubleshooting methodology:
- Test theory
- Once theory is confirmed, determine next steps to resolve problem.
- If theory is not confirmed, re-establish new theory
- Or escalate as necessary by referring problem to senior technician, manager, or third party if:
- Problem is beyond your knowledge or ability
- Problem falls under warranty
- Scope of problem is very large
- Solution requires major reconfiguration
- Customer becomes difficult or abusive
Explain what is involved in the following step of the network troubleshooting methodology:
- Plan solution
Typically three solutions to any problem:
* Repair - You need to determine whether cost and time of repair makes this the best option * Replace - Often more expensive and may be time-consuming depending on availability. May be opportunity to upgrade * Ignore - If problem isn't critical and/or repairing / replacing aren't cost-effective, might be best just to find a workaround
Always consider potential effects on rest of the system. e.g. If you need to apply a software patch, might cause other programs not to work properly. Helpful to have an effective configuration management system. May need to seek authorization for plan.
Explain what is involved in the following step of the network troubleshooting methodology:
Implement solution
If you are simply reverting to a known good configuration before something was changed, you might be able to implement solution directly. But if fix requires changes to system / network, you may have to follow a change management plan. And again, may need authorization. If making a series of changes, be sure to document everything along the way!
Explain what is involved in the following step of the network troubleshooting methodology:
- Verify results
Verify full system functionality, and if applicable, implement preventive measures.
Before closing a ticket, make sure you’re satisfied that the problem (and system as a whole) are now working properly. AND get customer’s acceptance that issue is solved and ticket can be closed.
Think about ways you can prevent problem from happening again.
Explain what is involved in the following step of the network troubleshooting methodology:
- Document everything
Document findings, actions, and outcomes.
In ticket system, write complete description of the problem, its solution, including findings, actions, and outcomes.
Describe the purpose of crimpers.
A tool used to attach connectors to the ends of cables. For instance, you use one type of wire crimper to attach RJ-45 connectors on unshielded twisted-pair (UTP) cable. You use a different type of wire crimper to attach British Naval Connectors/Bayonet Neill-Concelman (BNCs) to coaxial cabling.
A crimper sometimes includes a wire stripper, as well. If it doesn’t, you need one..
Describe the purpose of a cable tester.
A tool for determining whether a cable is crimped properly. It’s a very basic tool for testing continuity. Can identify missing pins or crossed wires. NOT used for frequency testing (e.g. crosstalk, signal loss, etc.)
Should have two parts to allow it to plug into each
end of the cable, and it should have light indicators that light up as it tests for connectivity from one end of the cable to another on each wire.
The tester should have a light for each wire in the cable. It will light up an indicator for each wire, one after the other—you will need to watch the lights light up at both ends and make sure that the order is the same on both parts of the tester. If the order is different, you have an incorrectly positioned wire and you will need to recrimp an end.
What is a cable certifier?
A type of cable tester that will report the same info as a normal cable tester, but will also report on info such as speed and duplex settings.
What is a butt set?
aka lineman’s handset
A cable tester for telephone lines.
Describe the purpose of a TDR / OTDR.
aka. Time Domain Reflectometer / Optical Time Domain Reflectometer
A tool used to troubleshoot problems with a cable by sending a signal, where it is reflected back at some point. The TDR then calculates the distance down the cable that the signal traveled before being reflected. If this distance is less than your overall cable length, a problem exists at that distance from your location. Great for detecting shorts and breaks.
Can give a lot of information:
- cable length
- splice locations
- cable type (impedance info)
- signal loss
Helpful for certifying a new cable installation.
TDR sends electrical signals for copper cabling. OTDR sends light for fiber optics and is extremely expensive.
Describe the purpose of a light meter.
aka. optical power meter or power meter
A tool for measuring the amount of light loss in fiber-optic cables. Sends a light (e.g. laser, LED) from one side, and then measures it on the other.
Messer says it’s the fiber-optic equivalent of using a cable tester to check for continuity in copper cabling.
Describe the purpose of a tone generator.
aka fox and hound
A device used to determine the two ends of a specific cable within a large bulk of cables. In short, it’s a wire tracer. Includes two components: the tone generator itself, and an inductive toner probe that listens for the tone on the other end. Often has modular jacks, coax connections, punch down connectors, etc that can fit onto most cables.
Describe the purpose of a loopback adapter.
aka loopback plug
A tool for testing the physical ports / interfaces on a system (e.g. ethernet and WAN) without having to connect an external device. Very simply, it returns a transmitted signal back to the interface that transmitted it. If the sent signal is different than received signal, you know something is wrong.
[Do NOT confuse with cross-over cables, which connect like devices to each other]
Describe the purpose of a punchdown tool.
A tool used to attach twisted-pair network cable to connectors within a patch panel. Specifically, they connect twisted-pair wires to the insulation displacement connector (IDC). You “punch” a wire into a wiring block (e.g. 66 or 110 block), locking that wire into place.
Describe the purpose of a multimeter.
A device used to measure AC or DC voltage, or when troubleshooting cabling issues, it can measure resistance (in ohms). A normal cable without any problems should measure a resistance of 0 ohms, but if the cable is broken or has faults in the wiring, it will measure higher resistance.
Messer says it can also check for continuity between ends of a cable, fuse status, wire mapping, etc.
[So not just an electrician’s tool for checking whether there’s power. According to Emmett Dulaney ebook, network multimeters can do a lot of things, including ping and test response times on key networking equipment, verify faults on network cabling, locate and identify cable]
[Most popular pronunciation is “multi-meter,” not “mull-tim-eter”]
Describe the purpose of a spectrum analyzer.
A device typically used to monitor and troubleshoot signals with wireless technologies, such as wireless networks. Can display noise levels with the signal, as well as frequency information and signal strength. Can help determine whether there’s conflicts or interference (e.g. another wireless access point or device.)
[Not to be confused with software called WiFi analyzer]
What is a packet sniffer / protocol analyzer?
The two terms are often used interchangeably as both are used to capture communication streams so you can analyze the traffic and determine the cause of a problem. But technically there’s a difference. While a packet sniffer simply captures traffic, a protocol analyzer reads and decodes it, specifically on the protocol level.
Very helpful for solving complex application issues, identifying unknown or suspicious traffic, verifying security controls, identifying protocol patterns and problems, etc.
Ex of protocol analyzer: WireShark
[Note: Can be hardware or software, although objectives have it under software tool]
Describe the purpose of a port scanner.
A software-based security utility designed to search a network host for open ports on a TCP/IP-based network. (As a refresher, in a TCP/IP-based network, a system can be accessed through one of 65,535 available port numbers. Each network service is associated with a particular port.)
Many of the thousands of ports are closed by default; however, many others, depending on the OS, are open by default. These are the ports that can cause trouble. It is critical that administrators know which ports are open and potentially vulnerable. The quickest way to get an overview of the ports used by the system and their status is to issue the netstat -a command from the command line.
[One reason hackers love port scanners: If you know what ports are open, you know what services are likely running]
Ex: NMap, Zenmap, SuperScan, Angry IP Scanner
Describe the purpose of a WiFi analyzer.
aka wireless analyzer
A software utility that provides power measurements of SSIDs and encryption being used on each, along with channels SSI is using and MAC address of the WAP announcing the SSID. [Zacker book says this info is useful because it shows the overall RF airspace as a device will see it. Not exatly sure what he means]
Often, this functionality is incorporated into spectrum
analyzers. However, Wi-Fi analyzers can be used independently and are often free because of the basic functionality they provide. Spectrum analyzers will allow you to see NON-Wi-Fi devices utilizing the RF
airspace as well as interfering with electronics such as microwave ovens and wireless phones.
[IMO, Messer did a bad job on this one. And some surprisingly thorough authors don’t appear to cover it.]
Describe the purpose of a bandwidth speed tester.
A software utility (often a website) that communicates with dedicated Internet servers to determine your download and upload speed. Often by transferring a file and measuring throughput. These sites are not all the same (e.g. different number of servers, bandwidth, testing methodologies). But especially helpful if used for pre- and post-change analysis.
Common sites: SpeedOf.Me, speedtest.net, testmy.net, ISP sites.
Their inherent problem is they report the speed at which the server can communicate to you, which may not be the total speed of your connection. That said, useful to validate if there is a problem with your Internet connectivity.
A more precise method of measuring bandwidth speed is the use of an open source tool called iPerf, which requires a server to be set up to listen for an incoming request from the iPerf client. Many ISPs have an internal iPerf server so that you can test your WAN speed. When the iPerf tool is used, it saturates the entire line to report actual bandwidth speeds. It is also
a useful tool for determining how well a firewall can perform under a high-bandwidth load as part of a stress test.
What is ping?
Command line utility that verifies hostname, host IP address, and physical connectivity to a remote device.
Each ping makes four attempts, returns time of response (in ms). How many packets lost, if any. You also see TTL (time to live). Based on TTL, you can get a sense if multiple hops.
Uses ICMP.
Messer says one of the most commonly used tools in troubleshooting a network. First and last thing you use. (Used last to verify a fix.)
What is tracert / traceroute?
Tracert - Windows
Traceroute - Linux
Command line utility that traces and reports on the route to a remote device. Maps the entire path between our device and the remote one.
Takes advantage of ICMP Time to Live Exceeded Error message. Time in TTL refers to hops, not seconds or minutes. TTL=1 is first router, TTL=2 is second, etc. Not all devices reply with ICMP Time Exceeded messages. Not all routers send that message. And some firewalls filter. ICMP is low-priority for many devices.
Different flavors of traceroute. Not all the same. Some OSes allow you to specify protocol used (e.g. Linux, Unix, Mac). They use UDP by default, whereas Windows uses ICMP.
[Tracert doesn’t work correctly on my system due to how Verizon FiOS handles ICMP. Would need to download an alternate tool that uses UDP]
What is nslookup?
Command line utility that is used to lookup DNS info (e.g. canonical names, IP address, cache timers, etc.) given a particular name or IP address. (If you enter a domain name, it will give you IP address. And sometimes vice versa.) Looks like you can get other types of DNS data, as well. Like mail servers.
Cross-platform: Works on Windows, Mac, and LInux
Deprecated. Use dig instead.
[When I look up my rdb subdomain, I can see the IPv6 address I’ve added, as well as the IPv4]
What is dig?
Command line utility that is used to query DNS. Dig will give you much the same information as nslookup, but is updated tool and gives you more advanced domain info.
Not native to Windows. You have to download.
What is ipconfig / ifconfig?
ipconfig = Windows. ifconfig = Mac / Linux
(“if” is for “interface”)
Command line utility that displays current IP configuration information.
Without any switches, you can see IP address, subnet mask, and default gateway (router) for all network interfaces to which TCP/IP is bound. [meaning?]
Use /all switch to display complete TCP/IP config parameters for each interface to which TCP/IP is bound.
You can tell whether your IP address was granted via DHCP or APIPA. You can force DHCP to renew leased IP address, and also release it.
Commands:
ipconfig /all
ipconfig /release
ipconfig /renew
[Not entirely clear to me how to read what this returns. Like what applies to router and what applies to this device]
What is iptables?
Command line utility that is a very powerful firewall feature found in Linux. Gets its name from tables
of rules that control what traffic is allowed to enter or leave the system or to be forwarded on to another system.
The three main tables used with IPTables are:
- Input - This table controls what traffic is allowed to pass through the network card into the Linux system.
- Output - This table controls what traffic is allowed to pass through the network card out of the Linux system.
- Forward - This table is used if you want to forward a packet from the Linux system on to another system.
Messer says it’s a stateful firewall that filters in the kernel of the Linux OS. Some Linux distros prefer firewalld or other firewalls over iptables.
What is netstat?
Command line utility that displays statistics for current TCP/IP connections. And basically what services you’re currently using (e.g. https)
Cross-platform: Windows, Unix, Linux, etc.
switches:
- a - shows all active connections (on individual machine)
- b - shows binaries that created connection (Windows)
- n - Do not resolve names
- f - Shows fully qualified domain names. This makes it a little more interesting.
[Not really clear what I’m looking at. Runs for a while. Shows protocol (e.g. TCP or UDP), Local address (and port), Foreign address (sometimes IP, sometimes not), and the state (e.g. listening, established).]
What is tcpdump?
tl;dr - Command line packet sniffer [Not protocol analyzer, if following strict definition]
Command line utility that is used to capture packets and print the contents. Can read packets from a network interface card or from a previously created saved packet file and write packets to either standard output or a file.
Output saved in standard pcap file format, which can be easily read in protocol analyzers like WireShark. [Although not entirely clear why you wouldn’t just use WireShark in the first place.]
You can apply filters, view traffic in realtime to quickly identify traffic patterns. Can be overwhelming amount of data. Takes a bit of time to parse and filter.
Available on Linux/Unix/Mac. On Windows, there’s WinDump.
What is pathping?
Command line utility that combines Ping with Tracert functionality. Pathping is different from Tracert in the sense that it reports statistic information at the end of the ping, summarizing information such as percent packet loss so that you can identify the hop that is causing problems along the pathway of communication.
Messer says: First phase runs a traceroute, building map/path between you and another device. Second phase is the ping, measuring round trip time and packet loss at each hop.
[Again, Verizon appears to be breaking this for me]
