Network Service Troubleshooting

Question 1

Names not resolving

Answer 1

• Web browsing doesn’t work
  
  • The Internet is broken!
• Pinging the IP address works
  
  • There isn’t a communication problem
• Applications aren’t communicating
  
  • They often use names and not IP addresses

Question 2

Troubleshooting DNS issues

Answer 2

• Check your IP configuration
  
  • Is the DNS IP address correct?

• Use nslookup or dig to test - Does resolution work?

• Try a different DNS server - Google is 8.8.8.8 &
8.8.4.4

Question 3

IP configuration issues

Answer 3

• Communicate to local IP addresses
  
  • But not outside subnets
• No IP communication - Local or remote
  
  • Communicate to some IP addresses - But not others

Question 4

Troubleshooting IP configurations

Answer 4

• Check your documentation
  
  • IP address, subnet mask, gateway
• Monitor the traffic
  
  • Examine local broadcasts
  • Difficult to determine subnet mask
• Check devices around you
  
  • Confirm your subnet mask and gateway
• Traceroute and ping
  
  • The issue might be your infrastructure
  • Ping local IP, default gateway, and outside address

Question 5

Duplicate IP addresses

Answer 5

• Static address assignments - Must be very organized

• DHCP isn’t a panacea
  
  • Static IP addressing
  • Multiple DHCP servers overlap
  • Rogue DHCP servers
• Intermittent connectivity
  
  • Two addresses “fight” with each other

• Blocked by the OS - Checks when it starts

Question 6

Troubleshooting duplicate IP addresses

Answer 6

• Check your IP addressing - Did you misconfigure?
  
  • Ping an IP address before static addressing
  • Does it respond?
• Determine the IP addresses
  
  • Ping the IP address, check your ARP table
  • Find the MAC address in your switch MAC table
• Capture the DHCP process
  
  • What DHCP servers are responding?

Question 7

Duplicate MAC addresses

Answer 7

• Not a common occurrence
  
  • MAC addresses are designed to be unique
  • May be a man-in-the-middle attempt
• Mistakes can happen
  
  • Locally administered MAC addresses
  • Manufacturing error

• Intermittent connectivity
• Confirm with a packet capture, should see ARP
contention

• Use the ARP command from another computer
  
  • Confirm the MAC matches the IP

Question 8

Expired IP addresses

Answer 8

• A DHCP address should renew well before the lease
expires
• The DHCP server(s) could be down

• Client gives up the IP address at the end of the lease
  
  • APIPA address is assigned
  • Checks in occasionally for a DHCP server
• Look for an APIPA assigned address
  
  • 169.254..

• Check the status of your DHCP server

Question 9

Rogue DHCP server

Answer 9

• IP addresses assigned by a non-authorized server
  
  • There’s no inherent security in DHCP
• Client is assigned an invalid or duplicate address
  
  • Intermittent connectivity, no connectivity
• Disable rogue DHCP communication
  
  • Enable DHCP snooping on your switch
  • Authorized DHCP servers in Active Directory
• Disable the rogue
  
  • Renew the IP leases

Question 10

Untrusted SSL certificate

Answer 10

• Browsers trust signatures from certain CAs
  
  • A certificate was signed by a CA that’s not in our list
• Error message on the browser
  
  • Certificate Authority Invalid
• Check the certificate details
  
  • Look for the issuing CA
  • Compare to the CA list on your computer
• If it’s an internal server, it may be internally signed
  
  • Add your internal CA certificate to the list

Question 11

Incorrect time

Answer 11

• Some cryptography is very time sensitive
• Active Directory requires clocks set within
five minutes of each other

• Kerberos communication uses a time stamp
• If the ticket shown during authentication is too old,
it’s invalid

• Client can’t login
  
  • Check the timestamp of the client and the server
• Configure NTP on all devices
  
  • Automate the clock setting

Question 12

Exhausted DHCP scope

Answer 12

• Client received an APIPA address
  
  • Local subnet communication only
• Check the DHCP server
  
  • Add more IP addresses if possible
• IP address management (IPAM) may help
  
  • Monitor and report on IP address shortages
• Lower the lease time
  
  • Especially if there are a lot of transient users

Question 13

Blocked TCP/UDP ports

Answer 13

• Applications not working
  
  • Slowdowns with other applications
• Firewall or ACL configuration
  
  • Security choke points
• Confirm with a packet capture
  
  • No response to requests
• Run a TCP- or UDP-based traceroute tool
  
  • See how far your packet can go

Question 14

Incorrect host-based firewall setting

Answer 14

• Applications not working
• Based on the application in use and not necessarily
the protocol and port

• Check the host-based firewall settings
  
  • Accessibility may be limited to an administrator
  • Managed from a central console
• Take a packet capture
  
  • The traffic may never make it to the network
  • Dropped by the operating system

Question 15

Incorrect ACL setting

Answer 15

• Only certain IP addresses accessible
  
  • Or none
• Access Control Lists
  
  • IP address, port numbers, and other parameters
  • Can allow or deny traffic by filtering packets

• Confirm with packet captures and TCP/UDP
traceroutes
• Identify the point of no return

Question 16

Unresponsive service

Answer 16

• No response to an application request
  
  • No answer
• Do you have the right port number?
  
  • And protocol (TCP/UDP)?
• Confirm connectivity
  
  • Ping, traceroute
• Is the application still working?
  
  • Telnet to the port number and see if it responds

Question 17

Hardware failure

Answer 17

• No response
  
  • Application doesn’t respond
• Confirm connectivity
  
  • Without a ping, you’re not going to connect
• Run a traceroute
  
  • See if you’re being filtered
  • Should make it to the other side
• Check the server
  
  • Lights? Fire?