Network Troubleshooting

Question 1

traceroute/tracert

Answer 1

used to trace the route from client to server, etc.

Question 2

netstat

Answer 2

shows all active connections
-n lists numerically
-b shows executable file
-o shows process id
-a shows all active ports
-r shows routing table

Question 3

Troubleshooting Methodology Step 1

Answer 3

Identify the Problem
1. Gather information
2. Question users
3. Identify symptoms
4. Determine if anything has changed
5. Duplicate problems if possible

Question 4

Troubleshooting Methodology Step 2

Answer 4

Establish a Theory of Probable Cause
1. Question the obvious
2. Consider multiple approaches (top to bottom/bottom to top/divide and conquer)

Question 5

Troubleshooting Methodology Step 3

Answer 5

Test the Theory to Determine the Cause
1. If theory is confirmed, determine next steps
2. If theory is not confirmed, reestablish new theory or escalate

Question 6

Troubleshooting Methodology Step 4

Answer 6

Establish a plan of action

Question 7

Troubleshooting Methodology Step 5

Answer 7

Impmlement the solution or escalate as necessary

Question 8

Troubleshooting Methodology Step 6

Answer 8

Verify full system functionality and if applicable, implement preventative measures

Question 9

Troubleshooting Methodology Step 7

Answer 9

Document findings, actions, outcomes, and lessons learned

Question 10

Speed/Bandwidth of cable

Answer 10

Theoretical maximum data rate (size of the pipe)

Question 11

Throughput

Answer 11

Amount of data transferred in a given timeframe (how much water is flowing through the pipe)

Question 12

Protocol Analyzer

Answer 12

Gathers frames on the network (or in the air)
Can view traffic patterns, identify unknown traffic, etc.

Question 13

iperf

Answer 13

used to measure speed and performance - requires server and client

Question 14

Port Scanners

Answer 14

Used to identify IP addresses and open ports (OS, services, et.c)

Question 15

NetFlow

Answer 15

Gathers traffic statistics from all traffic flows. Uses probes and collectors to create reports.

Question 16

TFTP Server

Answer 16

Good for firmware upgrades: your device is the server and the network device is the client.

Question 17

Terminal Emulator

Answer 17

SSH - used for encrypted remote access to command prompt.

Question 18

ping

Answer 18

tests reachability using ICMP

Question 19

ipconfig/ifconfig/ip

Answer 19

determines IP address, subnet mask, and default gateway
/all gives you more details

Question 20

nslookup / dig

Answer 20

used to look up canonical names, IP addresses, cache timers, etc. dig is more advanced

Question 21

arp

Answer 21

arp -a : view local arp table

Question 22

hostname

Answer 22

view the FQDN and IP address of a device

Question 23

route

Answer 23

View device’s routing table
route print
(netstat -r does the same thing)

Question 24

telnet

Answer 24

remote console access (unencrypted)

Question 25

tcpdump

Answer 25

Captures packets from the command line

Question 26

nmap

Answer 26

Network mapper
Finds devices and identify open ports
Can discover the OS as well

Question 27

show interface

Answer 27

views the interfaces on a device

Question 28

show config

Answer 28

views the device configuration

Question 29

show route

Answer 29

shows routing table

Question 30

RSSI

Answer 30

Received Signal Strength Indication (measured in dBm, closer to zero is better) the amount of signal received

Question 31

EIRP

Answer 31

Effective Isotropic Radiated Power - the radiated signal strength (the actual amount of power being produced)

Question 32

EIRP

Answer 32

Effective Isotropic Radiated Power - the radiated signal strength

Question 33

Antenna Polarization

Answer 33

its position relative to the ground

Question 34

AP association time

Question 35

Client Disassociation

Answer 35

A type of attack that drops clients from the network. Older 802.11 standards are vulnerable.