Network Troubleshooting 15 Flashcards
What is a troubleshooting model
A standardized step by step approach to the troubleshooting process.
Serves as a framework for correcting a problem on a network without introducing further problems or making unnecessary modifications to the network.
What is troubleshooting
The recognition, diagnosis, and resolution of problems. Begins with the identification of a problem and does not end until services have been restored and the problem no longer adversely affects users with a minimal interruption of service.
The seven step of the network + troubleshooting model
- Identify the problem
- Establish a theory of probable cause
- Test the theory to determine cause
- Establish a plan of action to resolve the problem and identify potential effects
- Implement the solution or escalate as necessary
- Verify full system functionally and implement preventative measure is applicable
- Document findings, actions and outcomes
List some things you include in a troubleshooting documentation template
A description of the initial trouble
A description of the conditions surrounding the problem
Whether or not you could reproduce the problem consistently
The exact issue you identified
The possible causes you isolated
The corrections you formulated
The results of implementing each correction you tried
The results of testing the solution
Any external sources used.
Troubleshooting with IP configuration utilities in TCP/IP network
a common first step is to verify the hosts IP addressing Information is correct.
Use ipconfig or ifconfig with Unix to determine if the host is configured for static or dynamic IP addressing and if it has a valid IP address
Use the utility to release and renew the address
Use The ping utility as an initial step in diagnosing general connectivity problems. These steps include
Ping the Loopback address 127.0.0.1 to test whether TCP/IP has initialized on an individual system
Ping a specific system to verify that it is running and is connected to the networking
Ping by IP address instead not host name to determine if it is a problem related to name resolution.
Localize the problem: ping the local Loopback address. Ping the systems own IP address. Ping the address of the default gateway. Ping the address of a remote host
When you ping a computer, it will respond with one of the following responses.
Normal response. The computer responds normally with requested data for different parameters
Destination unreachable. Target computer was identified but was not reachable by the default gateway
Unknown host. The target compute is unknown and unreachable
Destination does not respond. No response to the ping
Network or host unreachable. The routing table does not contain any entry for the network or the host.
Tracert utility
Use to determine where the communication fail of you cannot connect to a remote host
Issue this command from the local machine to see how far the trace gets before you receive an error message. Using the IP address of the last successful connection you know where to begin troubleshooting
Use traceroute command in Unix
The arp utility
Supports the ARP service of the TCP/IP protocol suite. It enables an administrator to view the ARP cache and add or delete cache entries. It is also used to locate a nodes hardware address. Any added entry becomes permanent until it is deleted or the machine is shut down
Can be used to help troubleshoot duplicate IP address problems and to diagnose why a workstation cannot connect to a specific host.
The arp -a command will return a tabular listing of all ARP entries in the nodes ARP cache
The arp options
Arp inet_addr used with other options to specify an Internet address
Arp eth_addr used with other options to specify a physical address
Arp if_addr used with other options to specify the Internet address of the interface whose arp table should be modified
Arp -a displays the current arp entries in the cache
Arp -a inet_addr specify a particular IP address
Arp -g displays the same info as -a option
Arp -N if_addr displays the ARP entries for the network interface specified by if_addr
Arp -d deletes a single host entry of followed by if_addr. Deletes all host entries if followed by *
Arp -s inet_addr eth_addr add a host
Arp used in conjunction with ping
Used to troubleshoot ore complex network problems.
Ping a host on the network and if no reply may be firewalls preventing the ping from returning accurate info
Use the arp command to find the host by the MAC address and bypass the IP address resolution.
The ARP cache is a table used
For maintaining the correlation between MAC address and its corresponding IP address. Is a finite size. Periodically flushed to free up memory
The NBTSTAT Utility
A window utility used to view and manage NETBIOS over TCP/IP status information.
Displays NetBIOS name tables for both the local computer and remote computers and also the name cache. The name tables enable you to verify the connection establishment.
The NBTSTAT options
NBTSTAT -a [remote name] displays the NetBIOS name table of the remote computer specified by the name
NBTSTAT -A [IP address] displays the NetBIOS name table of the remote computer specified by the IP address
NBTSTAT -c displays the NetBIOS name cache of the local computer
NBTSTAT -n lists the local NetBIOS name table along with the service code, type, and status
NBTSTAT -r lists NetBIOS names resolved by broadcast and via WINS
NBTSTAT -R purges the cache and reloads static entries from the LMHOSTS file
NBTSTAT -S lists NetBIOS connections and their state with destination IP addresses
NBTSTAT -s lists NetBIOS connections sun their stare converting destination IP addresses to computer NetBIOS names
NBTSTAT -RR sends name release packets to the WINS server and then starts refresh
The NETSTAT Utility
Shows the status of each active network connection
Will display statistics for both TCP and UDP
Because UDP is connectionless no connection information will be shown for UDP packets.
The several functions of the NETSTAT troubleshooting tool
Use to find out if TCP/IP based programs (SMTP or FTP) is listening on the expected port. If not the system needs to be restarted
Check the statistics to see if the connection is good.
Use statistics to check network adapter error counts
Used to display routing tables and check for network routing problems.
NETSTAT Command options
NETSTAT -a all connections and listening ports
NETSTAT -e ethernet statistics
NETSTAT -n addresses and port numbers in numerical form
NETSTAT -o process ID associated with each connection
NETSTAT -p [protocol] connections for the protocol specified. Value of protocol may be TCP, UDP, TCPv6 or UDPv6
NETSTAT -r routing table
NETSTAT -s statistics grouped by protocol - IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, UDPv6
NETSTAT [interval] refreshes statistics specified in the command. CTRL+C stops refreshing
NETSTAT will display several socket states
SYN_SEND connection is active and open
SYN_RECEIVED server received the synchronize flag set from the client
ESTABLISHED client received the servers SYN and the session is established
LISTEN server is ready to accept a connection
FIN_WAIT_1 connection is active but closed.
TIMED_WAIT client enters this state after FIN_WAIT_1
CLOSE_WAIT passive close. Server received FIN_WAIT_1
FIN_WAIT_2 client received an ack of its FIN_WAIT_1 for the server
LAST _ACK server in this state when it sends its own FIN
CLOSED server received an ACK from the client and the connection is closed
The Nslookup utility
Used to test and troubleshoot domain name servers
Has two modes: the interactive mode. Enable query names servers for info about hosts and domain or to print a list of hosts in a domain
The non-interactive mode. Prints only the name and requested details for one host or domain.
nslookup syntax
For interactive mode: nslookup
Or. Nslookup [- option] [computer to find | - [dns server ]
Non interactive mode. Nslookup [name or IP addres of computer to look up] [ name or IP address of DNS]
System and Network Integrates Polling Software SNIPS Is
A system and network monitoring software tool that runs on Unix systems.
Offers both command line and web interfaces to monitor network and system devices. The monitoring functions determine and report the status of services running in the network.
What tools should be included in a network technicians toolbox
Variety of screwdrivers and spare screws Long nose pliers Small diagonal cutting pliers Small adjustable wrench Variety of wrenches or nut drivers Small AA or AAA flashlight Anti static wrist strap with clip
What are wide crimpers
A tool that attaches media connectors to the ends of cables. Use it if you need to make your own network cables or trim the end of a cable.
Usually comes with a cable stripper allowing the user to strip wires of their protective coating and use the crimping tool to attach a media connector
What is a pinch down block
Used to connect one group of telephone and network wires with another group in utility or telecommunication closets. Typically support low bandwidth Ethernet and Token Ring networks
Name the two primary types of punch down
Blocks
66 block. Used in the telephone industry to terminate telecommunications. Supports low bandwidth telecommunications transmissions.
110 block. Punch down block or cable termination block used for structured wiring systems. Multi pair station cables are terminated, allowing cross connection to other punch down locations. Supports higher bandwidth and suitable for use in data applications
What are punch down tools
Used in a wiring closet to connect cable wires directly to a patch panel. Strips the insulation from the end of the wire and embeds the wire into the connection at the back of the panel.
What is a circuit tester
An electrical instrument used for testing whether or not current is passing through the circuit.
What is a multimeter
An electronic measuring instrument that takes electrical measurements such as voltage, current, and resistance. Can be analog or digital.
Four categories
I low current levels
II interior residential
III distribution panels, motors, and appliance outlets
IV high current applications
What is a voltmeter
Measures voltage and resistance between two points in a circuit. Come in analog and digital.
Digital volt meter DVM provides scales for reading voltages in AC and DC and different resistances.
Can be used to test resistances between cable endpoints or voltages inside a low power system. Not for high power equipment
What is a voltage event recorder
VER Used in conjunction with a voltmeter to test and verify the electrical signals transmitting through the network cables are within the requires specifications. Help diagnose electrical faults or Intermittent problems regarding low or high voltage
What is a cable tester
Or media tester
Is an electrical instrument that verifies if a signal is transmitted by a cable. Will determine whether a cable has an end to end connection and can detect shorts or opens but cannot certify the cable for transmission quality
What is a cable certifiers
A type of certifier that allows you to perform tests. Can detect shorts, crosstalk on a cables test the cable those and whether a cable is straight through or crossover and check if the NIC is functioning and at what speed: half or duplex.
What are crossover cables
A special network cable used in Ethernet UTP installations which enable devices to be connected without using a hub or switch. The transmit and receive lines are crossed to make them work like a Loopback, a function that the switch does.
In troubleshooting, crossover cables connects two stations’ network adapters directly without a switch so communications can be tested between them.
A T1 crossover cable is used to
Connect two T1 CSU/DSU devices by using T568B pairs
What is a straight though cable
A RJ 45 cable used for network connectivity
Crossover cable vs straight cable wiring
In regular Ethernet UTP patch cable Pins 1 and 2 transmit and Pins 3 and 6 receive.
In straight wired pin 1 is wired to pin 1 etc
In cross over pin 1 and 2 connect to pin 3 and 6 and vv
What is a hardware Loopback plug
a special connector used for diagnosing transmission problems. It plugs into a port and crosses over the transmit and receive lines. Commonly used to test ethernet NICs
The plug directly connects Pin 1 to Pin 3 and Pin 2 to Pin 6
For T1 testing connects Pin 1 to Pin 4 and Pin 2 to Pin 5
