4.2 Given a scenario, analyze and interpret the output of troubleshooting tools - Paiet/Tech-Journal-for-Everything GitHub Wiki

4.2 Given a scenario, analyze and interpret the output of troubleshooting tools

• Command line tools 1
  • ipconfig
    • Most common troulbeshooting options:
      • ipconfig /release
      • ipconfig /renew
      • ipconfig /all
    • IP Configuration utility developed by Microsoft Available on all versions of MS operating systems
    • Displays current TCP/IP information such as...
      • Host IP address
      • DHCP
      • Static
      • Subnet mask
      • Default Gateway
      • DNS settings
        • Allows you to work with the local DNS client
          resolver cache which is a local repository
          of recently looked up DNS records for quick access
        • ipconfig /displaydns :Displays the contents of the resolver cache
        • ipconfig /flushdns :Removes all entries in the resolver cache
        • ipconfig /registerdns :Manually kick off an update of the host's IP address/hostname with its DNS server
      • Requires that the DNS server supports dynamic record updates
  • ifconfig
    • Much of the same information as ipconfig
      • Static/dynamic TCP/IP information
        • IP addresses
        • Subnet mask
        • Default Gateway
    • More capabilities
      • Doesn't just display IP info, but can set ip info
        • ifconfig eth0 192.168.0.2
        • ifconfig eth0 netmask 255.255.255.0
          • Combine commands...
            • ifconfig eth0 192.168.0.2 netmask 255.255.255.0
      • Able to enable/disable network interface adapter
      • Can disable ARP caching
      • Can put interface into PROMISCUOUS mode
    • Both ipconfig and ifconfig help you to track down networking issues
      • This is done by looking at the output of the respective command
        • Is there an IP address assigned?
        • Is the IP address correct for the IP scheme?
          • APIPA? (169.254.x.x)
        • Is the subnet mask correct?
        • Is the default gateway set correctly?
        • Is the DNS info set correctly?
  • netstat
    • Network tool that displays the status of network connections (NETwork STATistics)
      • TCP/UDP connections (incoming and outgoing)
      • Routing table info
      • Protocols
      • Local and remote addresses
    • This is helpful when troubleshooting
      • Network protocol ports
        • Is the correct port being used
      • Connection integrity
        • Is there a problem with the connection?
        • What are the TX/RX numbers?
          • 0 bytes sent/received would be a problem netstat -e -t 5
      • Look for problems with the NIC or network
        • High error count = NIC issue or high bandwidth utilization
      • Check for routing issues netstat -r
      • Also great for discovering rogue programs that are creating secret network connections netstat -o along with task manager details tab. or netstat -b (from administrative cmd)
    • ping/ping6/ping -6
      • ping6 (mac), ping -6 (forces IPv6), ping (IPv4)
      • Checks the connectivity through the network path of one host to another
      • ICMP ECHO/REPLY
      • ping itpro.tv
      • ping -6 2001:0:9d38:90d0:30d0:1f5e:f5ff:fdf0
  • tracert/tracert -6/traceroute6/traceroute -6
    • Displays the path or route that is taken from one host to another
      • Helps troubleshoot connection issues
    • Each router hop that is taken by the packet will be displayed to the screen
    • Seeing where the packets stop can help you discern where the problem device may be
    • tracert itpro.tv (Windows)
    • traceroute itpro.tv (Linux)
  • nbtstat - NetBIOS utility - not routable - options are case sensitive - Flat name resolution - superseded by DNS - must still pay attention due to options
    • nslookup

      • Name Server Lookup tool

      • Will lookup and return the different types of DNS records which match hostnames to IP addresses

        • A records
        • MX records

          • Helps determine whether or not DNS is working
              properly
            
            

      • Has 2 modes of operation

        • Interactive
        • Non-interactive
        • Server *server address*
          • Changes the default lookup server used
            • Allows you to test the alternate server
          • set debug
            • Returns more info about the lookup
          • set d2
            • Returns even more info about the lookup

nslookup www.itpro.tv (query A and PTR records)
nslookup www.itpro.tv 8.8.4.4 (query A and PTR from another dns server)
nslookup
set type=mx
itpro.tv

• arp arp -a - Address Resolution Protocol - Maps Layer 3 IP addresses to Layer 2 MAC addresses - Allows PC to use Layer 3 over a Layer 2 network - Both static and dynamic entries - Trouble with dynamic entries + ARP cache may have multiple entries for the same host causing conflicts + Incorrect entries

• MAC address lookup table - show mac-address table - Makes sure that the switch is actually seeing a host as connected to a port + Also good at checking for bad switch ports - Verifies that the host/port correlation is correct

• pathping: helps to find connection uses that may not show up using other latency tests.

  • pathping itpro.tv (This may take some time to run, may need to do before episode begins.)

• Line testers

• Certifiers

• Multimeter

  • Voltage (DC or AC)
  • Resistance (OHMs)
  • Current (Amps)

• Cable tester

• Light meter

  • Used for testing different wavelengths over fiber optic cable

• Toner probe

• Speed test sites

  • [Speedtest.net][1]
  • [Bandwidth Place.com][2]

• Looking glass sites

  • [cogentco.com][3]
  • Test: BGP, US-Washington,DC, www.itpro.tv

• WiFi analyzer

  • identify APs
  • display coverage
  • SSID
  • 802 spec

• Protocol analyzer

  • Wireshark [1]:http://www.speedtest.net/ [2]:http://www.bandwidthplace.com/