Day 16. Network Troubleshooting and Tools

Objective 4.4: Given a scenario, troubleshoot wired and wireless networks with appropriate tools.

Table 16-1 Common Networking Symptoms

Figure 16-1 Typical Networking Tools

Crimper—A crimping tool is a device that joins two pieces of metal by pressing them together. The most commonly used crimping tool is used with networking and telephone cables. Most crimpers come with the ability to crimp either an RJ-45 Ethernet connector or an RJ-11 telephone connector on both ends of the cable.

Cable stripper—One of the most important aspects of making a cable is to strip the plastic sheathing off the end of the wire without putting a nick in the jacket covering the copper center, thus creating a short in the cable. Strippers are used to safely remove the sheathing without creating nicks. They can be used for coaxial, fiber-optic, and unshielded twisted pair.

Toner probe—Sometimes called a fox and hound, a tone generator is a two-part tool designed to connect to a cable at one end that generates a tone. The other end is a probe you can run along cabling racks or punchdown blocks until the tone is heard. This indicates the other end of the cable. This tool is used when technicians are unable to determine where a wire or cable terminates.

Cable tester—A cable tester is an electronic device used to verify the connections in a cable. It is also known as a continuity tester or cable certifier. It works by plugging an RJ-45 end into a port and then running a test on each wire to determine whether they are working properly and wired correctly.

Punchdown tool—A punchdown tool (also known as a punch down tool) is a small tool used by telecommunication and network technicians to terminate wire into connectors on a punchdown block. After adjusting wires to match a wiring scheme like T568A or B, the punchdown tool is used to force the wires into the slots. It is designed so that the blunt side of the blade pushes the wire into a slot and simultaneously the sharp side of the blade cuts excess wire off.

Multimeter—A testing device that can take measurements of the integrity of circuits and the quality of electricity in computer components. It primarily measures voltages, amps, and resistance (ohms). A small digital display will show measurement readouts. Multimeters are used to diagnose circuits, discover electronic designs, and even test batteries.

Loopback plug—A loopback plug simulates a short crossover network connection. It can help determine whether the network interface card is working properly by redirecting output back into the interface. This makes the network card believe that it is transmitting and receiving data.

Wi-Fi analyzer—(Not shown in graphic.) This is a mobile tool for auditing and troubleshooting wireless networks. It can be used to scan nearby wireless networks to see which channel is being used in order to avoid interference with other devices. It also can help improve performance by finding a less crowded channel. Some analyzers offer channel ratings, signal strength over a period of time, or a list of all access points in the area.

Notice that Figure 16-2 shows the command prompt being run at an elevated administrator level at the top.

Figure 16-2 Command Prompt as Administrator

By going to the command line (otherwise known as the command prompt), technicians can access many tools without worrying about the GUI interfering. Some tools are available only at the command-line level.

Figure 16-3 Pinging the Loopback Address Example

Next, ping another host on the local network to determine whether the local area network is up and running. If not, this could be an indication that a switch or another networking device is the problem. If those pings work properly, next, select the gateway address to determine whether it can be reached. If a message returns stating Request Timed Out or Destination host Unreachable, the connection is down.

Look for latency problems as well as connection problems when running ping by noting the approximate roundtrip times in milliseconds. Latency is the time it takes for sent packets to be received by the remote computer. Local networks should have latencies around 1 millisecond (ms).

These options for ping are important to know:

Ping -t—This will ping the host until the command is manually stopped by pressing Ctrl+C or by closing the command prompt. It’s known as a continuous ping.

Ping -n—This pings a host a specific number of times. Its syntax is ping -n 20 192.168.0.1.

Ping -a—Resolves an IP address to a hostname.

Ping -4—This forces the use of IPv4 instead of IPv6. This might be necessary on a host that runs both IPv4 and IPv6 when you want to send an IPv4 echo request to a remote host using IPv4.

Ping -6—This forces the use of IPv6 instead of IPv4. This might be necessary on a host that runs both. It is also used to send an IPv6 echo request to a remote host using IPv6.

For additional information on the ping, or any other command-line tool, you can key in the command-line tool at the prompt followed by the question mark option—for example, ping /?.

If there is missing information or incorrect information, using ipconfig /all will display it. Look for missing network adapters or a Media state disconnected statement. To check for incorrect gateway addresses, see whether the IPv4 network portion of the IP address matches the default gateway address. If you see a Class C address, expect to see a Class C subnet mask. This is true of any subnet mask unless classless routing is involved.

For DNS, a single or multiple DNS server addresses should be displayed. If the address is blank, there is a problem. The IP address for DNS does not necessarily have to match the IP address used for the machine. An incorrect or missing DHCP address will show an Automatic Private IP Addressing (APIPA) address starting with 169.254 for the main IPv4 address. Expect the DHCP address to match the network portion of the IPv4 address used on the machine. Figure 16-4 provides a screenshot of the information provided when using the ipconfig /all command with everything working as expected.

Figure 16-4 ipconfig /all Example

You also can use ipconfig with options to release and renew a DHCP IP address configuration. By running ipconfig /release, the computer gives up its current address configuration from the DHCP server. By running ipconfig /renew, the computer requests a new address configuration from the DHCP server. Another option, ipconfig /flushdns, can be used to erase DNS cached information. For more information about ipconfig, use the ipconfig /? command.

Figure 16-5 shows the results of running the ipconfig /release and ipconfig /renew commands.

Figure 16-5 ipconfig /release and renew

Here is an example of some tracert results:

Click here to view code image

Tracing route to 54.36.193.56] over a maximum of
30 hops:
1 <1 ms  <1 ms   <1 ms 10.100.140.254
2 <1 ms  <1 ms   <1 ms 172.21.240.250
3 <1 ms  <3 ms   <1 ms 134.187.253.128
4 1 ms   1 ms   1 ms toldb-r8-ge-4-0-1s644.core.oar.net [197.18.158.248]

Note: These additional lines were not shown in the above example:
5   *     *       *     Request timed out.
6 Trace complete.

Lines 1–4 show the ping responses measured in milliseconds. Lines 1–4 also represent a hop, or the next device in the communication path through a network. Note that at the end of the first four lines is the name of the router or its IP address. Row 5 shows what happens when the tracert command does not complete successfully, and row 6 shows what happens when it does complete successfully.

The traceroute command is used for Linux and Apple computers. It performs the same operation as the tracert command and uses the same syntax.

Figure 16-6 netstat Command

netstat can be used to print network connections, routing tables, and the interfaces. It also has options that can be used for finding problems in the network and determining the amount of traffic on a network.

netstat has the following helpful options, shown in Table 16-2, that can be used to troubleshoot.

Table 16-2 netstat Options

netstat provides the protocol, local address, remote (foreign) address, and connection state. It also provides the port information. The most common connection states are

CLOSED—The server has received a signal from the client and the connection is closed.

ESTABLISHED—The session is established and open.

LISTENING—The server is ready to accept a connection.

TIME_WAIT—Indicates that the client recognizes the connection as still active but not being used.

The -a and-A options are the most frequently used. The -a option is used when you know the machine name and want the IP address. The -A option is used when you know the IP address and want to know the machine name. The following are examples of both:

Nbtstat -a HH104-35
Nbtstat -A 192.168.115.201

net stop spooler

This command would stop the printing spooler from running.

The exam covers the net use command, which is used to display or create mapped network drives. To view a network drive, use net use. To create a mapped drive, the command syntax would be similar to the following:

Click here to view code image

net use x: \computernamesharename

where x represents the drive letter to be mapped, computername represents the remote host, and sharename is the share created on the remote host. For additional information, type net /? at the prompt. For more information on the net use command, type net use /?.

For example, to find out what the IP address is for Microsoft.com, you would run the command nslookup Microsoft.com. It will display the IP address. If you need the name of the domain and all you have is the IP address, nslookup can be used in the same manner. For example, the command nslookup 134.170.185.46 will display the domain name grp.microsoft.com.