N10-009 Network Troubleshooting Study Guide for the CompTIA Network+

Tools and Protocols

Effective troubleshooting in the networking environment requires the use of numerous specialized software tools and command-line tools that assist in identifying, locating, and resolving problems that are impacting the network. Given a scenario, you must be able to identify and use the appropriate tool or protocol to resolve network issues.

Software Tools

Network software tools are programs or applications used for network testing, troubleshooting, and optimization. Software tools can interact with the network at the logical level to provide valuable information about how data flows through the network.

Protocol Analyzer

A protocol analyzer, also known as a sniffer or network monitor, is a hardware or software tool that captures raw packets as they traverse a network. Protocol analyzers may be built into the OS, such as Packet Monitor (Pktmon) on Windows, or as a separate system, such as Wireshark. The protocol analyzer provides an extensive amount of data on captured packets and can be used to analyze the data for ports or protocols, congestion, and abnormal activity.

Retrieved from: https://en.wikipedia.org/wiki/File:Wireshark_packets.png

Command Line

The command line, also known as the command-line interface (CLI) or command-line prompt, is an interface on operating systems that provides a direct method of interacting with the OS without the use of a graphical user interface (GUI). While different OSs may use differing command terminology and syntax, there are command utilities or tools that are common between all OSs that perform the same or very similar functions.

To open any command-line tool, you simply type the command into the interface and press the Enter key. Each command also has additional parameters (also known as flags) that can narrow the scope.

For the Network+ N10-009 exam, you will need to be able to apply the correct command for a scenario as well as understand the information that results from the command.

ping—Ping is a basic TCP/IP utility, automatically included on most OSs, that tests the connectivity status of a host using the TCP/IP protocol. The basic syntax used with the ping command is ping [hostname] or ping [IP address], inserting the respective hostname or IP address as appropriate.

traceroute/tracert —The tracert command on Windows and the traceroute command on Linux/Unix/Mac track the path a data packet takes to reach its destination, including all routers with their associated IP addresses and domain name system (DNS) names. These utilities use Internet Control Message Protocol (ICMP) error messages and time-to-live (TTL) packets to test the path and identify each hop and how long it takes at each hop. This can be used to identify potential bottlenecks or failures in a path. The syntax is tracert [hostname] or tracert [IP address], as well as traceroute [hostname] or traceroute [IP address].

nslookup—Nslookup is a utility on Windows and most Unix and Linux versions that finds the IP address associated with a domain name. Once in the utility, a specific domain name can be queried.

dig—The dig utility is available on Linux/Unix and performs the same function as nslookup.

tcpdump—The tcpdump command launches a Linux/Unix/Mac utility that reads captured packets, either through live capture (real-time captures) or by using previously captured and saved files. The tcpdump command can be used to capture traffic on all interfaces, a specific interface, or by the IP address of the source or destination. The Windows version of tcpdump is WinDump.

netstat—The netstat utility is an open-source networking tool used to view all active Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) connections, protocol and interface statistics, routing tables, and listening ports on a device. It is also used to identify both incoming and outgoing connections. The netstat command provides information such as the protocol being used, the local address, the foreign address, and the state of the connection.

Additional information can be retrieved by adding additional parameters to the netstat command. To view the available parameters, use netstat /?.

ipconfig/ifconfig/ip—The ipconfig command on Windows and the ifconfig command on Linux/Unix/Mac is a utility that provides the current TCP/IP configuration of a tested device. It also includes the IPv4 and IPv6 address, the subnet mask, the default gateway, and the DNS configuration for all IP connections, either Ethernet or wireless local area network (WLAN), as applicable.

Additional information can be obtained by using the ipconfig /all parameter.

The ifconfig command on Linux/Unix/Mac and the ip command on newer Linux versions are similar to the ipconfig command, with the added ability to configure a protocol or interface.

arp—The arp command, when used in conjunction with a flag, opens the Address Resolution Protocol (ARP) cache, sometimes known as the media access control (MAC) address lookup table, that is stored on the OS. The ARP cache can then be viewed and configured. The arp -a utility displays the IP address, the physical or MAC address, and the type of address assignment (static or dynamic).

Nmap—Nmap is a widely used open-source port scanning tool, available as both a command-line tool and a GUI-based tool. It scans, collects, and analyzes packets traversing through network ports. The nmap command is used to discern if a port is open or blocked by a firewall or if a host is live. Nmap can also create a logical map of a network.

Link Layer Discovery Protocol (LLDP)/Cisco Discovery Protocol (CDP)

The CDP is a Cisco proprietary protocol used at the data link layer (Layer 2) to advertise to and discover other Cisco devices on the network and related information, such as the IP address, version, and capabilities. The LLDP is a non-proprietary version of CDP that provides similar functionality as CDP but is not vendor specific.

Speed Tester

A bandwidth speed tester, also known as a throughput tester, is most commonly a software program that measures and classifies traffic passing through a network. This identifies the network speed and which traffic types are using the highest amount of bandwidth. The bandwidth speed tester can also be used to create the baseline against which other readings will be compared.

Hardware Tools

In the networking environment, there are numerous hardware tools that are used to install and troubleshoot networking devices and cabling. A network technician should be able to identify and use common tools in the appropriate situations.

Tone Generator

A tone generator, also known as a tone generator and probe or simply a wire tracer, is a device that is used to identify the path of a copper wire. The tone generator portion of the tool is attached to a cable, either through a jack or directly to the wire with an alligator clip, and sends a signal through the cable. The probe is then touched to another portion of the cable, either directly onto the wire end or through the sheath. If it emits a tone, that indicates the signal is running through the touched cable.

Retrieved from: https://en.m.wikipedia.org/wiki/File:FLUKE_networks_IntelliTone_Pro_200.JPG

Cable Tester

A cable tester is a hardware device that provides information on how a connected wire or cable is performing. Cable testers are available for both copper and fiber-optic wires and, depending on the specific device, can provide information such as grounding status, configuration (straight-through or crossover), connectivity status, and performance.

Retrieved from: https://commons.wikimedia.org/wiki/File:Cable-tester-and-analyzer-0c.jpg

Taps

A tap is typically a dumb hardware device designed to test networks by inserting testing equipment, such as a network traffic analyzer, into the flow of traffic between two devices. Taps are only used for monitoring by receiving data and cannot insert frames into the data stream.

Retrieved from: https://commons.wikimedia.org/wiki/File:Fiber_optic_tap.png

Wi-Fi Analyzer

A Wi-Fi analyzer is a software tool that captures wireless signals and provides information on a wireless network. It commonly includes data on signal strength, noise, interference, and the SSIDs on the network. A Wi-Fi analyzer may be a standalone device or built into wireless APs or client software.

Visual Fault Locator (VFL)

A VFL is a device used to identify faults in optical cables by sending a visible light through the cable, allowing the technician to visually see breaks and faults in the fiber optic.

Basic Networking Device Commands

Basic network platform commands are common commands, similar to those used in operating systems, which are mostly universal across the platforms used in the network environment, such as routers, switches, and firewalls. These are important commands to know:

• show mac-address-table—The show mac address-table command is used to view information pertaining to the MAC address table stored on the device, including the VLAN, MAC address, type, and associated port.

• show route—The show route command is used to view and manage the IP routing table on the device. This command can be used for troubleshooting connectivity issues as well as to create new and custom routes for applications or services.

• show interface—The show interface command is used to view information pertaining to the interface of the queried device. This command can be used as a troubleshooting tool for connectivity and port issues, as it details information such as the status, IP address, speed, and flow of data on the device.

• show config—The show config command shows the startup configuration of a device as well as any changes from the default settings. The show running-config command is used to detail the running configuration of the queried device.

• show arp—The show arp command is used to view information pertaining to ARP entries, including the IP address, associated MAC address, and type.

• show vlan—The show vlan command is used to display information pertaining to VLANs currently running on a switch, including the VLAN name, status, and associated ports.

• show power—The show power command is used to display information pertaining to the current power status of a network device, including operating status, voltage, and health.