Network Troubleshooting Study Guide for the CompTIA Network+

Page 1

Being able to troubleshoot effectively is a primary skill in network operations management, and a little over one-fifth of the questions on the CompTIA Network+ exam deal with troubleshooting concepts. About 80% of these questions begin with a scenario, so you’ll need to be able to apply what you know about all the available tools and commands.

Network Troubleshooting Methodology

The Comptia Network+ exam identifies seven distinct steps that can be used to troubleshoot networking issues and problems. You will need to be able to identify and explain the basic concepts and methods used for each step in the correct order.

1. Identify the Problem

When faced with a networking problem, the first step is to identify the problem. To do this, you will need to gather information and use that information to narrow the scope of the potential causes of the problem.

Gather Information

When troubleshooting a network, a technician needs to ask the right questions of others and of themselves to gather as much information as possible on the source of the problem. Information can be gathered from various sources, including end users, logs, and error messages.

Question Users

Questioning users is an integral component of the information-gathering process. When questioning users, the goal is to elicit as much helpful information as possible by guiding the user through what has occurred and asking the user to attempt some simple tasks, such as pinging a server or accessing a website via the Internet Protocol (IP) address rather than the domain name. It is also important to determine if the problem is isolated to a single user or multiple users.

Identify Symptoms

When networking problems are reported, they can be generalized in nature, such as an inability to connect to the internet. As a network technician, you need to be able to identify the actual symptoms or indicators of the problem by extracting information from the user and the device. For instance, you can ask what other strange behavior was noticed before the problem occurred and whether any error messages were displayed.

Determine If Anything Has Changed

Another method of identifying the problem is to determine if anything has changed prior to the current problem. There could be recent changes in the system, such as updates or the installation of new applications. Also, look for changes to the environment (was this device the only one affected?) and changes in the problem itself (has the problem always occurred in the same way?). This will help you understand the root of the problem.

Duplicate the Problem

Another useful method to use in identifying the problem is to attempt to duplicate the problem if possible. If the problem can be duplicated, each step in the duplication process should be detailed, which can be used to identify the triggering or contributing cause of the problem.

Approach Multiple Problems Individually

When faced with multiple problems on a device, it is important to approach each problem as a separate and individual issue rather than as a whole. By drilling down into each individual problem, you may be able to identify a root cause that could be contributing to the other problems on the device.

2. Establish a Theory of Probable Cause

The second step in the troubleshooting methodology is to establish a theory of probable cause. This is your hypothesis for what is likely causing the problem. Multiple sources can be used to establish your theory, including other network technicians, vendor documentation, and online resources.

Question the Obvious

When establishing a theory, always be sure to question the obvious, both physical and logical. Obvious physical causes may include a faulty wire or connection or a device that is not powered on or plugged in. Obvious logical causes can include port, routing, and IP configuration problems, incorrect interfaces, firewall and access control list (ACL) problems, and certificate or licensing issues.

Consider Multiple Approaches

Multiple approaches can and should be considered to establish a theory of probable cause. In the networking environment, there are three standard approaches based on the Open Systems Interconnection (OSI) model that are commonly used.


The top-to-bottom and bottom-to-top approaches use the layers of the OSI model to methodically work through a problem to establish a probable cause. The top-to-bottom approach begins at the application layer, or Layer 7, and works down through the OSI layers to identify the lowest layer at which the problem occurs. The bottom-to-top approach begins at the physical layer, or Layer 1, and works up through the OSI layers to identify the first layer at which the problem occurs.


The divide-and-conquer approach also uses the layers of the OSI model to identify the probable location of the problem, but it is not limited to beginning at the top or bottom of the OSI layers. A layer is chosen and tested for proper functionality. Based on the results at the chosen beginning layer, the layer above or below is then evaluated for problems, and so forth, until the likely layer is identified.

3. Test the Theory to Determine the Cause

Once a theory is established, the third step is to test the theory to determine if it is indeed the cause of the problem. The test will either confirm the theory or allow you to rule it out as a potential cause of the problem.

Action If Theory Is Confirmed

If the theory is confirmed, move to the fourth step, and determine which steps should be taken next to resolve the problem in the most effective manner. When determining next steps, the potential effects of the fix should also be evaluated and considered.

Action If Theory Is Not Confirmed

If the theory is found to be incorrect, the theory should be dismissed and another theory should be established and tested. If all theories have been exhausted, it may be wise to escalate the problem to a more senior network technician or to the system manager.

4. Establish a Plan of Action

The fourth step in the network troubleshooting methodology is to establish a plan of action to resolve the problem once the cause has been verified. Once a plan of action has been devised, test the plan if possible to ensure the plan is effective and to identify any potential effects the plan may have on the device or network.

5. Implement a Solution

When the plan of action has been established and tested, with the potential effects identified, it is time to implement the solution if possible. Remember, a networking environment is highly complex, and a network technician should be aware of their own limitations and escalate as necessary.

6. Verify Full System Functionality

Once a solution has been implemented, the next step is to verify full system functionality. A solution may have unintended consequences on the system and may create more problems than the original problem. Once the system is fully functional, try to implement preventative measures to prevent a recurrence of the same problem.

7. Document the Findings

The seventh and final step of the network troubleshooting methodology is to document all findings. Documentation can include as much information as you feel is relevant, but it should at least include these details:

  • a description of the problem and the conditions around it

  • the device details, including the operating system (OS) and software versions, device model or type, and network interface information

  • if and how the problem was reproduced

  • the theories and solutions tested

  • the solution that was successfully used

  • lessons learned from the experience, including how the problem can be avoided in the future


All Study Guides for the CompTIA Network+ are now available as downloadable PDFs