Network Troubleshooting Study Guide for the CompTIA Network+
Page 3
Network Software Tools and Commands
Effective troubleshooting in the networking environment requires the use of numerous specialized software tools and command-line tools that assist in identifying, locating, and resolving problems that are impacting the network.
Software Tools
Network software tools are programs or applications that can be used for network testing, troubleshooting, and optimization. Software tools are able to interact with the network at the logical level to provide valuable information about how data flows through the network.
Wi-Fi Analyzer
A Wi-Fi analyzer is a software tool that captures wireless signals and provides information on a wireless network. It commonly includes data on signal strength, noise, interference, and the service set identifiers (SSIDs) on the network. A Wi-Fi analyzer may be a standalone device or built into wireless access points (APs) or client software.
Protocol Analyzer/Packet Capture
A protocol analyzer, also known as a sniffer or network monitor, is a hardware or software tool that captures raw packets as they traverse a network. Protocol analyzers may be built into the OS, such as Packet Monitor (Pktmon) on Windows, or as a separate system, such as Wireshark. The protocol analyzer provides an extensive amount of data on captured packets and can be used to analyze the data for ports or protocols, congestion, and abnormal activity.
Retrieved from: https://en.wikipedia.org/wiki/File:Wireshark_packets.png License: http://creativecommons.org/licenses/by-sa/3.0/
Bandwidth Speed Tester
A bandwidth speed tester, also known as a throughput tester, is most commonly a software program that measures and classifies traffic passing through a network. This identifies the network speed and which traffic types are using the highest amount of bandwidth. The bandwidth speed tester can also be used to create the baseline against which other readings will be compared.
Port Scanner
A port scanner is a software tool that identifies the status of Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports, either open, closed, or filtered, on a target device or network. A port scan probes all ports on a single device, while a port sweep is used across multiple network devices to identify a specific TCP or UDP port.
iPerf
IPerf is an open-source bandwidth speed testing tool that measures throughput between a server and a client. IPerf is compatible with multiple platforms and can provide customized bandwidth reports based on set parameters. It is commonly used to create bandwidth baselines.
NetFlow Analyzers
NetFlow is a tool that manages traffic on an interface, with three key components. The flow exporter component captures and exports traffic, the flow collector stores it, and the flow analyzer analyzes it. NetFlow collects numerous data points, including source and destination addresses, quality of service (QoS) data, and application data, which can be analyzed and compiled into reports, charts, and graphs for network visibility. While NetFlow is Cisco proprietary, other tools provide similar functionality, such as Internet Protocol Flow Information Export (IPFIX) and sFlow.
Trivial File Transfer Protocol (TFTP) Server
A TFTP server is an application that stores and transfers TFTP files between devices that are not directly connected. A TFTP server is created on a host device, such as a laptop. A TFTP file is downloaded onto the server from one device and is then uploaded to another device using the file stored on the server on the host device. A TFTP server is designed to be simplistic and only supports transmit and receive functions.
Terminal Emulator
A terminal emulator is software that provides remote access to the command-line interface (CLI) of a device, allowing the remote user to execute CLI commands on the connected device. PuTTY is a commonly used open-source terminal emulator that supports Telnet, Secure Shell (SSH), and serial interfaces.
IP Scanner
An IP scanner is a software tool that identifies active IP addresses on a network or networking device. An IP scanner can be used to scan for open ports and running applications on active IP addresses as well as to create a network map.
Command-Line Tools
The command line, also known as the command-line interface (CLI) or command-line prompt, is an interface on operating systems that provides a direct method of interacting with the OS without the use of a graphical user interface (GUI). While different OSs may use differing command terminology and syntax, there are command utilities or tools that are common between all OSs that perform the same or very similar functions.
To open any command-line tool, you simply type the command into the interface and press the Enter key. Each command also has additional parameters (also known as flags) that can narrow the scope.
For the CompTIA Network+ exam, you will need to be able to apply the correct command for a scenario as well as understand the information that results from the command.
ping
Ping
is a basic TCP/IP utility that tests the connectivity status of a host using the TCP/IP protocol. The ping
command is a basic utility available and automatically included on most operating systems. The basic syntax used with the ping
command is ping [hostname]
or ping [IP address]
, inserting the respective hostname or IP address as needed.
ipconfig
/ifconfig
/ip
The ipconfig
command on Windows and the ifconfig
command on Linux/Unix/Mac is a utility that provides the current TCP/IP configuration of a tested device and includes the IPv4 and IPv6 address, the subnet mask, the default gateway, and DNS configuration for all IP connections, either Ethernet or wireless local area network (WLAN), as applicable.
Additional information can be obtained by using the ipconfig /all
parameter.
The ifconfig
command on Linux/Unix/Mac and the ip
command on newer Linux versions are similar to the ipconfig
command, with the added ability to configure a protocol or interface.
nslookup
/dig
Nslookup is a utility on Windows and most Unix and Linux versions that finds the IP address associated with a domain name. The dig command utility is available on Linux/Unix and performs the same function as nslookup. Once in the utility, a specific domain name can be queried.
traceroute
/tracert
The tracert
command on Windows and the traceroute
command on Linux/Unix/Mac track the path a data packet takes to reach its destination, including all routers with their associated IP addresses and DNS names. These utilities use Internet Control Message Protocol (ICMP) error messages and time-to-live (TTL) packets to test the path and identify each hop and how long it takes at each hop. This can be used to identify potential bottlenecks or failures in a path. The syntax is:
tracert [hostname]
or tracert [IP address]
traceroute [hostname]
or traceroute [IP address]
arp
The arp
command opens the Address Resolution Protocol (ARP) cache, sometimes known as the media access control (MAC) address lookup table, that is stored on the OS. The ARP cache can then be viewed and configured. The arp utility displays the IP address, the physical or MAC address, and the type of address assignment (static or dynamic). Using flags, additional information can also be displayed through the arp utility.
netstat
The netstat utility is an open-source networking tool used to view all TCP/IP connections and packet statistics on a device and identify both incoming and outgoing connections. The netstat
command provides the protocol being used, the local address, the foreign address, and the state of the connection.
Additional information can be retrieved by adding additional parameters to the netstat
command. To view the available parameters, use netstat /?
.
hostname
The hostname
command launches a basic utility that is available on most operating systems that provides the name of the device using the utility.
route
The route command utility is used to view and make changes to the routing table on the OS. The route
command can be used in conjunction with additional commands to view the current routing table, add routes, change or modify routes, and delete routes.
To view the route utility parameters, use route /?
.
telnet
The telnet utility was originally designed to create remote connections between a Unix workstation and a Unix server. The modern use of the telnet utility, available as an open-source utility for most operating systems, is for troubleshooting and testing TCP connections and ports. The telnet utility is not typically included in newer operating systems due to its highly insecure nature.
tcpdump
The tcpdump utility is a Linux/Unix/Mac utility that reads captured packets, either through live capture (real-time captures) or by using previously captured and saved files. The tcpdump
command can be used to capture traffic on all interfaces, a specific interface, or by the IP address of the source or destination. The Windows version of tcpdump is WinDump.
nmap
Nmap is a widely used open-source port scanning tool, available as both a command-line tool and a GUI-based tool. It scans, collects, and analyzes packets traversing through network ports. The nmap
command is used to discern if a port is open or blocked by a firewall or if a host is live. Nmap can also create a logical map of a network.
Basic Network Platform Commands
Basic network platform commands are common commands, similar to those used in operating systems, which are mostly universal across the platforms used in the network environment, such as routers, switches, and firewalls.
show interface
The show interface
command is used to view information pertaining to the interface of the queried device. This command can be used as a troubleshooting tool for connectivity and port issues, as it details information such as the status, IP address, speed, and flow of data on the device.
show config
The show config
command shows the startup configuration of a device as well as any changes from the default settings. The show running-config
command is used to detail the running configuration of the queried device.
show route
The show route
command is used to view and manage the IP routing table on the device. The show route
command can be used for troubleshooting connectivity issues as well as to create new and custom routes for applications or services.
All Study Guides for the CompTIA Network+ are now available as downloadable PDFs