Objective 5 Comptia Network+
ipconfig
- windows TCP/IP config /all - display all IP config details /release - realese the DHCP lease /renew - renew the DHCP lease /flushdns - flush DNS resolver cache ifconfig - linux ipconfig ip address - linux latest utility
netstat
-a show all active connections -b - show binaries -m - do not resolve names
Troubleshoot Methodology
1. Identify the problem 2. establish a theory of probable cause 3. test the theory to determine cause 4. establish a plan of action 5. Implement solution or escalate 6. verify the full system functionality 7. document the findings, actions and out comes.
Wired network Technologies
Attenuation - amount of gradual signal decrease Decibels(dB) - signal strength measurements, and is on a logarithmic scale (3dB = 2x signal 10 db = 10x signal, 20db = 100 x signal, etc.) dB loss symptoms - no connectivity, intermittent connectivity(enough signla to sync the link), poor performance(signal too weak), and test each connection(their distance and signal loss) Avoiding EMI and interference - for emi you shouldn't pull or stretch cables, watch cable bend radius, and dont use staples, for EMI and Interference with copper cables you should avoid power cords, fluorescent lights, electrical systems and fire prevention components, and test after installation to find most problems before use. Troubleshooting pin-outs - test cables before implementation, get cable mapping device, and get a good cable person.
Hardware tools
Cable crimper - pinch the connector onto the wire, metal prongs push through insulation, and is the final step of a cable installation. Punch-down tool - Forces wire into a wiring block, trims the wires and breaks the insulation Tone generator - puts amn analog sound on the wire and inductive prove doesn't need to touch the copper Loopback plug - Useful for testing physical ports, serial, ethernet, t1, and fiber, and these aren'r cross over cables. TDR/OTDR - Estimate fiber lengths, measure attenuation, and determine light reflection, create wire maps, and may require additional training.
Site surveys
Determine existing wireless landscape, identify existing APs, work around existing frequencies(layout and plan for interference), plan fr ongoing site surveys, and heat maps to identify wireless signal strengths
General network troubleshooting
Device configuration review - view the config in the native desktop or web based console or ssh/terminal console, and try getting the config ahead of tim. Routing tables - directions for routers to get to a destination, helpful in knowing the way data will flow and refers to every router Interface status - know the details of the important interfaces(on the console), verify the physical connectivity (and such), and most problems are fixed here but you should check for errors and mismatches VLAN assignment - Network link is active and Ip is assigned with no access to resources or limited functionality, every switch interface is configured as an AP or trunk port(access ports assigned to VLAN), confirm the specific switch interface(VLAN assignment),
Managing channel utilization
Disable legacy, low speed support, check your channels(avoid overlapping APs), adjust the output power, and split the network
Common network issues 2
Duplicate MAC addrs - Not common it may be an on-path attack, mistakes can happen when locally administered MAC addrs are given, Intermittent connectivity(Check with a packet capture and see ARP connection), and use the ARP command from another computer to confirm the MAC matches the ip. Duplicate IP addrs. - Static address assignments need to be very organized, DHCP isn't a solution to everything, Intermittent connectivity is when 2 addresses fight with each other, and can be blocked by the OS so check when it starts. Troubleshooting duplicate IP addresses - check you ip addressing, ping an IP addrs before static addressing, determine the ip addrs, and capture the DHCP process(what DHCP servers are responding) Multicast flooding - switches forward multicast traffic, since there no destination for it they go to every port causing a flood, and every device receives the multicast traffic
Common Network issues
Half duplex ethernet - 2 devices communicating simultaneously is a collision, these are normal for half duplex Collisions - Most ethernet configurations are full duplex, so collisions happen from interface config issues(duplex mismatch) and hardware issues which could indicate a bad NIC or driver. Broadcast storms - Some processes use broadcasts to communicate. Broadcast domain is a single VLAN and domains are separated by routers, and large numbers of broadcasts can impact performance Troubleshooting broadcast storms - packet capture(identify the source), research the process thats broadcasting, and separate the network into smaller broadcast domains.
Common network issues 3
IGMP snooping - hosts and routers use IGMP to direct multicast transmissions, and switches can watch for these IGMP messages to forward the multicasts to those specific devices(enable IGMP snooping ) Asymmetric routes - traffic follows one path on egress and a different path on ingress, firewalls may drop sessions(as an unexpected traffic flow dropped by default), and traceroute can help identify potential asymmetric routes. Switching loops - switches communicate by MAC addrs, broadcasts and multicasts both send to all, and nothing at the MAC addrs level can identify loops(IP has TTL) Routing loops- Router A thinks the next hop is to Router B and Router B thinks the next hop is the Router A which repeats until the TTL. This is easy to misconfigure(especially with static routing), and traceroute will tell the story, you should check the routing tables in each L3 device, and modify the routing table as needed
common network issues 6
Incorrect firewall setting -apps not working, check the host-based firewall settings access may be limited by an admin and managed from a central console, confirm the network based firewall config by checking the policy list and logs, and take a packet capture. Incorrect VLAN configs - check VLAN assignments on the switch, confirm the data and voice VLAN assignments, and validate the physical interface with the VLAN number DNS issues - Web browsing doesn't work, ping works, browser doesn't, and apps aren't communicating Troubleshooting DNS issues - Check you IP configuration, Use nslookup or dig test and try a diff DNS server.
Wired network technologies 2
Incorrect pin-out - Near and far pins in cables aren't where they're supposed to be. This can cause performance or connectivity issues. Bad ports - interface errors can indicate bad cable or hardware problem. You should verify the configurations(VLAN, speed, duplex ect.) and two traffic. Interface configuration problems - Poor throughput, no connectivity with link and activity light or without the link light. Interface configuration - can be auto or manual(personal preference), light status: no light no connection, speed must be identical on both sides, and duplex(If mismatched bad speed and increase in late collisions) Duplex/Speed mismatch - Speed and duplex: the options for each are as so, Speed: 10/100/1000/ auto and Duplex: half/full/auto, Incorrect speed can happen when switches auto set speeds for both ends unevenly, and the same happens for Duplex.
Common network issues 4
Missing route - a route to the destination network doesn't exist, ICMP host unreachable message will be sent to the source address, and check your routes in both directions Rogue DHCP server - IP addrs assigned by a non-authorized server, client is assigned an invalid or duplicate addrs(Intermittent or no connectivity), disable rogue DHCP communication by enabling DHCP snooping on your switch, and authorized DHCP servers in the AD, and disable the rogue(renew IP leases). Exhausted DHCP scope - client received an APIPA addrs(Local subnet comms only), check the DHCP server and add more IP's if possible, IPAM can help monitor and report on ip shortages, and lower the lease time especially if there are a lot of transient users. IP configuration issues - communicate to local IPs but not outside of the subnet, no ip comms (local or remote), and communicate to some IPs but not others.
Hardware tools 2
Multimeter - AC/DC voltages, and continuity, and wire mapping Cable tester - continuity testing(simple wire map), identifies missing pins and crossed wires, and not used for advanced testing. Taps and port mirrors - intercept network traffic, physical active. or passive taps, and port mirror from a switch. Light meter - send light from one side and measure the power on the other Spectrum analyzer - view the frequency spectrum and identify frequency conflicts Fusion splicer - join 2 fiber ends together, add connectors, and repair fiber using heat.
Common network issues 7
NTP issues - Some cryptography is very time sensitive(AD requires clocks with 5min intervals between), Kerberos comms uses a time stamp if the ticket shown during authentication is too old, its invalid, client can't login (check timestamp of the client and server), and configure NTP on all devices to automate the clock settings. BYOD - Difficult to secure, so use an MDM(Mobile device manager). Licensed featured issues - features often individually licensed, some features may not be available because they dont have licenses, and this can cause problems during an upgrade or config update Network performance issues - Theres never just one performance metric, I/O bus, CPU speed, storage access speed, network throughput, etc. and you must monitor all of them to f ind the slowest one.
Software tools 2
Netflow - gather traffic statistics, standard collection method, and probes and collectors TFTP server - File transfers, firmware upgrades, and your device is the TFTP server. Terminal emulator - SSH, encrypted comms, and support across many OSes
Wireless troubleshooting 2
Omnidirectional antennas - most common, signal evenly distributed, good choice for most environments, can't focus signal Directional antennas - Focus the signal(more distance), send and receive in a single direction, performance measured in dB(double power every 3dB of gain), yagi antenna is very directional and high gain, parabolic antenna can focus the signal to a single point and these are often used to bridge a gap(p2p networks) Antenna config - polarization is the orientation of an. antenna and relative to the surface of the earth, transmitting and receiving polarization should be the same. AP association time - devices must associate with an AP, signal strength for association is usually delayed or blocked because of the low signal, with a wired network controller latency and firmware issue can affect association , ad track association metrics by gathering from the management console or via SNMP
Common wireless issues
Overlapping channels - avoid interference from other AP(using wireless analyzer) Attenuation - wireless signals get weaker as you move farther from the antenna, control the power output on the AP, Use a receive antenna with a higher gain, and some power is lost in the antenna cable coax Wrong SSID - every AP has at least one, confirm the correct SSID settings Wrong passphrase - wireless authentication, required to. connect to the wireless network, (if not connected, check the authentication), shared passphrase(common in SOHO), and use 802.1x
Wired networking technologies 3
Reversing transmit and receive - wiring mistakes can be easily found with a wire map device to fix them and some network interfaces auto corrects them(Auto - MDIX) TX/RX reversal troubleshooting - when you have no connectivity you might want to try auto-mdix, and locate the reversal location Dirty Optical cables - Light needs to be seen(fiber connectors need to be clean), dirty connectors inhibit or stop comms, and clean thoroughly before using.
Common wireless issues 2
Security type mismatch - encryption on wireless is important(make sure the client matches the AP), some legacy equipment may not be able to keep up if you change the AP you may not be able to support it Incorrect antenna placement - interference caused by overlapping channels, slow throughput, and check access point location and channel settings captive portal - authentication to a network, access table recognizes a lack of authentication and requires a usrn/pwd, and authentication last only for certain intervals. Client disassociation - a DoS takes advantage of older 802.11 management frame transmission, device keeps dropping from the wireless network, frames can be clearly seen in a packet capture(do this by wireshark), and remove the device performing the disassociation
Cable connectivity 2(with TIA B cross over 1000bt and YOST rollover)
Serial console cables - D-sub(subminiature) commonly used for RS-232, serial comms standard(built for modem comms) and is now used as a config port Rollover cable - a cisco console cable(yost), a standard for RJ-45 to serial comms, and used in conjunction with serial port connectors. Ethernet cross over cable - connect to ethernet devuces without using a switch, can be a good alt to a console connection, and always carry crossover cable(or adapter with crossover) PoE - power provided on an ethernet cable(useful in difficult to power areas), power provided at the switch, with power modes A(power on data pairs ), B(power on the spare pair), and 4-pair(Power on all 4 data pairs) PoE:802.3af-2003 15.4watts and 350mA, PoE+: 802.3at-2009 25.5 watts and 600mA, PoE++: 51W(type 3) and 600mA 71.3W(type 4) and 960mA
Ping
Tests reachability <ip> - test reachability to a TRCP/IP addrs. -t <ip> - ping until stopped with ctrl C -a <Ip addrs> - resolve address to hostname -n <count> <Ip> - send # of echo request -f <ip> - send with don' fragment flag set
Common network issues 5
Troubleshooting IP configs -check your documentation(ip, mask, gateway, and dns), monitor the traffic, check devices around you(confirm mask and gateway), and traceroute and ping, the issue could be the infrastructure so ping the local ip, default gateway, and outside addrs. Lowe optical link budget - attenuation - is a challenge over long distances or dirty connectors. and always check with a light meter equipment docs will specify the amount of light. Certificate issues - security alerts and invalid certificates, and look at the cert details as the time may have expired, wrong domain name, not properly signed and correct time and date is important Hardware failure - no response, confirm connectivity without a ping, you're not going to connect, run a traceroute and see if you're being filtered, and check the servers
Network performance baseline
Troubleshooting starts with a blank slate, intermittent or all day issues require you to check utilization, individual device performance, etc. Some orgs already collect this data in the SIEM or management console, and look for patterns and correlation(baseline might not give the most important info)
Software tools
Wireless packet analysis - view wireless info and signal-to-noise ratio, channel info, etc. Protocol analyzer - capture and display network traffic, and use a physical tap or redirect on the switch. Sped test sites - Bandwidth testing, pre and post change analysis, and not all sites are the same. IP and port scanners - scan for open ports and IP addrs, visually map the network, and rogue system detection. iPerf - Performance monitoring, speed testing, and run tests across different OS's.
arp
adress resolution protocol -a view the local ARP table
tcpdump
captures packets from the cmd, apply filters, and view real time
traceroute
determine the route a packet takes to a destination. Takes advantage of ICMP TTLE error message and not all devices respond with ICMP Time exceeded messages traceroute <ip>
Nmap
finds network devices, port scan can find devices and open ports, OS scan discovers OS without logging in the device
Telnet
login to devices remotely and useful for checking a port or app <ip> <port#>
nslookup and dig
lookup info from DNS servers nslookup<Ip> dig<Ip>
Basic platform commands
show interface - view detailed info of an interface on a device show config - device configs show route - routing table
Wireless troubleshooting
signals 1 - RSSI is the strength of a received radio signal measured in dBm which is the # of dB with reference to one milliwatt(MW) and shown as a negative number on a log scale(smaller the dBm the better) wireless survey tools - signal coverage, potential interference, built-in tools, 3rd-party tools, and spectrum analyzer Wireless signals 2 - EIRP is the radiated signal strength calculated by transmit strength + antenna gain - cable loss. for 2.4Ghz the max EIRP is +36dBm or 4W. EIRP is sometimes configurable on APs and owner is responsible for managing EIRP
Cable connectivity
throughput - amount of data transferred in a given timeframe U ,S, and F cable - S = braided shielding, U - unshielded, and F = foil shielding, this is shown as (overall cable)/ (individual pairs) TP EX: S/FTP or F/UTP Plenum - space like the building air circulation hold plenum and if a fire happens smoke and toxic fumes could be sent throughout the building plenum-rated cables - Traditional PVC, Fire rated FEP or low-smoke PVC, and plenum rate cables may not be as flexible and may not have the same bend radius.
host name
view FQDN and ip of device on all OS hostname is the command
route
view devices routing table windows - route print linux and mac - netstat -r