Combo with "Chapter 21: Network Troubleshooting" and 4 others

Troubleshooting process

1. Identify the problem 2. Establish a theory of probable cause 3. Test the theory to determine the cause 4. Establish a plan of action to resolve the problem and identify potential effects 5. Implement the solution or escalate if necessary 6. Verify full system functionality, and if applicable, implement preventative measures 7. Document findings, actions, and outcomes.

pathping command

A Microsoft only utility that combines functions of ping and tracert with some additional functions.

fault tolerance

A network administrator must build in a level of _________________ _________ in order to recover quickly from a server or network problem.

Port scanners

A program that probes the ports on another system, logging the state of the scanned ports. Used to look for unintentionally opened ports that might make a system vulnerable to attack. Most popular (and free) port scanner is Nmap, Windows users also use Angry IP Scanner.

HomePlug (IEEE 1901)

AKA HomePlug HD-PLC. Provides high speed home networking through a building's existing power infrastructure. Also called: Ethernet over power (EoP) Broadband over power lines (BPL) Ethernet over power line

Switching loops

AKA bridging loop. When you connect and configure multiple switches together in such a way that causes a circular path to appear. Switching loops are rare because all switches use the Spanning Tree Protocol (STP), but they do happen. Symptoms: Identical to a broadcast storm such as every computer on the broadcast domain can longer access the network. Switching loops rarely take place on a well-running network.

arp command

Address Resolution Protocol that is used to resolve IP addresses to MAC addresses. When a computer learns various MAC addresses on its LAN, it jots them down in the ARP table. Enables you to view and change the ARP table on a computer. Example using the command: arp -a (will display the ARP table)

Telnet

Allows you to communicate remotely with another computer on the network, entering commands on the local computer that control the remote computer.

ROUTE

Allows you to control network routing tables manually.

Broken cables

Broken cables don't mean intermittent problems, and they don't slow data down. They make permanent disconnects. Broken cable could be defined as: 1. Having an open circuit -where one or more of the wires in a cable simply don't connect from one end of the cable to the other, lacking continuity. 2. Cable has a short -where one or more of the wires in a cable connect to another wire in the cable. 3 Wire map problem -where one or more wires don't connect to the correct location on the other side. 4. Cable might experience crosstalk -where the signal from one wire bleeds into another wire. 5. Cable might pick up noise -caused by faulty hardware or a poorly crimped jacks. 6. Cable might have an impedance mismatch -when cables of different types--gauge, composition of metal, etc-- connect and the flow of elecrons is not uniform, that creates an echo.

traceroute with IPv6

By default is IPv4, but can use a switch to use IPv6. Windows: tracert -6 UNIX/Linux: traceroute6 traceroute -6 (some variations of Linux)

How to deal with broken cables

Cable testers can tell you if you have a continuity problem or if a wire map isn't correct. TDRs (time domain reflectometers) and OTDRs (optical time domain reflectometers) can tell you where the break is on the cable. TDRs work with copper cables and OTDRs work with fiber optics.

Hardware tools include:

Cable testers, TDRs, OTDRs, certifiers, voltage event recorders, protocol analyzers, cable strippers, multimeters, tone probes/generators, line testers, butt sets, and punchdown tools.

arping command

Can be used when 'ping' doesn't work since it uses ARP frames instead of ICMP. BUT, since it uses frames and not packets, arping doesn't cross routers; can only be used in a broadcast domain. Not supported in Windows, but can be used in UNIX/Linux systems.

Server misconfigurations

Can block all or some access to resources on a LAN. Misconfigured DHCP settings on a host above can cause problems, but limited to the host. If these settings are misconfigured on the DHCP server, many more machines and people can be affected. A misconfigured DNS server might direct hosts to incorrect sites or no sites at all. Misconfigured DNS settings on a client will stop name resolution altogether and cause the network to appear to be down for the user. If you can ping a file server by IP address but not by name, this points to DNS issues.

Company security policy

Can set throttling policies that can define the maximum amount of bandwidth per day a department could use. Then add a blocking policy, so that if anyone goes over that limit, the company will block all traffic of that type for a certain amount of time. Then update the company's fair access policy, or utilization limits security policies to reflect these new limits.

latency

Computers. the time required to locate the first bit or character in a storage location, expressed as access time minus word time.

/setclassid Adapter [ ClassID ]

Configures the DHCP class ID for a specified adapter. To set the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. If a DHCP class ID is not specified, the current class ID is removed.

IEEE 1905.1

Creates a hybrid networking standard with the goal of flexibly integrating a few types of wired and wireless networking technologies, including WIFI, Ethernet, MoCA, and the powerline standard defined by IEEE 1905, allowing a network to span all four technologies. AKA IEEE 1905.1-2013 (ratified in 2013)

NBTSTAT

Displays NetBIOS over TCP/IP statistics, NetBIOS name tables, and the NetBIOS name cache. You can use this utility with switches to remove or correct NetBIOS name cache entries.

NETSTAT

Displays a list of a computer's active incoming and outgoing connections.

/?

Displays help at the command prompt.

/showclassid Adapter

Displays the DHCP class ID for a specified adapter. To see the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of Adapter. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically.

/displaydns

Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. The DNS Client service uses this information to resolve frequently queried names quickly, before querying its configured DNS servers.

/all

Displays the full TCP/IP configuration for all adapters. Without this parameter, ipconfig displays only the IP address, subnet mask, and default gateway values for each adapter. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.

IPCONFIG

Displays the host's IP address and other configuration information.

Throughput testers

Enable you to measure the data flow in a network, such as several speed test sites online.

Adding VLANs

Example: Bill divides a switch of 24 ports into 4 VLANs of 6 ports each, but mistakenly put 7 ports on VLAN 1 and 5 ports for VLAN 2 when setting it up. Cable placement error is when a cable meant for one port is incorrectly plugged into a different port with different access.

Escalating problems

Examples include things out of your scope of duty or knowledge, such as: -broadcast storming -switching loops -routing problems -routing loops -proxy ARP

/flushdns

Flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.

Troubleshooting step 1: Identify the problem

Getting to the true problem, not just what someone tells you it is. Gather information, duplicate the problem if possible, question users, identify symptoms, determine if anything hass changed, approach multiple problems individually.

route command

Gives you the capability to display and edit the local system's routing table. To show the routing table: route print netstat -r

Cable stripper/snip

Helps you make UTP cables. Also need crimpers as well.

collisions

High collision rate can often be corrected by segmenting a network using switches. On Ethernet networks, collisions are the result of multiple network hosts transmitting data simultaneously. Too many collisions can cause a bottleneck and prevent the transmission of data.

Troubleshooting step 4: Establish a plan of action and identify potential side effects

If the plan is complex, write down the steps. Plan for and mitigate potential side effects.

Troubleshooting step 6: Verify full system functionality and implement preventative measures

If you've replaced a NIC in a server, then it has a different MAC address that could affect other things, such as logon security controls or your network management and inventory software. Implement preventative measures to avoid a repeat of the problem.

LAN problems

Incorrect configuration of any number of options in devices can stop a device from accessing resources over a LAN. An example would be having duplicate IP addresses on the same network.

/registerdns

Initiates manual dynamic registration for the DNS names and IP addresses that are configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or resolve a dynamic update problem between a client and the DNS server without rebooting the client computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are registered in DNS.

mtr (My Traceroute) command

Is dynamic in that it keeps running the traceroute. Windows doesn't support mtr.

Uses for a protocol analyzer

Is something trying to start a session and not getting an answer? Is some computer on the network placing confusing information on the network? Is a rogue DHCP server sending out responses to DHCP requests?

hostname command

It returns with the host name of the computer you are on.

open impedance mismatch (echo)

Line echo is typically the result of impedance mismatch, which is caused by the termination or wiring conversion from four-wire telephone circuits to two wires.

Link aggregation problems

Link aggregation (AKA NIC teaming) is a way to scale up Ethernet speeds by using multiple NICs in tandem to increase bandwidth in smaller increments. Two link aggregation protocols: The IEEE 802.3ad spec Link Aggregation Control Protocol (LACP) Cisco proprietary Port-Aggregation Protocol (PAgP) Ports can either be active (send out special frames out trying to initiate creating an aggregated logical port) or passive (wait for active ports to initiate conversation before they respond). NIC teaming misconfiguration: when ports are set to passive-passive -They must be either active-active, or active-passive.

Protocol analyzers

Monitor the different protocols running at different layers on the network. A good protocol analyzer will give you Application, Session, Transport, Network, and Data Link layer information on every frame going through your network. Can be either hardware or software.

MoCA

Multimedia over Coax. Provides Ethernet access through your existing coaxial cabling (even when it's being used for video), and is the technology used by Verizon's FiOS product to provide video, phone, and Internet service.

netstat and ss commands

Netstat displays information on the current state of all of your running IP processes; which sessions are active and can also provide statistics based on ports or protocols (TCP, UDP, etc.) Using 'netstat' without switches shows only the current sessions. 'netstat -r' shows the routing table--identical to the 'route print' command. 'ss' command is faster and more powerful than netstat, used on the Linux side.

Routing loops

Occurs when interconnected routers loop traffic, causing the routers to respond slowly or not at all. The old RIP dynamic routing protocol could have issues with routing loops because of its slow convergence time, but most routing loops are caused by static routes. Clue: huge amount of traffic (more than usual) on the links between the routers. Routing loops never cause individual computers to stop responding.

Troubleshooting step 3: Test the theory to determine cause

Once a theory is confirmed, determine next steps to resolve the problem. If theory is not confirmed, reestablish a new theory or escalate.

Troubleshooting step 5: Implement the solution or escalate as necessary.

Once you think you've fixed the problem, you should try to make it happen again. If it does reoccur, then you know you haven't fixed it.

Packet sniffer

Packet sniffer, protocol analyzer, or packet analyzer. All of these names define a tool that intercepts and logs network packets. Can be hardware or software. Most popular is Wireshark. But if your interface has no GUI installed, such as a server, you would have to use 'tcpdump'. 'tcpdump' is a command line utility that enables you to monitor and filter packets in the terminal, but can also create files you can open in Wireshark for later analysis.

ping command

Ping command uses ICMP (Internet Control Message Protocol) packets to query by IP or by name. Works across routers, so it's generally the first tool used to check if a system is reachable. But since many devices block ICMP packets, a failed ping doesn't always point to an offline system. Defaults to IPv4, but also functions well in an IPv6 network. Used in an IPv6 network: ping -6 (Windows) ping6 (UNIX/Linux)

Punchdown tools

Put UTP wires into 66- and 110-blocks.

Troubleshooting step 2: Establish a theory of probable cause

Question the obvious Consider multiple approaches: top-to-bottom/bottom-to-top OSI model, divide and conquer

End-to-end connectivity

Refers to connecting users with essential resources within a smaller network, such as a LAN or private WAN.

Hands-on problems

Refers to things that you can fix at the workstation, work area, or server. Include physical problems and configuration problems. Examples: -power failure or power anomalies -hardware failure -EMI or RFI -transceivers can go bad -interface errors (wall jack installed incorrectly or a mismatched standard 568A rather than 568B) -incorrect IP configuration, such as settings a PC to a static IP that's not on the same network ID, or incorrect default gateway IP address information

Looking glass sites

Remote servers accessible within a browser that contain common collections of diagnostic tools such as ping and traceroute, plus some Border Gateway Protocol (BGP) query tools. Used to perform things such as ping or traceroute from a location outside of the local environment.

/renew [ Adapter ]

Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.

NSLOOKUP

Reports the IP address of an entered host name or the host name of an entered IP address.

Broadcast storm

Result of one or more devices sending a nonstop flurry of broadcast frames on the network. First sign is when every computer on the broadcast domain suddenly can't connect to the rest of the network. Every actvity light on every node is solidly on. Computers on other broadcast domains work perfectly well. First need to isolate the problem, by unplugging devices until you can find the one causing trouble. Getting a packet analyzer to work can be difficult, but still try. If you are able to get one packet, you can identify which device is the issue.

Router problems

Router configuration issues can be many, such as specifying the wrong routing protocol or misconfiguring the right protocol. An ACL (access control list) might include addresses to block that shouldn't be blocked or allow access to network resources for nodes that shouldn't have it. A misconfiguration could lead to missing IP routes so that some destinations just aren't there for users. Misconfigured symptoms are clear: every system that uses the misconfigured router as a default gateway is either not able to get packets out or not able to get packets in, sometimes both. First thing is to verify everything in your area of responsibility works. Run traceroute to determine a router problem beyond your LAN. Run traceroute to your default gateway. If that fails, you know you have a local issue and can potentially do something about it. If it comes back positive, try running traceroute to a site on the Internet.

Appliance problems

Routers contain many features such as routing, NAT, switching, and intrusion detection system, firewall, etc. These complex boxes, such as Cisco's Adaptive Security Appliance (ASA) are called network appliances. One common problem with appliances is technician error. If the tech fails to set the NAT rule order correctly, traffic that should be routed to go out one interface--like to the DMZ network--can go out an incorrect interface--like to the outside network.

/release [ Adapter ]

Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and discard the IP address configuration for either all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.

Symptoms of heat and power issues

Server rooms that get too hot at certain times of the day Switches that fail when an AC system kicks on Etc.

Line testers

Simple devices used to check the integrity of telephone wiring. Use to check a twisted pair line to see if it is good, dead, reverse wired, or if there is AC voltage on the line.

Certifiers

Test a cable to make sure that it can handle its rated amount of capacity. Certifiers require some kind of loopback on the other end of the cable run. When a cable is not broken, but not moving data the way it should, test it with a certifier; i.e. don't use a certifier for disconnects, but only for slowdowns. A bad cable installation might increase crosstalk, attenuation, or interference. A certifier can also pick up an impedance mismatch.

Multimeters

Test voltage (both AC & DC), resistance, and continuity. Also a great fallback for testing continuity.

Proxy ARP

The process of making remotely connected computers truly act as though they are on the same LAN as local computers. Proxy ARP is done in a number of different ways, with a VPN as the classic example. If a laptop connects to a network via a VPN, that computer takes on the network ID of your local network. The VPN concentrator needs to allow some very LAN-type traffic to go through it that would normally never get through a router. If your VPN client wants to talk to another computer on the LAN, it has to send an ARP request to get the IP address. The VPN device is designed to act as a proxy for all that type of data. Almost all ARP problems take place on the VPN concentrator. With misconfigured ARP settings, the VPN concentrator can send what looks like a DoS attack on the LAN. If your clients start receiving a large number of packets from the VPN concentrator, assume you have a proxy ARP problem and escalate.

traceroute/tracert command

The tracert command used in Windows that sends only ICMP packets. Traceroute in UNIX/Linux/Cisco can send either ICMP packets or UDP packets, but sends UDP by default. Because many routers block ICMP packets, if you run tracert from a Windows PC and it fails, trying running it on a Linux or UNIX system which may return more complete results. Used to trace all of the routers between two points to diagnose where a problem lies when you have problems reaching a remote system. If the tracert stops at a certain router, you know the problem is either the next router or the connections between them.

Tone probes & Tone generators

They only have one job: to help you locate a particular cable. You will never use a tone probe without a tone generator.

HDMI 1.4

This standard also creates HDMI Ethernet Channel (HEC), or Ethernet enabled HDMI ports that combine video, audio, and data on a single cable. Can allow two-way communication and connection-sharing between a TV and set-top boxes.

caching engine

To decrease response times for Internet users and to reduce the load on gateway servers, you can deploy proxy servers that use a _________ __________ to store frequently requested Web addresses.

ipconfig /showclassid Local*

To display the DHCP class ID for all adapters with names that start with Local, type:

ipconfig /renew "Local Area Connection"

To flush the DNS resolver cache when troubleshooting DNS name resolution problems, type:

ipconfig /setclassid "Local Area Connection" TEST

To set the DHCP class ID for the Local Area Connection adapter to TEST, type

TRACERT

Traces and displays the route taken from the host to a remote destination; TRACERT is one example of a trace-routing utility.

FTP (File Transfer Protocol)

Transfers files over a network.

Optical power meter

Used in fiber optics, uses a high-powered source of light at one end of a run and a calibrated detector at the other end. This measures the amount of light that reaches the detector.

Voltage event recorder

Used to detect fluctuations in power.

Temperature monitor

Used to detect issues with heat.

Butt sets

Used to tap into a 66- or 110-block to see if a particular line is working.

Connectivity software

Utilities like ping and traceroute.

Ping (Packet Internet Groper)

Verifies a connection to a network between two hosts, using Internet Control Message Protocol echo requests. Also, a simple program that allows one computer to send a test packet to another computer and then receive a reply.

Troubleshooting step 7: Document findings, actions, outcomes

Vital for two reasons: 1. you're creating a support database to serve as a knowledge base for future reference, enabling everyone on the support team to identify new problems as they arise and know how to deal with them quickly without having to duplicate someone else's research efforts. 2. documentation enables you to track problem trends and anticipate future workloads, or even to identify a particular brand or model of an item that seems to be less reliable.

Split horizon issue

When a router learns a route through a certain interface, it will not communicate that route out the same interface. Was an issue with RIP when routers would report their hops away. Router C might tell Router D that it was two hops away from Router A. Router D would pass along the information to Router E, saying it was three hops away from Router A. Because RIP was a dumb protocol, Router E could respond back to Router D that it was four hops away. Router D would be confused, thinking it was both three and four hops away from Router A.

duplex mismatch

When the protocol fails to negotiate the traffic flow of the connection, you have a _____________ ______________. This problem can cause the connection to work at low speed and drop packets at high speed. [p. 12-7]

MTU mismatch

When your network's packets are so large that they must be fragmented to fit into your ISP's packets. Path MTU discovery solved this by sending fixed-sized ICMP packets that wouldn't be fragmented until the ping is successful, then automatically sets the MTU size with that. However since PMTU uses ICMP, and most routers with firewalls block ICMP requests, you have to make sure that is disabled on the router.

nbtstat command

Windows-only program that is the command line equivalent to Window's My Network Places or Network icon. Always run it with a switch. Most useful one is -n which shows the local NetBIOS names.

NIC teaming redundancy

You can team two NICs as one logical unit, but set them up with one NIC as the primary--live--and the second as the hot spare--standby. If the first NIC goes down, all traffice will automatically flow through the second NIC. Key here is that multicast traffic to the various devices needs to be enabled on every device through which that traffic might pass. If Switch C doesn't play nice with multicast traffice, this can cause multicast traffic to stop. A 'fix' for this in a Cisco network is to turn off a feature called IGMP snooping, which is enabled by default on Cisco switches. Once disabled, the switches will treat multicast messages as broadcast messages and send them to everybody.

cache

a hiding place, especially one in the ground, for ammunition, food, treasures, etc.: She hid her jewelry in a little cache in the cellar.

network analyzer (protocol analyzer)

can also diagnose problems with TCP/IP including packet errors. can identify problems with cabling, jacks, network cards, hubs, and other hardware that works at the lower levels f the OSI models.

ipconfig/ifconfig/ip commands

ipconfig (Windows) ifconfig (UNIX) ip (linux) The commands tell you almost anything you want to know about a particular computer's IP settings. Just typing 'ipconfig' returns basic info, while using 'ipconfig /all' give detailed information such as DNS server and MAC addresses.

latency sensitivity

is caused when the network breaks the data into different-size packets that might be transmitted out of sequence. Voice over IP (VOIP) and video applications are prone to latency sensitivity.

attenuation

is expressed in negative decibels (dB). You can solve the attenuation problem by shortening the cable or by inserting a device such as a repeater.

Quality of Service (QoS)

mechanisms can help reduce and eliminate jitters and other types of interference.

nVoy

nVoy certified networking equipment will create a single network for devices spread across Ethernet, WIFI, MoCA, and HomePlug connections.

TCP/IP settings

network problems, check first the _______________________________________.

nslookup/dig commands

nslookup (all OSs) and dig (UNIX/Linux) commands are used to diagnose DNS problems. dig can be used to query all MX records for example from a host.

latent

potentially existing but not presently evident or realized

cache (computers)

temporary holding unit on the CPU.

enter the desired command (space)/?

to view available switches and parameters, along with their descriptions, at the command prompt.