5.0 Network Troubleshooting

icon picker
5.3 Given a scenario, use the appropriate network software tools and commands

Last edited 414 days ago by Makiel [Muh-Keel]

Software Tools

Knowledge of how to use these tools allows you to locate, troubleshoot, and resolve any networking issues you may come across.

Wi-Fi analyzers

Can look into the air and gather valuable information such as signal levers, noise readings, SSIDs, and interference to resolve most Wi-Fi related issues. You can see the Wi-Fi coverage in an area and use that information for optimal access-point placement to get complete coverage and avoid dead spots

Protocol Analyzers

Also called sniffers, used to capture packets in their raw format as they cross the network. Protocol analyzers can be used to determine the type of traffic that you have in your network, and depending on the product and the bells and whistles contained, you may also be able to sort the results based on port numbers, protocols, and so on. Another use of a sniffer is to examine the traffic that should be occurring on the network when something is not working to aid in troubleshooting.

Bandwidth Testers

These devices, typically software based, work much like a protocol analyzer in that they measure the traffic seen on the network and can also classify the types of traffic that are eating up your bandwidth.
Compare the baseline data throughput measurements to the Bandwidth Tester Network throughput measurements to determine whether or not data rates are within normal range.
How do you know what is abnormal when you don't know what normal is?
IPerf is an open-source software tool that measures network throughput and is very handy for testing and creating baselines of your network. The software runs as a server on one end and a client on the other.

Port Scanner

A software tool designed to search a network for hosts with open ports. Those of us administering our networks use port scanners to ensure their security, but bad guys use them to find a network's vulnerabilities and compromise them.
To port scan means to scan for TCP and UDP open ports on a single target host to and use its services for good reasons or bad. Use Port scan to find open ports and actively secure them.
It's a really good idea to turn off any unused services on your servers and routers and to run only the minimum services required on every host machine in your network.

NetFlow analyzers

Collects information on each unique traffic flow into and out of a network device interfaces. NetFlow allows for the viewing and analysis of application-level traffic across an interface. NetFlow collects source and destination addresses, application information, and quality of service (QoS) data and is very helpful in troubleshooting causes of networking problems.
NetFlow analyzes the data and creates reports, charts, graphs, and sometimes analytics on the received information.

TFTP (Trivial File Transfer Protocol)

Used to transfer networking equipment software to newer routers or switches during an upgrade. A TFTP server is a small application that is available from a wide variety of developers as freeware for Windows and Linux computers. It’s used to transfer the software onto the newer networking equipment.
TFTP is designed to be a simple, effective, and fast method to upload code to a network device.

Terminal Emulator Software

Software used to access the device’s command-line interface remotely.
Telnet protocol is rarely used today because it has no security and all data is sent unencrypted; DO NOT USE.
Secure Shell (SSH) is the preferred method of accessing a remote device command line from across a network
The most common open-source emulator is PuTTY, and it supports Telnet, SSH, and serial interfaces. PuTTY is widely used and found in almost every networking shop.

IP Scanners

Can be used for network mapping by listing all of the active IP addresses in each subnet and what applications are running on them. Scanners can tell you what IP addresses are active and what they are “listening for.”

Command Line Tools

You can use several utilities, both command line and GUI, to verify TCP/IP function on Windows workstations. To meet the Network+ objectives, you'll be required to correctly identify each command's output.


A command-line utility to help us answer both questions because its output will show us every router interface a TCP/IP packet passes through on the way to its destination.
tracert displays the path a packet takes to get to a remote device in all its glory by using something we call IP packet time to live (TTL).
It's also a handy tool for troubleshooting an internetwork because we can use it to figure out which router along a path through that internetwork happens to be causing a network failure when a certain destination machine or network suddenly becomes unreachable.
This utility is useful if you are having problems reaching a web server on the Internet and you want to know if a wide area network (WAN) link is down or if the server just isn't responding. Start troubleshooting wherever the tracert command stops!
Getting an Asterisk (*) means that the attempt to reach the router took too long and the TTL timed out. Could mean either the router is busy, link is slow, or the network admin disabled it from communicated.
If you are running traceroute and see repeating addresses and TTL time-outs, you probably have a routing loop.
tracert -6 is the command used to tracing packets through IPv6 configured routers.
To use tracert, at a Windows command prompt, type tracert, a space, and the Domain Name Service (DNS) name or IP address of the host machine to which you want to find the route.

Using ipconfig, ifconfig, and ip

The utilities known as ipconfig (in Windows) and ifconfig/ip (in Unix/Linux/Mac) will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, configuration, and default gateway.
There are 2 Local adapters present in the example below: Ethernet Adapter & Wireless LAN Adapter.

Using the command ipconfig/all

Will show more information including the MAC addresses and the DHCP Lease and DHCP Expire times.

ipconfig/ renew

Used to acquire a new ip address when changing networks or virtual LANs.
When you change networks, you need to get the IP address of that subnet and/or virtual LAN (VLAN). Normally, windows 10 will handle this automatically, but there are times when you’ll have to manually renew the IP configuration when changing networks.
Once this happens, if you’re connected to a DHCP server, you should receive an IP address in the same scheme as the network you’ve just joined.
If entering the command ipconfig/renew doesn’t give you a new IP address, you’ll have to take it a step further. ipconfig /release will need to be entered into the command line as an administrator.
Run command line as an administrator an admin
Type in the command ipconfig /renew
Type in the command ipconfig /release to complete the process of acquiring a new ip address for your host after just joining a new network or VLAN.

Using the ifconfig Utility

Can do everything ipconfig can do, but there a some key differences.
ifconfig is only used in Linux/Unix/Mac operating systems.
ifconfig can also be used to configure a protocol or a particular network interface port.
Looking at this command output below, we can see the following:
It shows the network interface port eth0 running at 10Mbps
ip address of
Broadcast address of
Subnet Mask of
MTU (Max Transmission Unit) size of 1500
MAC address of 00:00:C0:90:B3:42

Newer versions of the Linux operating system have added the ip utility to replace the ifconfig command. This command serves the same purpose as ifconfig and is used to assign an address to a network interface and/or configure network interface parameters on Linux operating systems.
*Only used in Linux Operations Systems*
The ip command allows us to do the following:
what interfaces are configured on the computer
view and configure their IP values
take an interface up or down
configure routing
display network status information
view and configure multicast values
view the ARP table
view the host's routing table.
For example, to add the IP address of to interface Ethernet0, use the following command: ​#ip a add dev eth0Using the iptables utility

The iptables firewall utility

A command-line utility built for the Linux operating system that uses what are called chains to allow or disallow traffic. When traffic arrives, iptables looks for a rule that addresses that traffic type, and if none exists, it will enforce the default rule.
There are three different chain types:
Input: Controls behavior for incoming connections
Forward: Used for incoming connections that aren't being delivered locally (like a router would receive)
Output: Used for outgoing connections
You can set the default action to accept, drop, or reject, with the difference between reject and drop being that reject sends an error message back to the source.

Using the ping Utility

You use the ping utility for two primary purposes:
To find out if a host is responding.
To find out if you can reach a host.
ping uses the ICMP (Internet Control Message Protocol) protocol.
If you can ping a host that means you can reach it, and if a host is reachable that means it’s actively connected to the network. Ping is used to see if a host, router, or server is connected to the network.
Here's the syntax (you can use either command):
ping [hostname]
You can use name resolution and ping to a name, such as ping www.sybex.com, and as long as that name can be resolved.
ping [IP address]
Output is below.

Pinging the local Host will see if your own computer’s TCP/IP local interface is working correctly; It can be used to see if your NIC is operating properly and if your own machine is able + capable of connecting to other computers.
ping to test your own computers TCP/IP interface
ping command options


Using ARP utility

Address Resolution Protocol (ARP) is used to map TCP/IP addresses to MAC addresses using broadcasts. It sends a broadcast through the network saying “What MAC address has ip address” The machine with that ip address will respond with its MAC address, and the requester machine will add its MAC to it’s ARP table (includes a list of TCP/IP addresses and their associated physical (MAC) addresses)
Remember that the ARP table contains two kinds of entries:
Created whenever the Windows TCP/IP stack performs an ARP lookup but the MAC address isn't found in the ARP table. When the MAC address of the requested IP address is finally found, or resolved, that information is then added into the ARP table as a dynamic entry
Serve the same function as dynamic entries but are made manually using the arp utility.
The arp utility can be used to check out the operating system's ARP cache table.
Particular useful for resolving duplicate IP addresses; if two machines have the same ip address you can use the arp command to view the ip to MAC address mappings in your subnetwork.
In the arp table, you can then see what ip address has what mac address and determine the duplicate.

Using the nslookup Utility

The nslookup utility allows you to query a name server and quickly find out which name resolves to which IP address. When configuring DNS, it's a very good thing to be able to test what IP address DNS is returning to ensure that it's working properly.
Linux/Unix dig (short for domain information groper) utility does the exact same thing as nslookup.
The primary job of nslookup is to tell you the
Many different features of a particular domain name
Names of the servers that serve it
How a DNS name is configured.
The image below explains a few things:
The server that returned the information is not responsible (authoritative) for the zone information of the domain for which you requested an address.
the name server for the domain www.bing.com is located at the IP address
If you type in nslookup and receive this reply, then your DNS servers are DOWN!
After the nslookup command is used, use set type = mx to view the IP address of a company email server.

Using the Mtr Command (pathping)

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.