5.0 Network Troubleshooting

icon picker
5.3 Given a scenario, use the appropriate network software tools and commands

Last edited 341 days ago by Makiel [Muh-Keel]

Software Tools

Knowledge of how to use these tools allows you to locate, troubleshoot, and resolve any networking issues you may come across.

Wi-Fi analyzers

Can look into the air and gather valuable information such as signal levers, noise readings, SSIDs, and interference to resolve most Wi-Fi related issues. You can see the Wi-Fi coverage in an area and use that information for optimal access-point placement to get complete coverage and avoid dead spots

Protocol Analyzers

Also called sniffers, used to capture packets in their raw format as they cross the network. Protocol analyzers can be used to determine the type of traffic that you have in your network, and depending on the product and the bells and whistles contained, you may also be able to sort the results based on port numbers, protocols, and so on. Another use of a sniffer is to examine the traffic that should be occurring on the network when something is not working to aid in troubleshooting.

Bandwidth Testers

These devices, typically software based, work much like a protocol analyzer in that they measure the traffic seen on the network and can also classify the types of traffic that are eating up your bandwidth.
Compare the baseline data throughput measurements to the Bandwidth Tester Network throughput measurements to determine whether or not data rates are within normal range.
How do you know what is abnormal when you don't know what normal is?
IPerf is an open-source software tool that measures network throughput and is very handy for testing and creating baselines of your network. The software runs as a server on one end and a client on the other.

Port Scanner

A software tool designed to search a network for hosts with open ports. Those of us administering our networks use port scanners to ensure their security, but bad guys use them to find a network's vulnerabilities and compromise them.
To port scan means to scan for TCP and UDP open ports on a single target host to and use its services for good reasons or bad. Use Port scan to find open ports and actively secure them.
It's a really good idea to turn off any unused services on your servers and routers and to run only the minimum services required on every host machine in your network.

NetFlow analyzers

Collects information on each unique traffic flow into and out of a network device interfaces. NetFlow allows for the viewing and analysis of application-level traffic across an interface. NetFlow collects source and destination addresses, application information, and quality of service (QoS) data and is very helpful in troubleshooting causes of networking problems.
NetFlow analyzes the data and creates reports, charts, graphs, and sometimes analytics on the received information.

TFTP (Trivial File Transfer Protocol)

Used to transfer networking equipment software to newer routers or switches during an upgrade. A TFTP server is a small application that is available from a wide variety of developers as freeware for Windows and Linux computers. It’s used to transfer the software onto the newer networking equipment.
TFTP is designed to be a simple, effective, and fast method to upload code to a network device.

Terminal Emulator Software

Software used to access the device’s command-line interface remotely.
Telnet protocol is rarely used today because it has no security and all data is sent unencrypted; DO NOT USE.
Secure Shell (SSH) is the preferred method of accessing a remote device command line from across a network
The most common open-source emulator is PuTTY, and it supports Telnet, SSH, and serial interfaces. PuTTY is widely used and found in almost every networking shop.

IP Scanners

Can be used for network mapping by listing all of the active IP addresses in each subnet and what applications are running on them. Scanners can tell you what IP addresses are active and what they are “listening for.”

Command Line Tools

You can use several utilities, both command line and GUI, to verify TCP/IP function on Windows workstations. To meet the Network+ objectives, you'll be required to correctly identify each command's output.


A command-line utility to help us answer both questions because its output will show us every router interface a TCP/IP packet passes through on the way to its destination.
tracert displays the path a packet takes to get to a remote device in all its glory by using something we call IP packet time to live (TTL).
It's also a handy tool for troubleshooting an internetwork because we can use it to figure out which router along a path through that internetwork happens to be causing a network failure when a certain destination machine or network suddenly becomes unreachable.
This utility is useful if you are having problems reaching a web server on the Internet and you want to know if a wide area network (WAN) link is down or if the server just isn't responding. Start troubleshooting wherever the tracert command stops!
Getting an Asterisk (*) means that the attempt to reach the router took too long and the TTL timed out. Could mean either the router is busy, link is slow, or the network admin disabled it from communicated.
If you are running traceroute and see repeating addresses and TTL time-outs, you probably have a routing loop.
tracert -6 is the command used to tracing packets through IPv6 configured routers.
To use tracert, at a Windows command prompt, type tracert, a space, and the Domain Name Service (DNS) name or IP address of the host machine to which you want to find the route.

Using ipconfig, ifconfig, and ip

The utilities known as ipconfig (in Windows) and ifconfig/ip (in Unix/Linux/Mac) will display the current configuration of TCP/IP on a given workstation—including the current IP address, DNS configuration, configuration, and default gateway.
There are 2 Local adapters present in the example below: Ethernet Adapter & Wireless LAN Adapter.

Using the command ipconfig/all

Will show more information including the MAC addresses and the DHCP Lease and DHCP Expire times.

ipconfig/ renew

Used to acquire a new ip address when changing networks or virtual LANs.
When you change networks, you need to get the IP address of that subnet and/or virtual LAN (VLAN). Normally, windows 10 will handle this automatically, but there are times when you’ll have to manually renew the IP configuration when changing networks.
Once this happens, if you’re connected to a DHCP server, you should receive an IP address in the same scheme as the network you’ve just joined.
If entering the command ipconfig/renew doesn’t give you a new IP address, you’ll have to take it a step further. ipconfig /release will need to be entered into the command line as an administrator.
Run command line as an administrator an admin
Type in the command ipconfig /renew
Type in the command ipconfig /release to complete the process of acquiring a new ip address for your host after just joining a new network or VLAN.

Using the ifconfig Utility

Can do everything ipconfig can do, but there a some key differences.
ifconfig is only used in Linux/Unix/Mac operating systems.
ifconfig can also be used to configure a protocol or a particular network interface port.
Looking at this command output below, we can see the following:
It shows the network interface port eth0 running at 10Mbps
ip address of
Broadcast address of
Subnet Mask of
MTU (Max Transmission Unit) size of 1500
MAC address of 00:00:C0:90:B3:42

Newer versions of the Linux operating system have added the ip utility to replace the ifconfig command. This command serves the same purpose as ifconfig and is used to assign an address to a network interface and/or configure network interface parameters on Linux operating systems.
*Only used in Linux Operations Systems*
The ip command allows us to do the following:
what interfaces are configured on the computer
view and configure their IP values
take an interface up or down
configure routing
display network status information
view and configure multicast values
view the ARP table
view the host's routing table.
For example, to add the IP address of to interface Ethernet0, use the following command: ​#ip a add dev eth0Using the iptables utility

The iptables firewall utility

A command-line utility built for the Linux operating system that uses what are called chains to allow or disallow traffic. When traffic arrives, iptables looks for a rule that addresses that traffic type, and if none exists, it will enforce the default rule.
There are three different chain types:
Input: Controls behavior for incoming connections
Forward: Used for incoming connections that aren't being delivered locally (like a router would receive)
Output: Used for outgoing connections
You can set the default action to accept, drop, or reject, with the difference between reject and drop being that reject sends an error message back to the source.

Using the ping Utility

You use the ping utility for two primary purposes:
To find out if a host is responding.
To find out if you can reach a host.
ping uses the ICMP (Internet Control Message Protocol) protocol.
If you can ping a host that means you can reach it, and if a host is reachable that means it’s actively connected to the network. Ping is used to see if a host, router, or server is connected to the network.
Here's the syntax (you can use either command):
ping [hostname]
You can use name resolution and ping to a name, such as ping www.sybex.com, and as long as that name can be resolved.
ping [IP address]
Output is below.

Pinging the local Host will see if your own computer’s TCP/IP local interface is working correctly; It can be used to see if your NIC is operating properly and if your own machine is able + capable of connecting to other computers.
ping to test your own computers TCP/IP interface
ping command options


Using ARP utility

Address Resolution Protocol (ARP) is used to map TCP/IP addresses to MAC addresses using broadcasts. It sends a broadcast through the network saying “What MAC address has ip address” The machine with that ip address will respond with its MAC address, and the requester machine will add its MAC to it’s ARP table (includes a list of TCP/IP addresses and their associated physical (MAC) addresses)
Remember that the ARP table contains two kinds of entries:
Created whenever the Windows TCP/IP stack performs an ARP lookup but the MAC address isn't found in the ARP table. When the MAC address of the requested IP address is finally found, or resolved, that information is then added into the ARP table as a dynamic entry
Serve the same function as dynamic entries but are made manually using the arp utility.
The arp utility can be used to check out the operating system's ARP cache table.
Particular useful for resolving duplicate IP addresses; if two machines have the same ip address you can use the arp command to view the ip to MAC address mappings in your subnetwork.
In the arp table, you can then see what ip address has what mac address and determine the duplicate.

Using the nslookup Utility

The nslookup utility allows you to query a name server and quickly find out which name resolves to which IP address. When configuring DNS, it's a very good thing to be able to test what IP address DNS is returning to ensure that it's working properly.
Linux/Unix dig (short for domain information groper) utility does the exact same thing as nslookup.
The primary job of nslookup is to tell you the
Many different features of a particular domain name
Names of the servers that serve it
How a DNS name is configured.
The image below explains a few things:
The server that returned the information is not responsible (authoritative) for the zone information of the domain for which you requested an address.
the name server for the domain www.bing.com is located at the IP address
If you type in nslookup and receive this reply, then your DNS servers are DOWN!
After the nslookup command is used, use set type = mx to view the IP address of a company email server.

Using the Mtr Command (pathping)

Mtr & pathping is a command line that combines the functions of the traceroute and ping utilities in a single network diagnostic tool. It also adds round-trip time and packet loss to the output.
Mtr is used in Linux
pathping is used in Windows
Pathping is great for detecting network problems such as cabling issues, data packet loss and speed degradation. During network analysis, this diagnostic tool pings a specific number of test packets to individual routers (called hops) over a defined period of time to get a good pulse on network latency.
By using network latency metrics and hop count, it’s possible to locate overloaded or malfunctioning routers and computers that are obstructing and slowing down data traffic.

Using the Nmap Utility

Nmap (Network Mapper) is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
Often the go-to tool for port scanning, Nmap can perform scans with flags set in the scan packets to get responses that allow them to determine the following information:
If a port is open on a device
If the port is blocked by a firewall before it gets to the device
Nmap can also be used as follows:
To determine the live hosts on a network
To create a logical “map” of the network

Using the route Command

Route is a command used to view, edit, print. and change the entire routing table. Most of the time it’s used to just view the routing table, but it also allows you to make manual entries into the network routing tables.
By using the route command, you can manually control the flow of traffic leaving your computers.
Below is the output for route print
Some Examples of the route Command
To display the entire IP routing table, type route print.
To add a default route with the default gateway address, type route add mask
To add a route to the destination with the subnet mask and the next-hop address, type route add mask\
If you want to, let's say, add a persistent route to the destination with the subnet mask and the next-hop address, type route -p add mask
If you want to delete the route to the destination with the subnet mask, enter route delete mask
And finally, if you want to change the next-hop address of a route with the destination and the subnet mask from to, type route change mask

Using the nbtstat Utility

Microsoft Windows uses an interface called Network Basic Input/Output System (NetBIOS), which relates names with workstations and is an upper-layer interface that requires a transport protocol—usually TCP/IP.
Simply saying, it is a protocol that allows communication of files and printers through the Session Layer (5) of the OSI Model in a LAN.
The nbtstat command is available only in Windows-based operating systems.

Using the netstat Utility

Using netstat is a great way to check out the inbound and outbound TCP/IP connections on your machine.
Can also use it to view packet statistics like how many packets have been sent and received, the number of errors, and so on.
This utility is a great tool to use to determine the status of outbound web connections.
It includes the status of the connection, the networking protocol, local and remote computer IP address, and more
If you're having difficulties accessing the internet, the netstat command can help you identify where the problem lies. Netstat will display all of your computer's active network connections and the status of those connections. If a connection is not working, netstat can often provide more information about why it is not working.
Use netstat /? to see all of the different command options.

Using tcpdump

The tcpdump utility is used to read either packets captured live from a network or packets that have been saved to a file. Although there is a Windows version called windump, tcpdump only works on Unix-like operating systems.

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.