The eight steps

The most important part of troubleshooting any problem is to divide the tasks of problem resolution into a
systematic process of elimination. Cisco has broken this process into eight steps:
1

Define the problem.

Gather detailed information.

Consider probable cause for the failure.

Devise a plan to solve the problem.

Implement the plan.

Observe the results of the implementation.

Repeat the process if the plan does not resolve the problem.

Document the changes made to solve the problem.

Top 10 Basic Network Troubleshooting Tools Every IT Pro Should Know

Network troubleshooting tools are a necessity for every network administrator. When getting started in the
networking field, it is important to amass a number of tools that can be used to troubleshoot a variety of
different network conditions.
While it is true that the the use of specific tools can be subjective and at the discretion of the engineer, the
selection of tools in this article has been made based on their generality and common use. This article reviews
the top 10 basic tools that can help you troubleshoot most networking issues.

10. Ping
The most commonly used network tool is the ping utility. This utility is used to provide a basic connectivity test
between the requesting host and a destination host. This is done by using the Internet Control Message Protocol
(ICMP) which has the ability to send an echo packet to a destination host and a mechanism to listen for a
response from this host. Simply stated, if the requesting host receives a response from the destination host, this
host is reachable. This utility is commonly used to provide a basic picture of where a specific networking
problem may exist. For example, if an Internet connection is down at an office, the ping utility can be used to
figure out whether the problem exists within the office or within the network of the Internet provider. Figure 1
below shows an example of the ping utility being used to obtain the reachability status of the locally connected
router.

Figure 1: Ping utility

9. Tracert/traceroute
Typically, once the ping utility has been used to determine basic connectivity, the tracert/traceroute utility can
used to determine more specific information about the path to the destination host including the route the packet
takes and the response time of these intermediate hosts. Figure 2 below shows an example of the tracert utility
being used to find the path from a host inside an office to www.google.com. The tracert utility and traceroute
utilities perform the same function but operate on different operating systems, Tracert for Windows machines
and traceroute for Linux/*nix based machines.

Figure 2: Tracert/traceroute utility

8. Ipconfig/ifconfig
One of the most important things that must be completed when troubleshooting a networking issue is to find out
the specific IP configuration of the variously affected hosts. Sometimes this information is already known when
addressing is configured statically, but when a dynamic addressing method is used, the IP address of each host

can potentially change often. The utilities that can be used to find out this IP configuration information include
the ipconfig utility on Windows machines and the ifconfig utility on Linux/*nix based machines. Figure 3
below shows an example of the ifconfig utility showing the IP configuration information of a queries host.

Figure 3: Ifconfig utility

7. Nslookup
Some of the most common networking issues revolve around issues with Dynamic Name System (DNS)
address resolution issues. DNS is used by everyone using the Internet to resolve commonly known domain
names (i.e. google.com) to commonly unknown IP addresses (i.e. 74.125.115.147). When this system does not
work, most of the functionality that people are used to goes away, as there is no way to resolve this information.
The nslookup utility can be used to lookup the specific IP address(es) associated with a domain name. If this
utility is unable to resolve this information, there is a DNS issue. Along with simple lookup, the nslookup utility
is able to query specific DNS servers to determine an issue with the default DNS servers configured on a host.
Figure 4 below shows an example of how the nslookup utility can be used to query the associated IP address
information.

Figure 4: Nslookup utility

6. Netstat
Often, one of the things that are required to be figured out is the current state of the active network connections
on a host. This is very important information to find for a variety of reasons. For example, when verifying the
status of a listening port on a host or to check and see what remote hosts are connected to a local host on a
specific port. It is also possible to use the netstat utility to determine which services on a host that is associated
with specific active ports. Figure 5 below shows an example of the netstat utility being used to display the
currently active ports on a Linux machine.

Figure 5: Netstat utility

5. PuTTY/Tera Term

When connecting to a variety of different types of equipment, a telnet, SSH or serial client is required; when
this is required both the puTTY and Tera Term programs are able to provide these functionalities. The selection
of one over the other is strictly a personal preference. Figures 6 and 7 below show both puTTY and Tera Term
being used to connect to a host via SSH.

Figure 6: PuTTY

Figure 7: Tera Term

4. Subnet and IP Calculator

One of the most important tools in the belt of a junior network engineer is an IP network calculator. These can
be used to unsure a correct IP address selection and with this a correct IP address configuration. While this type
of tool is used by senior level network engineers, much of the information obtained from the tool becomes
simpler to calculate the longer and more experience you have in the field. Two of the more commonly used free
IP calculators include Wildpackets (Bitcricket) Network Calculator and Solarwinds Advanced Subnet Calculator
which can be found at the links below.
http://www.bitcricket.com/downloads/IPCalculator.msi
http://downloads.solarwinds.com/solarwinds/Release/FreeTool/SolarWinds-Subnet-Calculator.zip

Figure 8: Subnet calculator

3. Speedtest.net/pingtest.net
A very easy test that can be used to both determine the Internet bandwidth available to a specific host and to
determine the quality of an Internet connection is the use of the tools available at the speedtest.net and
pingtest.net websites. The speedtest.net site provides the ability to determine the amount of bandwidth that is
available to a specific host at a specific point in time; this is often a good tool to use when measuring how long

it is going to take to upload or download information from a local to remote host. This measurement can also be
used to determine whether the connection is offering the amount of bandwidth that was purchased from the
Internet provider; keep in mind however that some amount of bandwidth difference is expected between the
quoted bandwidth purchased and the measured bandwidth. The pingtest.net website is used to determine the
quality of the connection by measuring the ping response times and jitter amounts over a short period of time.
This information can be used to determine a likelihood of how well the measured connection will deal with
certain types of high demand traffic like Voice over IP (VoIP) or gaming. Figure 9 and 10 below show example
output from both of these sites.

Figure 9: Speedtest

Figure 10: Pingtest

2. Pathping/mtr
In an effort to take advantage of the benefits of both the ping and tracert/traceroute commands, the pathping and
mtr utilities were developed. Both of these tools take the functionality and information that can be obtained
from these types of tools and provide a more detailed single picture of the path characteristics from a specific
host to a specific destination. Figure 11 and 12 below show examples of these two tools and what information
they provide.

Figure 11: Pathping

Figure 12: Mtr

1. Route
The last of the tools covered in this article is the route utility. This utility is used to display the current status of
the routing table on a host. While the use of the route utility is limited in common situations where the host only
has a single IP address with a single gateway, it is vital in other situations where multiple IP address and
multiple gateways are available. Figure 13 below shows an example of the route utility being used on a
Windows machine.

Figure 13: Route Utility

Summary
As with any job, the type of tools that are quickly available can greatly influence the amount of time that it takes
to complete a job. When troubleshooting a networking issue, the amount of time that it takes to find and fix a
problem directly affect the wasted costs that it causes to any system relying on the network. This article has

taken a look at the 10 most commonly used tools that can help in ensuring that the time that it takes to find and
fix a problem is as short as possible. I hope the information in this article can be helpful in future
troubleshooting.

Cisco Network Troubleshooting for Beginners

By Stelios Antoniou
As a Network Engineer, your primary goal is to make sure that your network equipment is operating properly at
all times. But we all know that any equipment can break down. The reasons for this could be software
inconsistencies, hardware malfunctions, maybe even environmental hazards.
Under such unpredictable conditions, your responsibility is to identify and isolate the cause of the malfunction
and correct it as soon as you can. Thats why it is extremely helpful to know some specific techniques that have
been proven to be crucial and essential in the networking world.
In todays article Ill present the most important commands that you will definitely find helpful and even
mandatory throughout your networking career and specifically during network troubleshooting situations. The
commands I am talking about, and which are truly invaluable, are:

Ping

Traceroute

Telnet

Show interfaces

Show ip interface

Show ip route

Show running-config

Show startup-config

The Ping Utility

The PING command operates on the Network layer and uses the services of the ICMP protocol. It is the first
command that you should use at the beginning of your troubleshooting process.
With PING you can test whether a remote host is alive by transmitting echo request messages and receive echo
replies from the specific host. Keep in mind that even if a host is alive, it does not mean that it is functioning
properly, that is why PING is used at the beginning of your investigation and is the best command to start with.

Ive covered PING extensively in one of my previous posts, so for more details on PING, check out: How to
Troubleshoot Your Connections with Ping and Traceroute.
PING command has quite a lot of options from which you can greatly benefit. For example, you can choose to
PING with different network protocols. Moreover, you are able to set the exact number of PING requests to be
transmitted. You can also choose the length of data carried within the echo request packet (provided in bytes)
and also specify whether fragmentation of this packet is allowed or not during transmission. The last two
options in cooperation can be used to identify the lowest MTU value existing in the communication path.
On Cisco devices the simpler way to use the PING utility is to issue the command PING along with the IP
address of the remote device:

For more advanced features, simply issue the PING command and follow the prompts from that point on:

The Traceroute Command

The TRACEROUTE command traces the end-to-end path a packet takes though an internetwork. Similarly
with PING, it uses the ICMP protocol with TTL timeouts to perform its operation.
Again, for more details on this command see How to Troubleshoot Your Connections with Ping and Traceroute.

This command is very useful in identifying potential link bottlenecks throughout the transmission path. Here is
a sample output of the TRACEROUTE command:

The Telnet Command

Use the telnet command to verify TCP stack and application layer software between source and destination
stations. Of course, to be able to telnet on a Cisco device, the latter needs to be already configured to accept
telnet connections. To use TELNET just issue the telnet command along with the IP address or hostname of the
remote station:

The Show Interfaces Command

The show interfaces command presents all the available interfaces that can be configured on your Cisco
device. You can explicitly use this command to show only details on a single interface by issuing the interfaces
name after the show interfaces command. This command is very useful because it can reveal layer 1 and layer 2
problems. Moreover, this command provides details regarding the hardware address (MAC), IP address,
encapsulation method and statistics concerning erroneous conditions on the specific interface. Examine the
output of the show interface fastethernet 0:

The first line of the show interface command is the most important one. The first parameter refers to the
physical layer, therefore
in this case FastEthernet 0 is up and operating. The second part of the line refers to the Data Link Layer;
therefore here line protocol is up means that we have layer 2 connectivity as well. There are four possible
outputs that you may come across:

FastEthernet0 is up, line protocol is up: Both the Physical and Data Link layers on the interface are
functioning correctly.

FastEthernet0 is down, line protocol is down: This output indicates a physical interface problem. For
example, the cable on this interface or on the remote interface is disconnected.

FastEthernet0 is up, line protocol is down: In this case, Physical layer is operational. The line protocol
being down indicates a clocking or framing problem. Probable reasons for this are encapsulation and
clock rate mismatches.

Ethernet0 is administratively down, line protocol is down: This output indicates that a local interface
has been manually shut down using the shutdown command.

The Show IP Interface Command

The show ip interface command will provide details regarding layer 3 configuration on the interfaces. Using
this command you can see the IP address and mask configured on a given interface, whether an access list is

applied on the interface as well as basic

IP information.

The Show IP Route Command

Use the show ip route command to find detailed information regarding the routes configured on the router.
Keep in mind that the router can only route packets to the networks listed in its routing table. It is possible that a
router can not reach a network you manually configured therefore, that specific route is removed from its table
and that is why you should use the show running configuration command in conjunction with show ip route to
spot possible inconsistencies.
For more details on IP routing issues see my article on Default and Static Routing Basics.

Show Running-Config and Show Startup-Config Commands

Issue the show running configuration command to find out the whole configuration your Cisco devices use
while operating. By looking at the details of your devices, configuration can help you identify the cause to your
problem. Use the show startup configuration command to see the configuration commands that will be
loaded to your device the next time it reboots and compare it with your running configuration in order to
identify possible unconformities.

In the End Follow Your Instincts

Isolating a network malfunction is not an easy task. In many cases you need to swim into really deep waters in
order to identify the error. Meaning, that you will probably need to get into the bits and bytes in order to locate
the error.

A lot of network monitor tools are available to help you during these difficult tasks. And although theres a lot
you can do, remember to never lose your courage; have patience and follow your gut.
Sometimes the problem that youre searching for will be right in front of you and will slip out of your hands,
just when you think you have it. So be persistent, be patient and remember: you will win the battle!
Be prepared; in order to fight well, you should be armed well. So get to know your device very well, know how
it operates, and know how to use the basic troubleshooting commands that you just learned so that you can
identify the problem, or at least estimate where the problem might be. Good luck

How to Troubleshoot Your Connections with Ping

and Traceroute
By Stelios Antoniou
The PING utility is one of the most famous and most helpful networking commands. Its the first command that
comes to mind when facing network reachability problems. Its also the first command that needs to be issued
when there is a need to find out whether a certain host is alive or not.
The ping command uses the services of the Internet Control Message Protocol (ICMP), the latter being
encapsulated in the IP header. Therefore, the ping utility operates basically on layer 3 (the Network layer) of the
OSI model. It does not use the services of the Transport layer, and the reason for that is that traffic reliability
issues are not the case here. Ping performs a simple host lookup.
TRACEROUTE is another very helpful utility that operates similarly to ping and also uses the services of the
ICMP protocol. Traceroute, as the name implies, is used to trace the path between the sender and the destination
host. It is a one-way trace, meaning that it traces the route from the source to destination and not the other way
around, which by the way, may follow a different path. Traceroute also uses the services of User Datagram
Protocol (UDP), in specific implementations, as the transport layer for a specific reason that well go into
further on.
So first, lets start with an overview of ICMP protocol and then we can get into the details of how ping and
traceroute use this protocol to perform their tasks.

Internet Control Message Protocol (ICMP)

ICMP is a Network layer protocol that belongs to the group of control protocols similar to ARP and RARP.
ICMP protocol has been designed with the unreliable characteristics of the IP protocol in mind. Due to this
unreliability and connectionless behavior of IP, there was no way of informing the originator host that
something went wrong during data transmission. ICMP has been designed to provide this function.
ICMP messages report back to the sender when something unexpected occurs, giving the person a clue of what
might have gone wrong. I want to remind you that ICMP does not solve the reliability issues of IP; that is up to
the upper layer (the Transport layer) to perform. ICMP messages are encapsulated in IP packets as seen below:

Image 1: ICMP Encapsulation

ICMP messages use the following format:

Image 2: ICMP Message Format

The most important ICMP message types are listed below:

Image 3: Important ICMP Message Types

Troubleshooting with PING

Lets take a look at the behavior of the ping command with the help of Ethereal application. First, to launch the
ping command the simplest way is to open a command prompt window and type in PING [ip address of the
host to reach], or if DNS service is running type in PING [URL of the destination host]. Sometimes, the
extended ping command, which issues continuous echo request messages, is very helpful. The format of this
command is PING t [IP address of the host]. The ping command operates the same way in Windows, Unix,
Cisco machines and in every other networking device. The principle is the same, even though variations on the
extended functions of the command may exist.

In the next image you can see a ping command towards the URL of Trainsignal.com. DNS query is performed
first to translate the URL to an IP address, and then four echo request message types are transmitted. Transmit
packets are time stamped. When the remote host receives these echo requests, inside the echo reply messages it
includes the timestamp enclosed in the echo request. Upon receiving the reply message and performing simple
calculations, the round trip delay time is revealed and noted:

Image 4: Executing the Ping Command

Looking at the Ethereal trace, you can see that the echo request ICMP message has the type field value set to 8.
This is the standard value for echo request messages. Also notice that the TTL field has the value of 128
(Common value for Windows platforms). This value indicates the number of hops the packet is allowed to
traverse before getting dropped. This value, due to scattering of networks, should have a great value anything
above 64. Cisco machines use a TTL value of 256.

Image 5: Echo Request Message Encapsulation

Below you can see one of the echo reply messages as captured by Ethereal tool. It can be seen that the ICMP
echo reply message has a type value 0 (zero):

Image 6: Echo Reply Message Encapsulation

Troubleshooting with TRACEROUTE

The traceroute command operates similarly to ping. On Cisco routers and Unix platforms the layout of the
command is: TRACEROUTE [destination IP address] or TRACEROUTE [URL of the destination host].
On Windows machines the function of traceroute comes with the command TRACERT (short for trace route),
which operates in a slightly different manner than in Cisco and Unix platforms (details on this are below).
Traceroute uses a clever way to capture the footprint of a packets journey. We will use an imaginary example
(see the next image) to help us investigate how traceroute achieves its purpose:

RouterA prepares an ICMP echo request message, encapsulates it in an IP packet having Source
address=172.16.1.1, Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination
UDP port= anything not used (usually greater than 30000) and forwards it.

RouterB, upon receiving this packet, decrements one unit from TTL value, hence TTL becomes 0,
which means that it has to drop this packet. It replies back to the sender with an ICMP Time exceeded
message, including its source address in the SA field of the IP header (SA=172.16.1.2).

RouterA receives the response and prints out on the screen the first hop (IP address=172.16.1.2).

Afterwars, RouterA sends the same echo request message with TTL value=2.

RouterB decrements it by one and forwards it to RouterC which decrements by one again (TTL=0),
forcing it to return an ICMP time exceeded message with SA=192.168.1.2.

RouterA now prints out the second hop on screen (IP address=192.168.1.2).

Finally RouterA sends an ICMP echo request with TTL value=3 which is terminated on RouterD. The
latter passes the packet to the transport layer where the wrong UDP port number causes RouterD to
issue an ICMP Port Unreachable message.

RouterA upon receiving this message from RouterD knows that it has reached the final hop which
prints out on screen and stops sending any more messages.

Image 7: Traceroute Example

A Real Example of Traceroute

Now that we understand how traceroute works, lets see how it behaves in a real situation. Using command
prompt under Windows host, TRACERT to www.trainsignal.com is issued. The result is shown in the image
below:

Image 8: Printout of TRACERT Command

By looking at the image above, you can see that each ICMP echo request message is repeated three times before
the sender increments the TTL value and resend the request message. The three round trip delay times for all
three messages are included at the beginning of each hop. A couple of request timed out messages come from
routers that are configured not to respond to ICMP echo request messages.
The image below shows the content of the echo reply message received from trainsignal.com (message number
20 as shown on figure 8). Although we would expect an ICMP message with type value=3 (Port Unreachable), a
TTL exceeded message (type=11) is received. This difference comes from the fact that in Windows platforms
UDP ports are not used.

Image 9: Time Exceeded Message from Destination Host

The Windows platforms, upon receiving an echo reply message from the final destination, issue three more echo
request messages to that host; hence the last noted echo reply message on in the iamge above.

What Can Ping and Traceroute Do for You?

Ping and traceroute commands can be very helpful if used appropriately. Use the PING command when the
existence of a host is what interests you. Use TRACEROUTE in Cinsco and Unix or TRACERT in Windows to
get an idea of what route your packets take to reach their destination.

Top 7 TCP/IP Utilities Every Networking Pro

Should Know
By Roman Rafacz
If youre planning on pursuing a field in networking or just looking to expand your networking knowledge then
this article is for you. TCP/IP utilities are essential not only will they help you on your networking exams but
youll be able to diagnose most TCP/IP problems and begin working on solutions.
The top 7 tools that I will talk about today include: Ping, Tracert, ARP, Netstat, Nbtstat, NSLookup, and
IPconfig. These tools will help you to check the status of your network and allow you to troubleshoot and test
connectivity to remote hosts.
You use these utilities in Dos and you get there by clicking on Start, going to Run and typing cmd.
Here are the top 7 TCP/IP utilities and their functions.

1. Ping
The PING utility tests connectivity between two hosts. PING uses a special protocol called the Internet Control
Message Protocol (ICMP) to determine whether the remote machine (website, server, etc.) can receive the test
packet and reply.
Also a great way to verify whether you have TCP/IP installed and your Network Card is working.
Well start by Pinging the loopback address (127.0.0.1) to verify that TCP/IP is installed and configured
correctly on the local computer.
Type: PING 127.0.0.1

This tells me that TCP/IP is working as well as my Network Card.

To test out connectivity to a website all you have to do is type: ping espn.com

The results should tell you if the connection was successful or if you had any lost packets.
Packet loss describes a condition in which data packets appear to be transmitted correctly at one end of a
connection, but never arrive at the other. Why? Well, there are a few possibilities.
The network connection might be poor and packets get damaged in transit or the packet was dropped at a router
because of internet congestion. Some Internet Web servers may be configured to disregard ping requests for
security purposes.
Note the IP address of espn.com 199.181.132.250. You can also ping this address and get the same result.

However, Ping is not just used to test websites. It can also test connectivity to various servers: DNS, DHCP,
your Print server, etc. As you get more into networking youll realize just how handy the Ping utility can be.

2. Tracert
Tracert is very similar to Ping, except that Tracert identifies pathways taken along each hop, rather than the time
it takes for each packet to return (ping).

If I have trouble connecting to a remote host I will use Tracert to see where that connection fails. Any
information sent from a source computer must travel through many computers / servers / routers (theyre all the
same thing, essentially) before it reaches a destination.
It may not be your computer but something that is down along the way. It can also tell you if communication is
slow because a link has gone down between you and the destination.
If you know there are normally 4 routers but Tracert returns 8 responses, you know your packets are taking an
indirect route due to a link being down.

3. ARP
The ARP utility helps diagnose problems associated with the Address Resolution Protocol (ARP).

TCP/IP hosts use ARP to determine the physical (MAC) address that corresponds with a specific IP address.
Type arp with the a option to display IP addresses that have been resolved to MAC addresses recently.

4. Netstat
Netstat (Network Statistics) displays network connections (both incoming and outgoing), routing tables, and a
number of network interface statistics.
It is an important part of the Network + exam but its a helpful tool in finding problems and determining the
amount of traffic on the network as a performance measurement.

Netstat s provides statistics about incoming and outgoing traffic.

5. Nbtstat
Nbtstat (NetBios over TCP/IP) enables you to check information about NetBios names.
It helps us view the NetBios name cache (nbtstat -c) which shows the NetBios names and the corresponding IP
address that has been resolved (nbtstat -r) by a particular host as well as the names that have been registered by
the local system (nbtstat n).

6. NSLookup
NSLookup provides a command-line utility for diagnosing DNS problems. In its most basic usage, NSLookup
returns the IP address with the matching host name.

7. IPConfig
Not part of the TCP/IP utilities but it is useful to show current TCP/IP settings.
The IPConfig command line utility will show detailed information about the network you are connected to. It
also helps with reconfiguration of your IP address through release and renew.
Lets say you want to know what youre IP address is ipconfig is what you type in the command prompt.

ipconfig will give a quick view of you IP address, your subnet mask and default gateway.

ipconfig /all will give you more detailed information.

Through ipconfig /all we can find DNS severs, if we have DHCP enabled, MAC Address, along with other
helpful information. All good things to know if we have trouble getting connected to the internet.
Other IPConfig tools that are helpful include ipconfig /release and ipconfig /renew. But before I get into this
lets discuss how we actually get an IP Address.
There are two ways to obtain an IP address. One way is to have a static IP address which we manually assign.
The second one is to have a dynamic IP address obtained through a DHCP server.
If you were to right click on Network Connects, go to Properties, right click on Local Area Connection, scroll
down to Internet Protocol (TCP/IP), and select Properties youll see two options:

Obtain an IP address automatically

Use the following IP address

Unless you know your static IP address youll want to stick to the option for automatically obtaining the IP
address. If you have it set to automatic your computer will be issued an IP through a DHCP server.
And just in case youre wondering, Dynamic Host Configuration Protocol (DHCP) is a network protocol that
enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a
scope) configured for a given network.
In laymens terms: I have a cable modem at home and I have that modem connected to a wireless router that
issues out IP address to anyone that connects to that router. That is DHCP that is issuing out IP addresses.
Your company probably has a server dedicated to this. Understanding this is definitely important for any
networking exam.
Lets look at what happens when we release our IP address.

Ive just lost internet connection and my IP address is 0.0.0.0. If I type ipconfig /renew this option re-establishes
TCP/IP connections on all network adapters and I can resume my internet surfing.

Note: ipconfig /release renew wont work if you manually assigned your IP addresses.