The most important part of troubleshooting any problem is to divide the tasks of problem resolution into a
systematic process of elimination. Cisco has broken this process into eight steps:
1
Repeat the process if the plan does not resolve the problem.
Network troubleshooting tools are a necessity for every network administrator. When getting started in the
networking field, it is important to amass a number of tools that can be used to troubleshoot a variety of
different network conditions.
While it is true that the the use of specific tools can be subjective and at the discretion of the engineer, the
selection of tools in this article has been made based on their generality and common use. This article reviews
the top 10 basic tools that can help you troubleshoot most networking issues.
10. Ping
The most commonly used network tool is the ping utility. This utility is used to provide a basic connectivity test
between the requesting host and a destination host. This is done by using the Internet Control Message Protocol
(ICMP) which has the ability to send an echo packet to a destination host and a mechanism to listen for a
response from this host. Simply stated, if the requesting host receives a response from the destination host, this
host is reachable. This utility is commonly used to provide a basic picture of where a specific networking
problem may exist. For example, if an Internet connection is down at an office, the ping utility can be used to
figure out whether the problem exists within the office or within the network of the Internet provider. Figure 1
below shows an example of the ping utility being used to obtain the reachability status of the locally connected
router.
9. Tracert/traceroute
Typically, once the ping utility has been used to determine basic connectivity, the tracert/traceroute utility can
used to determine more specific information about the path to the destination host including the route the packet
takes and the response time of these intermediate hosts. Figure 2 below shows an example of the tracert utility
being used to find the path from a host inside an office to www.google.com. The tracert utility and traceroute
utilities perform the same function but operate on different operating systems, Tracert for Windows machines
and traceroute for Linux/*nix based machines.
8. Ipconfig/ifconfig
One of the most important things that must be completed when troubleshooting a networking issue is to find out
the specific IP configuration of the variously affected hosts. Sometimes this information is already known when
addressing is configured statically, but when a dynamic addressing method is used, the IP address of each host
can potentially change often. The utilities that can be used to find out this IP configuration information include
the ipconfig utility on Windows machines and the ifconfig utility on Linux/*nix based machines. Figure 3
below shows an example of the ifconfig utility showing the IP configuration information of a queries host.
7. Nslookup
Some of the most common networking issues revolve around issues with Dynamic Name System (DNS)
address resolution issues. DNS is used by everyone using the Internet to resolve commonly known domain
names (i.e. google.com) to commonly unknown IP addresses (i.e. 74.125.115.147). When this system does not
work, most of the functionality that people are used to goes away, as there is no way to resolve this information.
The nslookup utility can be used to lookup the specific IP address(es) associated with a domain name. If this
utility is unable to resolve this information, there is a DNS issue. Along with simple lookup, the nslookup utility
is able to query specific DNS servers to determine an issue with the default DNS servers configured on a host.
Figure 4 below shows an example of how the nslookup utility can be used to query the associated IP address
information.
6. Netstat
Often, one of the things that are required to be figured out is the current state of the active network connections
on a host. This is very important information to find for a variety of reasons. For example, when verifying the
status of a listening port on a host or to check and see what remote hosts are connected to a local host on a
specific port. It is also possible to use the netstat utility to determine which services on a host that is associated
with specific active ports. Figure 5 below shows an example of the netstat utility being used to display the
currently active ports on a Linux machine.
5. PuTTY/Tera Term
When connecting to a variety of different types of equipment, a telnet, SSH or serial client is required; when
this is required both the puTTY and Tera Term programs are able to provide these functionalities. The selection
of one over the other is strictly a personal preference. Figures 6 and 7 below show both puTTY and Tera Term
being used to connect to a host via SSH.
Figure 6: PuTTY
3. Speedtest.net/pingtest.net
A very easy test that can be used to both determine the Internet bandwidth available to a specific host and to
determine the quality of an Internet connection is the use of the tools available at the speedtest.net and
pingtest.net websites. The speedtest.net site provides the ability to determine the amount of bandwidth that is
available to a specific host at a specific point in time; this is often a good tool to use when measuring how long
it is going to take to upload or download information from a local to remote host. This measurement can also be
used to determine whether the connection is offering the amount of bandwidth that was purchased from the
Internet provider; keep in mind however that some amount of bandwidth difference is expected between the
quoted bandwidth purchased and the measured bandwidth. The pingtest.net website is used to determine the
quality of the connection by measuring the ping response times and jitter amounts over a short period of time.
This information can be used to determine a likelihood of how well the measured connection will deal with
certain types of high demand traffic like Voice over IP (VoIP) or gaming. Figure 9 and 10 below show example
output from both of these sites.
Figure 9: Speedtest
2. Pathping/mtr
In an effort to take advantage of the benefits of both the ping and tracert/traceroute commands, the pathping and
mtr utilities were developed. Both of these tools take the functionality and information that can be obtained
from these types of tools and provide a more detailed single picture of the path characteristics from a specific
host to a specific destination. Figure 11 and 12 below show examples of these two tools and what information
they provide.
1. Route
The last of the tools covered in this article is the route utility. This utility is used to display the current status of
the routing table on a host. While the use of the route utility is limited in common situations where the host only
has a single IP address with a single gateway, it is vital in other situations where multiple IP address and
multiple gateways are available. Figure 13 below shows an example of the route utility being used on a
Windows machine.
Summary
As with any job, the type of tools that are quickly available can greatly influence the amount of time that it takes
to complete a job. When troubleshooting a networking issue, the amount of time that it takes to find and fix a
problem directly affect the wasted costs that it causes to any system relying on the network. This article has
taken a look at the 10 most commonly used tools that can help in ensuring that the time that it takes to find and
fix a problem is as short as possible. I hope the information in this article can be helpful in future
troubleshooting.
Ping
Traceroute
Telnet
Show interfaces
Show ip interface
Show ip route
Show running-config
Show startup-config
Ive covered PING extensively in one of my previous posts, so for more details on PING, check out: How to
Troubleshoot Your Connections with Ping and Traceroute.
PING command has quite a lot of options from which you can greatly benefit. For example, you can choose to
PING with different network protocols. Moreover, you are able to set the exact number of PING requests to be
transmitted. You can also choose the length of data carried within the echo request packet (provided in bytes)
and also specify whether fragmentation of this packet is allowed or not during transmission. The last two
options in cooperation can be used to identify the lowest MTU value existing in the communication path.
On Cisco devices the simpler way to use the PING utility is to issue the command PING along with the IP
address of the remote device:
For more advanced features, simply issue the PING command and follow the prompts from that point on:
This command is very useful in identifying potential link bottlenecks throughout the transmission path. Here is
a sample output of the TRACEROUTE command:
The first line of the show interface command is the most important one. The first parameter refers to the
physical layer, therefore
in this case FastEthernet 0 is up and operating. The second part of the line refers to the Data Link Layer;
therefore here line protocol is up means that we have layer 2 connectivity as well. There are four possible
outputs that you may come across:
FastEthernet0 is up, line protocol is up: Both the Physical and Data Link layers on the interface are
functioning correctly.
FastEthernet0 is down, line protocol is down: This output indicates a physical interface problem. For
example, the cable on this interface or on the remote interface is disconnected.
FastEthernet0 is up, line protocol is down: In this case, Physical layer is operational. The line protocol
being down indicates a clocking or framing problem. Probable reasons for this are encapsulation and
clock rate mismatches.
Ethernet0 is administratively down, line protocol is down: This output indicates that a local interface
has been manually shut down using the shutdown command.
A lot of network monitor tools are available to help you during these difficult tasks. And although theres a lot
you can do, remember to never lose your courage; have patience and follow your gut.
Sometimes the problem that youre searching for will be right in front of you and will slip out of your hands,
just when you think you have it. So be persistent, be patient and remember: you will win the battle!
Be prepared; in order to fight well, you should be armed well. So get to know your device very well, know how
it operates, and know how to use the basic troubleshooting commands that you just learned so that you can
identify the problem, or at least estimate where the problem might be. Good luck
In the next image you can see a ping command towards the URL of Trainsignal.com. DNS query is performed
first to translate the URL to an IP address, and then four echo request message types are transmitted. Transmit
packets are time stamped. When the remote host receives these echo requests, inside the echo reply messages it
includes the timestamp enclosed in the echo request. Upon receiving the reply message and performing simple
calculations, the round trip delay time is revealed and noted:
RouterA prepares an ICMP echo request message, encapsulates it in an IP packet having Source
address=172.16.1.1, Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination
UDP port= anything not used (usually greater than 30000) and forwards it.
RouterB, upon receiving this packet, decrements one unit from TTL value, hence TTL becomes 0,
which means that it has to drop this packet. It replies back to the sender with an ICMP Time exceeded
message, including its source address in the SA field of the IP header (SA=172.16.1.2).
RouterA receives the response and prints out on the screen the first hop (IP address=172.16.1.2).
Afterwars, RouterA sends the same echo request message with TTL value=2.
RouterB decrements it by one and forwards it to RouterC which decrements by one again (TTL=0),
forcing it to return an ICMP time exceeded message with SA=192.168.1.2.
RouterA now prints out the second hop on screen (IP address=192.168.1.2).
Finally RouterA sends an ICMP echo request with TTL value=3 which is terminated on RouterD. The
latter passes the packet to the transport layer where the wrong UDP port number causes RouterD to
issue an ICMP Port Unreachable message.
RouterA upon receiving this message from RouterD knows that it has reached the final hop which
prints out on screen and stops sending any more messages.
1. Ping
The PING utility tests connectivity between two hosts. PING uses a special protocol called the Internet Control
Message Protocol (ICMP) to determine whether the remote machine (website, server, etc.) can receive the test
packet and reply.
Also a great way to verify whether you have TCP/IP installed and your Network Card is working.
Well start by Pinging the loopback address (127.0.0.1) to verify that TCP/IP is installed and configured
correctly on the local computer.
Type: PING 127.0.0.1
The results should tell you if the connection was successful or if you had any lost packets.
Packet loss describes a condition in which data packets appear to be transmitted correctly at one end of a
connection, but never arrive at the other. Why? Well, there are a few possibilities.
The network connection might be poor and packets get damaged in transit or the packet was dropped at a router
because of internet congestion. Some Internet Web servers may be configured to disregard ping requests for
security purposes.
Note the IP address of espn.com 199.181.132.250. You can also ping this address and get the same result.
However, Ping is not just used to test websites. It can also test connectivity to various servers: DNS, DHCP,
your Print server, etc. As you get more into networking youll realize just how handy the Ping utility can be.
2. Tracert
Tracert is very similar to Ping, except that Tracert identifies pathways taken along each hop, rather than the time
it takes for each packet to return (ping).
If I have trouble connecting to a remote host I will use Tracert to see where that connection fails. Any
information sent from a source computer must travel through many computers / servers / routers (theyre all the
same thing, essentially) before it reaches a destination.
It may not be your computer but something that is down along the way. It can also tell you if communication is
slow because a link has gone down between you and the destination.
If you know there are normally 4 routers but Tracert returns 8 responses, you know your packets are taking an
indirect route due to a link being down.
3. ARP
The ARP utility helps diagnose problems associated with the Address Resolution Protocol (ARP).
TCP/IP hosts use ARP to determine the physical (MAC) address that corresponds with a specific IP address.
Type arp with the a option to display IP addresses that have been resolved to MAC addresses recently.
4. Netstat
Netstat (Network Statistics) displays network connections (both incoming and outgoing), routing tables, and a
number of network interface statistics.
It is an important part of the Network + exam but its a helpful tool in finding problems and determining the
amount of traffic on the network as a performance measurement.
5. Nbtstat
Nbtstat (NetBios over TCP/IP) enables you to check information about NetBios names.
It helps us view the NetBios name cache (nbtstat -c) which shows the NetBios names and the corresponding IP
address that has been resolved (nbtstat -r) by a particular host as well as the names that have been registered by
the local system (nbtstat n).
6. NSLookup
NSLookup provides a command-line utility for diagnosing DNS problems. In its most basic usage, NSLookup
returns the IP address with the matching host name.
7. IPConfig
Not part of the TCP/IP utilities but it is useful to show current TCP/IP settings.
The IPConfig command line utility will show detailed information about the network you are connected to. It
also helps with reconfiguration of your IP address through release and renew.
Lets say you want to know what youre IP address is ipconfig is what you type in the command prompt.
ipconfig will give a quick view of you IP address, your subnet mask and default gateway.
Unless you know your static IP address youll want to stick to the option for automatically obtaining the IP
address. If you have it set to automatic your computer will be issued an IP through a DHCP server.
And just in case youre wondering, Dynamic Host Configuration Protocol (DHCP) is a network protocol that
enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a
scope) configured for a given network.
In laymens terms: I have a cable modem at home and I have that modem connected to a wireless router that
issues out IP address to anyone that connects to that router. That is DHCP that is issuing out IP addresses.
Your company probably has a server dedicated to this. Understanding this is definitely important for any
networking exam.
Lets look at what happens when we release our IP address.
Ive just lost internet connection and my IP address is 0.0.0.0. If I type ipconfig /renew this option re-establishes
TCP/IP connections on all network adapters and I can resume my internet surfing.
Note: ipconfig /release renew wont work if you manually assigned your IP addresses.