Network Troubleshooting

TROUBLESHOOT UP THROUGH THE OSI MODEL

BY TREVOR KAPUSA

Background
The

efficient way is to approach it in a systematic

way
Start

by gathering information

Follow

the OSI network model

GATHER BACKGROUND
INFORMATION

When It is critical to obtain a complete picture of the issue.

Carefully consider how the problem manifests itself.

Ex. does it apply to inbound traffic, outbound traffic or both?

Try to determine when the issue started and consider how often the issue
occurs

Is this a constant or intermittent problem? Is this issue reproducible? If so,

how?

The cause may be an unforeseen side effect of maintenance.

Has anyone made any changes to the firewall or the networking equipment
that it connects to?

TROUBLESHOOT UP THROUGH
THE OSI MODEL

Physical Layer

Ensure the equipment at the distant end is powered on. Don't laugh. It
happens.

Examine the cabling

The maximum length of an Ethernet segment is 100 meters

Ensure that each cable connector clicks as it is inserted into the

network port

Check the network port indicator lights on each system. If a link light is
out, there is an issue with either the network card or cabling.

Ensure that the proper type of cabling is in use

If you suspect hardware issues with the network card, use a hardware
diagnostic command to test it.

Data Link Layer

local communications occur by network port hardware addresses

Failures at this layer are usually caused by an improperly configured network

port or a physical problem.

If there are network connectivity issues, check the Address Resolution

Protocol (ARP) table.
# arp a

The IP address of at least one system should be listed. If there are no

systems listed, there is a problem at the physical layer (above).

From the arp command results above, determine if the MAC address matches
the distant network port hosting that IP address. If the MAC address is
incorrect, delete the offending ARP entry.
# arp -d <IP address>

Cont

Systems must be configured to auto negotiate or use the same speed and
duplex settings

If there are intermittent or constant connectivity problems, use the netstat

command to check the status of the network interfaces:

e.g. auto negotiate or 100 Mbps full duplex

# netstat in

It is possible that the hardware is fine and the interface is down within the
operating system

Ipconfig /all

Ipconfig /release

ipconfig /flushdns

/renew

Network

In order to communicate across a network, each system needs an

IP address

a default gateway

Confirm that each node on the network has a unique IP address

Ipconfig

(169.0.0.0)

Each system sends network traffic to its default gateway

a network mask (Subnet Mask)

Determine if the default gateway is correct

netstat rn

The network mask tells the system which devices are on its local
network

Cont

Try using the ping command between devices

this requires echo/ICMP rules with enable replies selected

Ping <ipaddress>

If there are still issues with external connectivity, contact your ISP and
ask them to test the line.

Denial of Service (DoS) attacks can degrade the performance of a

system until it stops accepting network traffic

To determine what systems are connected, use the netstat command:

netstat -an

If you suspect ICMP based virus traffic:

use the netstat command to view the ICMP protocol statistics: netstat -s -p icmp

Cont

If there are issues with routing, outbound traffic will not flow properly

Check the routing table for erroneous entries: route print

Use the lookup feature of the route command to determine how it will
route traffic based on an IP address