5.3 Given a scenario, use the appropriate network software tools and commands

Software tools

Software tools for troubleshooting include the following: WiFi analyzer, protocol analyzer/
packet capture, bandwidth speed tester, port scanner, iPerf, NetFlow analyzers, TFTP server,
terminal emulator, and IP scanner.

Wifi Analyzer

used to analyze Wifi problems
-helps find ideal place for locating AP
-helps find ideal channel to use
-creates heat maps to show quantity/quality of wireless network coverage in areas
-detects AP's (including rogue APs)
-helps find weaknesses in your network

Protocol analyzer/packet capture

• Capture and display network traffic and translates into readable English for user-friendliness
• Gathers frames on the network or in the air (wireless)
• Use a physical tap or
redirect on the switch (hardware or software)
-analyze network protocols like TCP/UDP, HTTP, FTP, etc
-help diagnose networking problems, identify unwanted/malicious network traffic, etc
-capture communication stream between systems
-reads and decodes traffic

eg) Wireshark

Bandwidth speed tester

Speed test sites, as the name implies, are
bandwidth speed testers that report the speed of the connection that you have to
them and can be helpful in determining if you are getting the rate your ISP has
promised.

Port scanner

Determines which ports are open on a network

Sends packets to a destination machine in order to identify the state of that machine's ports.

-helps you verify the security of systems under your
control.

-Hackers use port scanners to try to find an open port that they can use to access a system

While there are many port scanning tools, some with specialized purposes, Nmap stands
above the rest (Nmap = network mapper)

iperf

measures the available and maximum
bandwidth on a network

-no need to use speed testing service from a third party or your ISP

-need two computers (one is iPerf server, and the other is client)

iPerf works with TCP, UDP, and SCTP. Check out https://iperf.fr

NetFlow analyzers

Gathers traffic statistics from all traffic flows

-NetFlow Probe and Collector
-Probe is tapped into the network and watches network communication; then sends data to the NetFlow collector

A NetFlow analyzer is a tool that allows you to collect and analyze data about network traffic, including information about the devices that are sending and receiving traffic, the types of traffic that are being transmitted, and the amount of bandwidth that is being used. NetFlow is a Cisco proprietary protocol that is used to collect data about network traffic. It can be used to identify which devices and applications are using the most bandwidth, detect security threats, and troubleshoot network performance issues. NetFlow analyzers can provide detailed information about the traffic such as source and destination IP addresses, ports, protocols, and the amount of data transferred. They can also provide information about the top talkers, top protocols, and the top applications, which can help you to identify which devices and applications are using the most bandwidth. They can also be used to detect and analyze DDoS attacks, and to identify the source of the traffic.

Trivial File Transfer Protocol (TFTP) server

Uses UDP at Layer 4 and enables you to transfer
files from one machine to another.
Since it uses UDP, doesn't have any authentication,
so you would never use TFTP between computers across the Internet.

The typical scenario for
using TFTP is updating software and configurations on routers, switches, VoIP phones, and
the like on a LAN, where the chances of losing packets and security risk are very small

-Your device is the TFTP server

Terminal emulator

Allows a host computer to access another computer through a command-line interface or a graphical one

-basically an SSH client (Secure shell)
-encrypted terminal communication
-replaces Telnet, FTP
-provides secure terminal communication and file transfer features

IP scanners

An IP scanner is a tool that scans a network for IP addresses, MAC addresses, hostname,
manufacturer, operating system, ports, and other information. This can help you identify
both legitimate and rogue devices on a network.

Angry IP Scanner (https://angryip.org/) is
a popular one.

Command line tool

Selecting and using the right command line tool is a skill that aids greatly in network troubleshooting.
These tools include ping, ipconfig/ifconfig/ip, nslookup/dig, traceroute/tracert,
arp, netstat, hostname, route, telnet (ssh should be used instead of this CompTIA listed tool),
tcpdump, and nmap.

ping

ping - Test reachability

• ping <ip address> - Test reachability to a TCP/IP address
• ping -t <ip address> - Ping until stopped with Ctrl-c
• ping -a <ip address> - Resolve address to a hostname
• ping -n <count> <ip address> - Send # of echo requests
• ping -f <ip address> - Send with Don't Fragment flag set

-finds round-trip time
-uses ICMP

ipconfig/ifconfig/ip

ipconfig, ifconfig, ip - give you information about a computer's IP settings. Shows basic information, such as the name of the local network interface, the IP address, the subnet mask, and the default gateway

• ipconfig - Windows TCP/IP config
• ipconfig /all - Display all IP configuration details
• ipconfig /release - Release the DHCP lease
• ipconfig /renew - Renew the DHCP lease
• ipconfig /flushdns - Flush the DNS resolver cache

• ifconfig - Linux interface configuration
• ip address - The latest Linux utility

nslookup/dig

nslookup (name server lookup) and dig - Lookup information from DNS servers.

dig is a more powerful tool, and is also cross-platform, but is not installed by default in Windows OSes.

used to find the IP address that corresponds to a host, or the domain name that corresponds to an IP address (a process called "Reverse DNS Lookup")

• nslookup <ip address>
• dig <ip address>

tracert (traceroute in Linux/macOS)

traceroute - Displays the path between your device (the source) and the destination IP address, showing each route hop along the path. Even more helpful than the ping tool.

If a ping fails, with traceroute/tracert, you'll
be able to identify where it failed. The traceroute/tracert tool will produce a list of all
routers between you and a destination.

Windows:
• tracert <ip address>

Linux/macOS:
• traceroute <ip address>

• Takes advantage of ICMP Time to Live Exceeded error message
• Not all devices will reply with ICMP Time Exceeded messages

arp

arp - used to see a device's ARP cache, which is populated by ARP requests and ARP replies, allowing hosts to find an unknown MAC address for a known IP address.

Basically lists a table of MAC addresses and their corresponding IP addresses

• arp -a - View the local ARP table

netstat

netstat - Display network statistics and current active TCP/IP connections on the local system.

• netstat -a - Show all active connections
• netstat -b - Show binaries
• netstat -n - Do not resolve names

hostname

hostname
• hostname

-Used to display the hostname portion of the full computer name for a given system (eg. PC104 for mine)

route

View the device's routing table

• Windows: route print
• Linux and macOS: netstat -r

- Find out which way the packets will go

telnet

Telnet
• telnet <ip address> <port number>

• Login to devices remotely
• In-the-clear communication
• Useful for checking a port or application

tcpdump (COMPUTER PROGRAM, NOT A COMMAND)

tcpdump
• Capture packets from the command line
• Available in most Unix/Linux operating systems
- Included with Mac OS X,
available for Windows (WinDump)
• Apply filters, view in real-time
• Written in standard pcap format (Wireshark reads pcap format data)

Sometimes a GUI tool like Wireshark won't work because a server has no GUI installed.
In situations like this, tcpdump is the go-to choice. It not only enables you to monitor
and filter packets in the terminal, but can also create files you can open in Wireshark
for later analysis.

nmap (COMPUTER PROGRAM, NOT A COMMAND)

• Network mapper - find network devices
• Port scan - Find devices and identify open ports
• Operating system scan
- Discover the OS without logging in to a device
• Service scan
-finds out what service is running on what port
• Additional scripts
- Nmap Scripting Engine (NSE)

Basic network platform commands

When you're working with routers, one of the most useful troubleshooting command-line tools is show.

commands that are the same across different switch and router manufacturers

-once you know one, you know them all

show interface

• show interface
- View the interfaces on a device
- View detailed interface information

show config

• show config
- View the device's configuration (router's configuration)

show route

• show route
- View the routing table