Software tools.

In this video,

we're going to discuss various software tools

that are used in troubleshooting

and configuring our networks and network devices.

These includes Wi-Fi analyzers,

protocol analyzers and packet captures,

bandwidth speed test, port scanners, iPerf,

NetFlow analyzers, TFTP servers, terminal emulators,

and IP scanners.

First, we have wireless analyzers,

which is a specialized piece of software

that can be used to conduct wireless surveys

to ensure you have the proper coverage

and it helps you prevent any non desired overlap

between wireless access point coverage zones and channels.

Now, if you're concerned with the channels and use

and their signal strength for a given area,

you can use a view inside of a Wi-Fi analyzer

to display the SSID of each network detected in that area,

their relative signal strength

and the channel they're using.

Here, you can see that most

of the 2.4 gigahertz Wi-Fi networks are in use

and are centered on channel one

with four others being located on channel six.

Now channel 11 is not being heavily utilized at all.

It only has one network called Home.

This is being located on channel 11 as the home network,

but there are four other wireless networks

located at channel nine

and this could cause interference for both channel six

and channel 11,

as you can clearly see they're overlapping frequencies

on this visualization.

Now, in addition to this view,

you can also overlap the coverage zones on a floor plan

using a Wi-Fi analyzer as part of a wireless site survey.

This displays the location of the wireless access points

and the signal strength that's radiating

from each of those access points.

In this example,

you can see the entire office building

is pretty well covered in Wi-Fi

as it's shown by the green coverage areas.

But, there is a smaller area of yellow and orange

on the left-most wall.

As you exit the building,

you'll see more areas of orange and red,

which indicates areas of lower signal strength too.

Due to the left wall having a large orange

and yellow coverage area,

we may want to suggest adding another access point

in this area of the building. This would allow us to have

more wireless networking capabilities

on that part of the building if we needed to.

Next, we have protocol analyzers and packet capturing tools.

Now a protocol analyzer is used to capture

and analyze signals and data traffic

over a communication channel.

In networking,

we most commonly use a software tool known as Wireshark

as a protocol analyzer.

Now a packet capturing tool is going to be used

to capture packets running over a network connection

in real time,

and then save them for later analysis.

This lets you intercept, log and analyze

the network traffic and data

in order to fully identify classify

and troubleshoot network traffic

based on its application type, source and destination.

The tool like Wireshark contains both a protocol analyzer

and a packet capture functionality,

making it a great all-in-one tool for you to use.

Now, Wireshark and other protocol analyzers

are going to be used to troubleshoot your networks

when they're experiencing performance issues.

By using Wireshark,

you can see a breakdown of each packet that's flowing

across the network,

and you could validate if things are operating

as they should inside your network.

Cyber security professionals also use Wireshark

and other packet captures and protocol analyzers

to be able to trace connections,

view the contents of suspected network transactions

and identify bursts of network traffic as either suspicious,

malicious or benign.

In addition to Wireshark,

there are many other protocol analyzers

out there in the field,

including Ethereal, Protocol Expert, Netasyst,

Network Analyzer, Network Instruments Observer,

LanHound and EtherPeek.

As for packet capture or packet sniffing tools,

Wireshark can also perform this function,

but so does tcpdump, WinDump, PRTG Network Monitor,

SolarWinds Network Performance Monitor and NetworkMiner.

Next, we have bandwidth speed testing tools.

There are several local area network speed test tools

that exist.

And there's also many websites that allow you to conduct

an end to end speed test from your client

to their internet servers.

Now a bandwidth speed test tool

should be more accurately described

as a throughput test tool though,

because remember, real-world throughput is the speed

from your client to the end point device and back.

Whereas bandwidth is the theoretical limit.

Essentially, these tools are going to download

a large random file from a server

and then turn around and upload it back to that same server.

During this download and upload process,

the server measures the amount of time it took to download

that file and then upload it again.

This gives you a real world measure of the throughput

across your network from the client,

all the way to that server.

Now, a local area network version of this,

is going to do the same exact thing,

but it's going to be conducted by a network appliance

or a piece of software that you're connect to the network.

This type of speed test works much the same way

as the internet speed test I just described,

except your data transfer only occurs

over the local area network

from one client to another client,

measuring the time it takes to send and receive

that test file locally.

If you need to determine if your internet connection

is performing adequately,

you can use an internet bandwidth speed tests

like Speedtest.net.

If you need to determine

if your local area network performance is adequate,

then you're going to use a local area network version of this,

something like Lan Speed Test or HELIOS's LanTest software

to meet this need.

Next, we have port scanners.

A port scanner is a software tool

that's used to determine which ports are open on a network.

Running a port scan on a networker or server,

is going to reveal which ports are open and listening

or ready to receive information,

as well as revealing the presence of security devices,

such as firewalls that may be present between the sender

and the target.

Now a port scan can send a carefully prepared packet

to each destination port

and then analyze the response it receives back

to determine if that port is open,

closed or filtered.

Now, there are many different software based

port scanning tools available.

What are the most common,

is Nmap, the network mapper,

but there are lots of others out there as well,

including the SolarWinds Port Scanner and LanSweeper.

Next, we have iPerf.

iPerf is a software tool that's used

to gather an active measurement

of a maximum achievable bandwidth on an IP-based network.

This is an open source and cross-platform tool

that can produce standardized performance measurements

for any given network.

iPerf has client and server functionality,

and it can create data streams to measure the throughput

between the two ends of the connection.

It can do it in one direction or in both directions.

Now, iPerf is going to work by creating TCP

and UDP data streams on an IP network

and then it's going to measure the throughput of the network

as it carries that data back and forth.

Next, we have NetFlow analyzers,

a NetFlow analyzer is a software tool used

to perform monitoring, troubleshooting

and in-depth inspection, interpretation

and synthesis of traffic flow data.

By analyzing NetFlow data,

you can more accurately conduct capacity planning

and ensure that resources are being appropriately used

in support of your organizational goals.

For example, using NetFlow data,

we can see what types of traffic is consuming

all the resources on the network.

Is most of your bandwidth being used by people

going on Facebook?

How about Twitter?

What about Gmail or Exchange?

Depending on your organizational requirements,

you may not want a lot of your bandwidth

being used by people browsing social media,

but if you're a social media marketing company,

you would expect to have a large number of people

on Facebook all day working,

and that'll be completely appropriate.

By using NetFlow, you're going to be able

to see that traffic and determine what looks right to you.

Now, in addition to looking at specific websites being used,

you can also look at the application type

that's generating that traffic

such as Web, NetBIOS, Voice over IP services,

ICNP or even BitTorrents.

But understanding the data flows on your network,

you can increase your overall performance

or even block traffic types that are not generating

any value for your business.

Next, we have TFTP servers.

The Trivial File Transfer Protocol or TFTP,

is a simple protocol for exchanging files

between two TCP/IP machines.

TFTP servers are going to be used for simple file transfers

on our network.

And they're most commonly used to conduct boot loading

of remote devices.

TFTP servers are only going to support two functions.

They can read files and write files.

TFTP servers are often going to be used by embedded devices

or systems that retrieve firmware,

configuration information or a system image

during their boot up process.

In our modern networks,

many Cisco network devices use TFTP

to backup their running configurations

and iOS images to a TFTP server.

Then, those files can be copied back from the TFTP server

to a router or switch later if you need them.

Next, we have terminal emulators,

a terminal emulator allows a host computer

to access another computer,

including remote ones

through either a command line interface

or a graphical one using either Telnet or SSH.

For security purposes,

we should always be using SSH instead of Telnet though,

because Telnet does everything in plain text,

that a terminal emulator is going to allow user

to access files on the remote computer, transfer files

between two computers and remotely control

that remote computer.

There are many different terminal emulators out there

on modern workstations

that allow you to connect to a server or network device.

But the most popular one on Windows,

is known as PuTTY.

PuTTY is a free serial console terminal emulator

that supports SSH, Telnet, SCP and Rlogin.

If you need to connect to a switch or a router

in order to configure it over SSH from a Windows client,

you're probably going to be using PuTTY.

Other terminal emulators include Cmder,

the ZOC terminal emulator and Mintty console emulator.

If you're working on a Linux client,

there's many terminal emulators available,

including ones built into the operating system itself.

Things like the GNOME terminal,

the KDE Konsole and xterm.

If you're working on OSX or a Mac machine,

there's a built-in terminal program as well called Terminal,

or you can download other ones like iTterm2,

MacTerm or Kitty.

Lastly, we have IP scanners.

An IP scanner is a software tool

that's used to search for and detect IP addresses

and other information related to devices on your network.

These tools are going to be used to conduct network management

and to identify any route devices

that may be connected to your network.

There are many IP scanners available for us,

including Nmap, the network mapper,

Free IP scanner, IP Address Manager,

PRTG Network Monitor, Angry IP Scanner,

Network Scanner and the IP Range Scanner by LanSweeper.

As you may have noticed,

many of these IP scanners are the exact same tools

as we discussed for port scanners

or at least made by the same companies.

Now, this is because,

like Nmap, many of these tools can first scan

for the IP addresses on your network segment,

and then they can conduct a deeper scan

against each of those IP addresses to scan the ports

and the services over those ports.

For the exam,

it's important for you to understand

when you might use a Wi-Fi analyzer,

a packet analyzer, a packet capture tool,

a bandwidth speed test tool, a port scanner,

iPerf, NetFlow analyzers, TFTP servers,

terminal emulators or an IP scanner.

If you can remember which tool is used for which thing

in your network management and troubleshooting,

you're going to do fine on test day.

But you do not have to remember all the names

of all these tools.

The only ones you'll probably need to know by name,

are things like Nmap and Wireshark,

because those are so heavily used

in network troubleshooting.

Ping and traceroute.

In this video,

we're going to cover the ping and traceroute command-line tools

and how to use them in maintaining

and troubleshooting our networks.

First, we have ping,

ping is used in checking the connectivity

between two devices and we often use this

in network troubleshooting.

There are a couple of different ways to use ping,

but the most common way is to just type in ping

and the domain name you want to test.

For example, if you're on a Windows machine,

you can enter ping www.jasondion.com

and hit Enter.

And this is going to send out four pings

and get four replies.

And it tells you the site is either up or down.

This is the default one that you're going to use.

Now, if I wanted to get 10 or 20 or 30 pings,

I can do that by doing ping -n and then the number.

So ping -n 10 jasondion.com

will ping jasondion.com 10 times, and then it will stop.

Now, you can also do this

where it will just keep pinging over

and over and over again forever.

To do this,

you're going to use ping -t and the domain name.

So in this example, I would do ping -t jasondion.com

and it would go forever and ever keep pinging that site.

Now, why would I want to do that?

Well, it might be useful to see

if your WAN link is up all the time.

In some places I've worked,

we've had a ping, constantly running on a distant end

and we leave it up on a big screen monitor.

Then we could just look up

and we could see if that connection is working or not,

or if it's having any issues.

Now in the examples I just gave you,

I was working on a Windows client,

but ping does work a little differently

if you're using Linux, Unix or OSX.

One of the key differences, is that on a Windows machine,

it only sends four pings by default and then it stops.

If we wanted it to run forever,

we'd use the -t option, like I said.

Now, in Linux, Unix and OSX clients,

ping is going to run continuously by default,

just like that -t and Windows did.

Now, if you only want to send four pings

like we did in Windows,

we would have to do that by doing the -c command,

which stands for count.

So it'd say -c 4 after my ping command.

So I would do ping -c 4 jasondion.com.

Or if I wanted to do 10, I could do ping -c 10 jasondion.com

and then stop.

Really, you can use any number

of pings you want with the -c option

and it works like the -n option you had in Windows.

If you're running pin continuously on any operating system

and you want to stop it at any time,

you can issue the break command.

To do this,

you simply press the Control key and C,

and this will end up breaking or stopping

that continuously running ping.

The last option we need to cover is the -6 option.

If you enter ping -6 and the domain name,

this is going to force the ping to go over IPv6,

instead of IPv4.

This -6 option is going to work the same

regardless of the operating system you're using.

So what does all this look like in the real world?

Well, here you can see,

I did a ping of jasondion.com from my Windows machine,

and it sent out four pings and received four replies.

Here you can see the time it took, 74 milliseconds,

74 milliseconds, 156 milliseconds and 71 milliseconds.

This gave me an average of 93 milliseconds

across all four pings and all four pings were sent

and all four packets will receive back.

This indicates that my web server is up

and accepting traffic at this time.

Now, next, we have traceroute

and this can be written

as either traceroute all written out

or tracert if you're on a Windows system.

If you're on a Unix, Linux or OSX system,

you're going to enter that command as traceroute.

Now, either way, we pronounce it the same way,

we call it traceroute.

Now, traceroute is going to be used to display the path

between your device and its destination,

showing the source and destination IP address

along every single hop as you go.

Now, hop is simply any router or firewall

that's there as part of the layer three path

in that transmission,

going from the client to the destination.

To perform a traceroute,

simply enter the traceroute and the IP address

or domain name of the destination you want to reach

from your client.

Now in response,

you're going to get a list of all the routers

between you and the computer you're trying to get to.

If you want to do this using IPv6, instead of IPv4,

you can add the -6 option to your traceroute command.

Now, let's look at quick example here

by doing a traceroute to www.diontraining.com

from my workstation.

Notice, it's going to go out

and resolve the IP address for us automatically.

Then it starts tracing out the route

from my computer with a source IP of 10.0.2.2

out to the destination IP of 54.221.229.100.

Now, how does traceroute work?

Well, it's going to use the time to live field

in the IP packet header.

Normally, the TTL or time to live is going to be used

to prevent packets from being forwarded

around the internet indefinitely by routers.

This would create a routing loop, right?

So we don't want that to happen.

Instead, each time a packet is forwarded by a router,

it takes one off of that time to live.

So if the time to live reaches zero,

that packet is dropped and discarded

and response gets sent back with an error message.

So traceroute actually uses this to its advantage,

and it sends out a series of packets to the destination.

The first packet is going to be sent out

with a time to live of one.

It's going to hit that first router

and then that's going to decrease it's time to live to zero

because it hit zero, it's going to now drop the packet

and send back an ICMP message

that says,

time exceeded for that packet back to the source IP

and informs it,

that that packet didn't make it to the final destination

and it was dropped.

Then traceroute sends out another packet.

This time, it has a time to live of two.

Again, it goes through the first router

and it hits the second router.

At that point, it's hit zero again.

And so it's going to go back to the original sender.

This continues over and over again

until traceroute finally gets

to the final destination successfully.

But the entire time it keeps incrementing

that time to live one, every time it sends out a new packet.

This way,

it can identify each and every router or hop

along the source to destination.

Now, sometimes you're going to come across something

that looks a bit strange in your traceroutes output.

For example, notice here around line 15,

I have a bunch of timeout requests,

even though my server is up and running.

What does this mean?

Well, this means you're seeing a firewall on our path

or some other kind of device

that's not responding to ICMP or ping traffic.

This is a security feature of a lot of firewalls.

So my traceroute command simply reports back

that the response that it received

or in this case didn't receive from that device at that hop.

Now, this still tells me there's some kind of device there,

but I know it's filtering that traffic.

And so I'm now being able to fingerprint your network

and figure out where your firewalls are.

In this case,

my service provider for diontraining.com does not respond

to those types of request.

Therefore, I can only trace the path

as far out as the outermost layer of their network.

Once I get to the outermost layer of their network,

their border gateway,

it's going to stop responding to my request

and I'm going to receive timeout messages.

But I won't be able to see all the information

about the routers and firewalls there,

except to know there is something there.

And I can see that by those stars that are existing.

Now, when it comes to troubleshooting your network,

you can use ping to determine

if you have a network connection

from your source to your destination without any issues.

If someone's complaining

that their network connection isn't working,

I usually follow a simple four-step process

to determine where that issue is occurring.

First, I'm going to try to ping google.com

or some other really big website

that's always up and available.

If this works,

I know my network connection is good

and the internet connection is good.

And in this case it would be a user issue

that's specific to a website they're trying to access.

If I can't ping google.com successfully,

I'm going to switch to pinging an IP address,

something like 8.8.8.8

and I'll see if that works.

Now, 8.8.8.8 is a great IP address to use

for a couple of reasons.

First, it's really easy to remember,

it's just four eights.

Second, it's the DNS server for Google.

So it has an extremely high rate of availability

and reliability.

So it's almost always up and it makes a great IP to use

for your troubleshooting.

Now, if you can ping 8.8.8.8 successfully,

this indicates your internet connection is working,

but I'm probably having DNS issues

because I couldn't resolve google.com

to its proper IP address and ping it.

At this point,

we would shift our troubleshooting efforts

towards the DNS issue either with our local DNS cache

or our DNS server.

Now, if you can't ping 8.8.8.8,

this means you can't reach the internet successfully.

So we need to go back and refocus our efforts

by moving inwards by one step.

Now, I'm going to ping my default gateway,

my router or my modem.

This way, I can see what the internal IP addresses

of that border gateway router

and see if I can reach it.

For example, in my home office,

we're using a private IP range of 192.168.1.0/24,

so my default gateway is 192.168.1.1.

If I can ping that IP address and it goes successfully,

this means I have a good connection

from my client all the way through my switches and routers

up to that border gateway router.

So now I can know the issues

between my border gateway router

and the 8.8.8.8 server,

because something is wrong with our internet connection,

maybe our modems offline or something like that.

So we'll troubleshoot in that half of the network.

Now, if I can't ping the default gateway,

that means there's an issue between my client

and my border gateway.

This can be anything,

it could be cabling or switches or anything else

in between those two devices,

including my local workstation itself.

So the next thing I want to ping

is my local client's IP address.

For example,

if your IP address is 192.168.1.23

and your default gateway was 192.168.1.1,

you're going to ping the local IP address

of 192.168.1.23

and you'll see if that works.

If pinging that does work,

this means that you have an issue

between your network card and the default gateway.

So you need to check your cabling and your switches

and all the things outside of your device.

Now, if you can't ping your local IP address,

that means you now need to ping your local host

of 127.0.0.1.

If you can,

that means your network card

and its drivers are properly installed.

If you can't,

that means you need to re-install your network card drivers,

because there's most likely something being corrupted

in there.

As you can see by just using my ping command,

I can quickly identify where the issue is.

Is it on the internet side?

Is it a problem with my modem or my router?

Or is it a cabling or switch issue?

Or maybe it's a client or driver issue?

By doing these four steps, you can figure it out.

Now, if the issue is between the router and the destination,

this is where traceroute is going to become really helpful

for you,

because I can identify all the routers are being used

between my client and the destination.

And then I can see where the data stops flowing.

Then if I own that device,

like an internal router or firewall,

I can check its configuration

and work to restore those services.

Ipconfig, ifconfig and ip.

In this video, we're going to cover the ipconfig,

ifconfig and ip command line tools

and how we use them in maintaining

and troubleshooting our networks.

First, we have ipconfig.

Ipconfig, or IP Configuration, is used to display

all of the current TCP IP network configuration values

and refreshes the DHCP and DNS settings

for a Windows client or server.

If you enter ipconfig at the command prompt,

you're going to get some basic information back

about the TCP IP network configuration

in use by your Windows client.

In this example, you could see my IPv6 link-local address,

my IPv4 address of 10.0.2.15,

my subnet mask of 255.255.255.0

and my default gateway of 10.0.2.2.

There isn't a whole lot of details here,

but it does give you the basics.

Now, for example, if I entered ipconfig

and my IP address was listed as 169.254.132.51,

that would indicate I have a DHCP issue,

because my computer is now assigned an APIPA address

or automatic private IP address value.

Now, if this was the case, I could try to get a new IP

by releasing and renewing my connection

or by rebooting my machine.

If that doesn't work, then I can troubleshoot

the DHCP server and ensure that it's functioning properly.

To release the current IP address,

you have to enter the ipconfig /release command

and hit ENTER.

At this point, you're going to see

your IP configuration displayed again,

this time showing you have no IPv4 address,

no subnet mask and no default gateway assigned.

To attempt to get a new DHCP address,

you're going to enter ipconfig /renew and then you press ENTER.

Now you're going to get an IPv4 address, a subnet mask

and a default gateway assigned through the DHCP DORA

or discover, offer, request and acknowledge process.

Now, you may remember that DHCP actually gives up

a bit more information though, right?

What is our DNS server's IP address?

When is my lease going to be obtained and when does it expire?

How can I find my Mac address

if I need to know the physical address

for some kind of troubleshooting of layer 2 issues?

All of these details simply aren't being displayed

when I type in ipconfig and hitting ENTER though.

So I want to enter ipconfig /all,

then I'll be able to see all these additional details

about my TCP IP configuration.

Now, here I can see my host name, MSEDGEWIN10.

I can also see a description of the model

of the network adapter

or the network interface card I have installed.

I can see the physical address

and the fact that DHCP is enabled on this machine,

as well as the auto configuration being enabled

if DHCP fails to get an IP address,

which means I can have an APIPA address assigned

if I need to.

I can also see the IP address and subnet mask,

just like I did in the summarized ipconfig version,

but now I also see my lease times of the issue

and expiration for that DHCP address.

I also see my default gateway,

my DHCP server and DNS servers' IP addresses.

That is a lot of information

and it can be really helpful to you as a network technician

during your troubleshooting efforts.

Next, we have ifconfig.

Now, ifconfig stands for interface configuration

and it's the command line tool used in Unix,

Linux and OS X systems to display IP address information

just like we did with ipconfig in Windows.

Ipconfig only works in Windows,

so if you're going to be working on a Unix,

Linux or OS X system, you have to use ifconfig.

Now, ifconfig is used to configure your network interfaces

and troubleshooting network connectivity issues.

If you enter the command, ifconfig by itself

and you press ENTER, the system is going to display

the status of the currently active interfaces.

If you only want to see a single interface though,

like en0, you can enter ifconfig en0.

Now, if you want to display

all the interfaces available on the system,

even if those interfaces are currently down,

you would enter, ifconfig -a,

which is like the /all command

that we used inside of Windows.

Now, the big difference here between ifconfig and ipconfig

is that you're going to get

the same amount of information with ifconfig

regardless of whether you're using it by itself,

with an active interface or with the -a option.

There's no brief version of it.

The only difference is the number of interfaces

that are going to be returned,

whether you're saying a single interface,

the active interfaces or all the interfaces.

Notice here, I typed in ifconfig and under en0,

you can see inet6, which list out my IPv6 address.

And I see inet, which is my IPv4 address,

which is 192.168.1.54.

All the other information I need is there too.

This includes things like my physical address

or Mac address, which is listed as ether,

my net mask or subnet mask,

which is shown in hexadecimal equivalent,

but it's still going to be equivalent to 255.255.255.0

like you're used to.

It's going to have the broadcast IP for this network

and the fact that this network is up.

As you can see by default, ifconfig has more details

than ipconfig does on a Windows client.

Now, if you need additional details,

you can enter ifconfig -v and then the interface.

The -v stands for verbose,

meaning tell me a lot about this thing.

So you can see here, I get a lot more details,

including the type of the connection,

in this case, it's WiFi,

the speed of the transmission for the uplinks and downlinks

and if the quality of service is enabled or not.

Ifconfig can also be used to control the network connection

and not simply display information about it.

If, for example, I want to turn off that connection,

I can use ifconfig down,

and this will shut down the network interface.

If I use ifconfig up,

this will activate that network interface.

If you're using static assignments on an interface,

you first need to shut down the interface

and then set the new address and subnet mask

and then you can activate the interface again

by using ifconfig up.

Remember, ifconfig down turns off

your network interface card and if you enter ifconfig up,

it'll turn that network interface card back on.

These are really important to remember,

because if you're not seeing any network connectivity

on a Linux client or server,

it could be that somebody mistakenly turned off

that network card and you just need to enter ifconfig up

to turn it back on.

Now, as of this recording,

ifconfig is considered officially deprecated,

which means it's now considered to be obsolete

in modern systems and network administrators

should instead be using the ip command,

which has replaced it.

That said, many systems still support ifconfig,

at least for now.

So you should still learn it

in case you're working on an older system.

Now, finally, we have ip.

The ip command is going to be used to assign an address

to a network interface

or configure a network interface perimeter on a Unix,

Linux or OS X operating system.

Ip is a newer tool and it was designed

as a modern replacement for ifconfig.

The ip command stands for internet protocol

and it supports all the same functions as the if command.

The ip command though can do a whole lot more.

Now, the ip command is actually an entire suite of tools

that supports not just configuring your interface address,

but also things like routing, creating tunnels

and much, much more that is way beyond the scope

of this particular course and this exam.

Now, instead I want to focus on how we can replace

the if command using what we learned

with similar features inside of the ip command suite.

Now first, if I want to display the configuration

of my interfaces, I can simply enter ip a,

instead of using ifconfig

and this is going to give me the same type of information.

The ip a stands for ip address

inside of the ip suite of tools.

Second, if I need to assign a static IP address

to an interface, I can use ip a add,

the IP address, dev, whatever device I'm using.

For example, this will set the IP address

to the device interface known as eth0 or ethernet zero

as 192.18.1.123.

Third, we can remove that static IP address

by entering ip a del, IP address, dev, device

and that will be able to take out that IP address

from that device.

Now, fourth, if we want to change our Mac address,

we can conduct Mac spoofing simply

by entering ip link set dev, the device,

in this case eth0, address,

and the Mac address we want to use.

In this case, 00:11:22:33:44:55

or whatever other Mac address you want to use.

Fifth, if you want to make your network interface card operate

in promiscuous mode,

this will allow it to listen to all the traffic on a network

and not just the traffic destined for its own Mac address.

To do this, you can enter IP link set dev, your device,

eth0 in this case, promisc on.

This is really useful if you're setting up a packet sniffer

or a packet capture on a Linux client or a server.

Finally, if you need to disable

or enable a network interface,

you can use ip link set eth0 down

to turn off eth0

or ip link set eth0 up

to turn it back on.

Now, we really only just scratched the surface

of what the ip command can do,

but if you're working heavily with Linux systems,

I recommend you spend a little time learning

more about the ip command

and all the different functions it has.

For this certification exam though,

we covered exactly what you need to know

to make sure you're successful on test day.

nslookup, dig and hostname.

Now in this video, we're going to cover

nslookup, dig, and hostname.

These are three command line tools,

and you need to understand how to use them

in maintaining and troubleshooting your networks.

First, we have nslookup.

nslookup stands for name server lookup,

and it's going to be used to query the domain name system

to provide the mapping between domain names and IP addresses

or other DNS records.

Now, if we need to get the IP address

of a fully qualified domain name nslookup is the tool

that will help us do that.

For example, let's pretend you wanted to find out

the IP address for diontraining.com.

Well, you can open up your command prompt

and you can type in nslookup www.diontraining.com

and press enter.

When you do that,

you're going to get the IP address shown on your screen

that tells you where Dion Training servers are.

Now, when you enter the command and the domain name

like this, in all one line,

we call this the non-interactive mode.

Now with non-interactive modes,

you're going to be able to display just the name

and the requested information for a host or domain name

to your screen.

But you can also use nslookup in an interactive mode.

Now interactive mode allows a user to query name servers

for information about various hosts and domains,

or allows them to print a list of hosts inside of a domain.

To enter the interactive mode,

you just type nslookup at the prompt and hit enter.

Now you're going to enter the nslookup shell,

and you can perform more in-depth queries here.

Using this interactive mode will allow you to have

more detailed control over the environment,

including allowing you to change the server you're using

to conduct those look-ups

and changing the different types of records

that you want to respond with.

Now, if you want to change the DNS server that's being used

for the query, just enter the term server,

and the DNS servers name or IP address and hit enter.

Now, if you instead want to change

the type of record you want to search for,

you can enter set q equals and then the record type.

This stands for set query type equals, and then that thing.

So for example, if I wanted to search for mail records,

which are known as mx records in DNS,

I would type set q equals mx and hit enter.

Then, I get my next prompt

and I can start searching mail records for any domain name.

So, I'm going to be able to find

all the different mail records,

for instance, for diontraining.com.

Here, I can see all five mail exchange server records

for diontraining.com,

and you can see they're all hosted by Google

because Google Workspace is what we use

for our company's email and file servers.

Now next to each mx record, you can also see the preferences

with one being the highest preference

and the two being listed with five

acting in a load balance configuration.

And then, we have those backed up

by two more exchange mail servers

that have a preference of 10,

which has also load balance between those two servers.

Next, let's search for some CNAME or canonical name records.

To do this, I first need to set my query type to CNAME

because we're still set to mx records at this point in time.

So I'm going to enter set q equals CNAME and hit enter.

Then, I enter the domain name

that I want to get the CNAME records for.

And again in this case, I'm going to use diontraining.com.

Now, in response to this,

the nslookup is going to display all the CNAME records

right there on my screen.

Here, I'm just showing you the first one,

because I have about 20 different CNAME records

for diontraining.com.

If we scroll down through these screens,

you'd be able to see each and every one of them.

As you can see, nslookup is a very useful tool

when it comes to troubleshooting your DNS records

and other DNS issues that you may be experiencing.

If you become a cybersecurity analyst

later on in your career,

you can also use nslookup to conduct reconnaissance

against other organizations

that you may be hired to work for during a penetration test.

nslookup exists for Windows, Linux, Unix, and OS X systems.

In these examples, I was using the Windows version,

but the other versions operate the exact same way.

The only difference you're going to see

is that instead of using something like set type equals mx,

instead of set q equals mx,

if you're using things on a Linux, Unix or OS X system

and doing record type searches.

Next we have the dig command.

dig is another tool that's used to conduct queries

against DNS name servers.

dig is only available for Linux, Unix, and OS X systems

by default,

but there are Windows versions that can be installed

if you'd like to use it on a Windows machine.

Now to use dig,

it works a lot like the non-interactive mode of nslookup.

If you enter dig and the domain name like diontraining.com,

you're going to get back the A records for that domain name

and those A records contain the IP addresses

for that domain.

Now, in this example,

you can see there are two A records for diontraining.com

because we use a load balancing web cluster

to host our website.

Now, dig does not support an interactive mode

the way nslookup does.

So, if you want to search for other types of records,

you're simply going to specify those

when entering the command.

For example,

let's say I wanted to look for those mail exchange

or mx records.

I'm going to enter dig-t, which stands for type, and then mx,

which stands for male exchange.

And then, I'm going to enter the domain name

in this case, diontraining.com.

Here again, you can see we have five mx records

associated with diontraining.com

and they're all pointing to the Google Mail servers

because that's who's hosting our company's email

using Google Workspaces.

Now finally, we have the hostname command.

The hostname command is going to be used

to display the hostname portion of the full computer name

for a given system.

Now, the hostname command works on Windows, Linux,

Unix, and OS X operating systems.

Now to use hostname, you simply enter hostname

and press enter at the command prompt.

As an example, I entered the hostname command

on an OS X system here.

In this case, my MacBook Pro.

Now you can quickly see the full name of my laptop

is Jasons-MBP.localdomain.

Now this means the computer is going to be named

Jason's MacBook Pro or Jason's MBP,

and it exists on a local domain.

because here I'm not connected

to an Active Directory-based domain environment.

At some organizations I've worked for in the past,

we run large Active Directory-based Windows domains.

And for those systems, you might see something like,

Jasons-PC.intranet.diontraining.com,

as its FQDN or fully qualified host and domain name,

since it's becoming a member of that domain.

ARP, route, nbtstat and netstat.

In this video, we're going to cover four tools,

ARP, route, nbtstat, and netstat,

which are all command line tools

and you need to understand how to use them

when maintaining and troubleshooting your networks.

First, we have the ARP command.

ARP stands for the Address Resolution Protocol.

Now you're ARP command is going to be used to display

and modify entries in the Address Resolution Protocol cache,

or ARP cache, on a given system.

Your ARP cache contains one or more tables

that are going to be used to store IP addresses

and their associated physical addresses,

which are known as Mac addresses.

Now, essentially by using the ARP command,

we can see an interact with layer two physical addresses,

or Mac addresses, and their associated bindings

of layer three IP addresses.

Now the ARP command can be used on Windows, Linux,

Unix, or OS X systems, and the commands are identical

regardless of what operating system you're using.

Now, if you enter ARP and press enter,

the commands then display help information

so you can learn how to use this command.

If you want to view the ARP cache,

you're going to type in ARP -a.

And in this example, you can see that my Windows machine

has found the default gateway located at 192.168.105.1

and the broadcast for this network,

which is 192.168.105.255.

Here you can also see the network broadcast

physical address and it's set to ff-ff-ff-ff-ff-ff,

which is always going to be the layer two broadcast address

on all networks.

Then you're going to see three multicast addresses

that were found here.

Each one starting with 224 as the first octet.

Next, you see the IP of 239.255.255.250.

This IP is going to be used by Windows Explorer

to find connected devices on the local area network

using the WS Discovery Protocol.

This is known as the Web Service Dynamic Discovery Protocol.

Now pretty much every Windows machine

is going to have this IP listed inside it's ARP cache.

Finally, we see the IP address of 255.255.255.255.

And this is a reserved IP

that's used to send broadcast messages

to the entire network.

Now, if you need to delete an IP address

to a physical address mapping from your ARP table,

you can do this by simply entering ARP -d

and the IP address you want to delete.

In this example, I'm going to delete the multicast IP

that's used by the WS Discovery Protocol.

Now, if I want to statically assign a mapping

between an IP address and a Mac address,

I can do that as well.

I'm just going to use the ARP -s command for static.

Now for example, I can statically map

the WS Discovery Protocol address again

by entering an ARP -s 239.255.255.250,

and then it's Mac address 01-00-5e-7f-ff-fa.

Notice that the Mac address here

is entered by using hyphens and not colons

like we do in a lot of other things commands.

Now in general, you shouldn't have to create static mappings

for the ARP cache,

but static ARP entries are useful in some cases

where you want to make sure you pre-configure an entry

for a device that's not yet connected

to a layer three switch,

or if you want to prevent a particular entry from timing out.

By default, an ARP entry will stay in the cache

until it gets deleted after 21,600 seconds,

which is about six hours.

Now, if you need to clear the entire ARP cache,

you can do that as well by doing ARP -d and hitting enter.

By not specifying what to delete,

it's going to delete all the ARP entries

that are currently stored in that cache,

including all your dynamically generated ones

and any static ones you may have already created.

Next, we have the route command.

The route command is going to be used to view and manipulate

the IP routing table in a Windows, Linux,

Unix, or OS X system.

That's right, your computer has a router built

directly into it as part of the operating system,

and you probably didn't even know it.

Now to learn the proper syntax

or how to use the route command,

simply enter the command route and hit enter,

and it's going to display a help screen

to tell you all about this command.

Now, if you want to display the current routing table

on the Windows machine, you can enter route print

and hit enter.

For example, here you can see both my IPv4

and IPv6 routing tables from my Windows client.

Notice the first IPv4 route that is listed here.

It is the network destination of 0.0.0.0

and it has a subnet mask of 0.0.0.0

and it's gateway is set to 192.168.105.1.

Now, what is special about this particular route?

Well, it's using an IP address of 0.0.0.0

as its destination, right?

This is special because anytime you see 0.0.0.0

as your route, this means this is the default route.

Now the default route is the route that's going to be taken

whenever there is no other route available

for particular IP destination address.

Basically it says, I don't know what to do with this,

so I'm going to send it out the default route.

So as a package received on a routing device,

in this case, my computer,

it's going to check that device first

and see if it knows where to send this IP

to the right destination.

If it knows it because it's connected

to one of those local subnets, it's going to route it there,

and if it doesn't, it's going to forward it out

the default route of 0.0.0.0,

which in this case went out my default gateway

of 192.168.105.1.

Now also note there's a column here called interface.

This dictates which network interface card

is going to receive traffic

for each specific network destination.

In the case of the default route,

the packets will be forwarded out that network interface

with the IP of 192.168.105.3,

which is my internal network interface card.

The only other interface that's active

on this Windows client is the local host,

which is represented by 127.0.0.1.

Since a local host is only used internally

on this one Windows client,

sending traffic there won't route it to the network,

and instead it keeps that traffic internal

to the singular client.

So we don't want that as our default route.

Now, if you're having issues with a Windows client,

you should check the routing table

and ensure it hasn't been corrupted or changed.

If you don't see a default route,

this is going to cause a lot of traffic

to be unable to leave the client

and not be able to transmit that data from the client

to the network or to the internet.

Now, if you're using a Linux or Unix client,

the route print command is not going to work for you.

That's a Windows thing.

Instead, you're going to have to use route -n

to display the routing table.

Now, if you want to add a static route

to your client's routing table,

you can do this by entering route add,

the destination network, mask, the subnet mask,

and then the gateways IP address, metric

and the number of the metric, if and the interface number.

For example, I can add a route

for the 172.16.0.0/16 network to interface 12

by entering the command route add

172.16.0.0 mask 255.255.0.0

192.168.105.3 metric 10 if 12.

Then if I enter the route print command on a Windows machine

or route -n on a Unix or Linux machine,

I'll be able to see this new route of 172.16.255.255

that's been added to my routing table.

Next we have the nbtstat command.

The nbtstat command is used to view

the current connections and statistics

for devices communicating using netBIOS

over the TCP/IP protocol.

nbtstat is a Windows command line tool only though.

When you're using nbtstat,

you're going to receive helpful information

that will show you different options

and usage for this tool.

Now, if you enter nbtstat -n,

this is going to display the netBIOS local name table

to your screen.

This contains a list of all the netBIOS devices

that have been learned by this Windows client

while it communicates over the local area network.

If you instead enter nbtstat -c,

you're going to see all the names of the computers

that are stored in the netBIOS name cache

on this Windows client.

In this example, my cache is empty

because my Windows client is the only Windows client

on this network, and there's no other Windows devices around

for it to learn their names.

Now, if you find that you're having trouble

communicating with other Windows PCs or file shares

on your network, you need to check your netBIOS connections

and your caches on your Windows clients using nbtstat.

Finally, we have netstat.

Netstat is short for network statistics.

Netstat is going to be used to display information

for IP based connections on a client,

including its current sessions,

its source and destination IPs and its port numbers.

Now netstat is used in Windows, Linux, Unix,

and OS X systems.

You can just enter netstat by itself and hit enter,

and you'll get a simplified display

that contains four columns of information.

This includes the protocol, the local address,

the foreign address, and the state.

In this example, all of my connections are using TCP

as their protocol.

There are two local addresses in my example,

the local host of 127.0.0.1 and my network interface card,

which is 192.168.105.3.

Notice each of these has a colon and a port number after it.

Next we have the foreign address or the destination address.

In this case, the local host address,

they cannot communicate with other foreign IPs,

so instead they're communicating directly

with the Windows client itself,

and this is using my host name for this Windows machine.

For the other foreign addresses, if the host name is known,

it will resolve to that host name, like diontraining.com.

If not, it'll just show the IP address.

You can see here that 52.179.224.121

was not able to be resolved to a host name,

so that IP address is shown here on the screen.

Since this was using port 443,

this is displayed as HTTPS instead

because this is a well known port number.

Finally, we have the state column.

This can be established, time wait, closed wait,

closed, listening, or other TCP connection states.

Notice here, we didn't see any listening ports.

This is because we've just enter the command netstat.

If instead we entered netstat -a,

we're going to show all the sockets,

both listening and non listening, as well as all protocols,

such as TCP, UDP and ICNP.

Again, here we can also see IPs resolve to host names

when it's possible.

Now, if you prefer to see all IP address numbers

instead of those hosts names,

you can do this by entering the netstat -n command.

But since I only use the -n option,

I'm no longer going to see the listening status anymore.

Now, what would you do if you want to have both the IP address

numbers in the listing status?

Well, you combine the two options

and you get netstat -an.

Now, personally, when I run netstat,

I tend to run it using netstat -ano.

This gives me all the states, both listening

and non listening because of the -a,

as well as the IP address numbers,

because I have that -n,

but I also added this -o,

which gives me a fifth column called the PID.

Now PID is the Process Identification Number and the -o

I added in the -ano, stands for owner,

and it's going to tell me which process

owns each network connection that we're seeing.

Now by adding this fifth column,

I can determine what application or service

is communicating over the network

using which IPs in which ports.

Then if I run the task list command,

I can get a list of all the applications

and their PID numbers.

In my case, I see a bunch of network connections

were created by the application with PID6776.

As I look at my output from the task list command,

I can then cross reference it and see that PID6776

is the application Google Drive, fs.exe,

which is the file synchronization process

for Google Drive on this Windows workstation.

So this makes a lot of sense

that I'm seeing a lot of network connections on the system

using this process ID,

because it sends a lot of files and receives a lot of files

using Google Drive as I'm syncing up data.

Now, if I suspect a client is infected with malware

or may have become a zombie as part of a botnet,

I can run the netstat -ano command

and really help identify what applications or services

are creating all these connections

and sending data back and forth.

Then I can use this information

to remove those malicious programs.

Now, the final option we have with netstat

is known as the -s option, which stands for statistics.

Now, this is going to an output on your screen

with the statistics for the IPv4, IPv6, ICMPv4

and ICMPv6 connections,

as well as breaking down those statistics

into TCP and UDP statistics for both IPv4 and IPv6.

This information can be used to help you determine

the health of your network connection

by showing you how many packets were delivered,

how many were discarded, how many couldn't be routed,

how many had errors

and how many were fragmented during transit.

Overall, this information is really helpful

as you create your baselines for what normal looks like

on a given client.

Then you can use that as your baseline

and compare your current status against that baseline

to see if you have any unexpected results.

Telnet, tcpdump and nmap.

In this video, we're going to cover the telnet,

tcpdump and nmap tools and how we use them in maintaining

and troubleshooting our networks.

First, we have the telnet command.

Telnet is both a command and a network protocol.

The telnet command is going to be used to communicate

using an application protocol over the internet

or a local area network

to provide a bidirectional interactive text

oriented communication facility

using virtual terminal connections.

Now, telnet is used to be built into windows,

Linux, Unix and OSX systems by default.

Telnet is capable of allowing a user

to test the network connectivity

between a client and a server,

as well as issue commands using text-based interfaces.

Normally, you're not going to want to use telnet

because it's an older and insecure protocol.

Instead, you should be using SSH.

But as a network technician, there's still one use case

where relying on telnet could be considered acceptable.

And that's when you're connected directly to a router

or switch over a console cable connection

because you're then have a trusted and direct connection

to that device.

Because of the insecure nature of telnet in general,

it's actually been disabled by default in Windows 10.

If you want to re-enable it,

you can enter the command

Deism/Online/Enable-feature/FeatureName:TelnetClient

and then it's going to re-install this feature.

OSX has also removed telnet in recent versions too,

but most Linux and Unix systems

still have telnet installed by default.

If you want to quickly test a network connection using telnet,

you can enter Telnet, domain name and port and hit enter

to connect to that device.

For example, I might enter telnetdeontraining.com80

and hit enter.

Then, you're going to see the word connecting

flash across your screen

and then you'll be receiving a black terminal window

with a blinking cursor.

At this terminal, you can hit enter a few times

or conduct a banner grab technique,

which is using cybersecurity to get information directly

to that web server and get it to responses back

and then you can identify

what type of software they're using.

In this case, you can see that my web server

is running open rusty,

and it's a web server software here.

And then the connection was terminated by my web server,

because it didn't get the commands it was expecting.

If I was using telnet to connect to a router,

I can assign network ports, set up LAN IP addresses,

reset the web graphical user interface password,

reset the system to its factory defaults, reboot the system,

or ping a host,

all from within a text-based interactive telnet session.

Next, we have tcpdump, tcpdump is a command line tool

that allows a network technician to display TCP/IP

and other packets that are being transmitted

or received over a network to the client screen.

Now, tcpdump is not included on windows clients by default,

but it is installed by default on Linux,

Unix and OSX systems.

If you want to use it on windows,

you'll have to actually download and install it.

Now, tcpdump is used to simply dump the traffic

from a network onto the screen,

but this can also be redirected to a file,

so you can store it and analyze it later on

using the tcpdump-w option.

This will create a file known as a PCAP file

or Packet Capture file.

When you use tcpdump, you can see the same standard format

used for every single packet, this includes a timestamp,

whether the packet is IPV4 notated by IP in the tcpdump,

or IPV6 notated by IP6 in the tcpdump,

the source IP import, the destination IP import,

what flags were used in that TCP packet,

the sequence number, the acknowledgement number,

the windowing number and the length of the packet.

If any of these options are set in the packet,

it's going to be shown between the windowing number

and the packet length.

If you create a PCAP file using tcpdump,

it can later be loaded into a more graphical tool

like Wireshark, where you can do more analysis on it.

Or you can reload it back into tcpdump

and analyze it in this text-based tool.

Finally, we have nmap then Network Mapper.

Nmap is used to discover hosts and services

on a computer network by sending packets

and analyzing the responses it receives.

Now, nmap provides a number of features

for probing computer networks, including host discovery

and service and operating system detection.

Nmap is a great tool to use when you're conducting

both port scanning or IP scanning.

Now in addition to this, nmap can be configured to conduct

fingerprinting of the services running on those ports,

which allows it to identify the versions

of the software being used.

This is really helpful in detecting vulnerabilities

and specific versions of services

that are operating on your network.

Also, nmap is very useful when trying to create

network maps, documenting your network,

or identification of road network devices.

Network Platform Commands.

In this video,

we're going to cover the Network Platform Commands

for the exam that you need to be aware of.

Now, there are a lot more commands

than what we're going to cover in this lesson.

but for the exam, there are three you need to know.

Now, when I mention the term network platforms,

I'm talking about things like routers, switches,

and firewalls.

And for the exam,

I want you to know the 'show interface', 'show config',

and 'show route' commands

and how we use them in maintaining

and troubleshooting our networks.

So, what is a network platform?

Well, I know this sounds like a really funny term

that CompTIA uses here.

And when they refer to a network platform in the objectives,

what they're really referring to is any router, switch

or firewall regardless of the brand or manufacturer.

This is because CompTIA exams

are considered vendor neutral exams.

So we're not asking you just about Cisco.

We could be asking you about a Cisco router,

a Juniper switch, or a Sidewinder firewall.

It doesn't really matter.

They're all considered network platforms.

Now, each device manufacturer does create

their own command line interface,

that's going to be used to configure, monitor

and troubleshoot their devices.

But they're all pretty similar in their actual functions

and commands

and most of them are based off Cisco

because they were one of the first,

really big router and switch companies out there.

For this lesson,

we're going to focus on the three clearly outlined

inside your objectives.

Those are: 'show interface', 'show config' and 'show route'.

These three terms are specific to Cisco devices,

but similar commands exist for other manufacturers

like Juniper and Sidewinder devices as well.

For the 'show interface' command,

you could use 'show interfaces' with an 'S' on it

on a Juniper device.

Or 'cf interface',

which stands for configure interface

on a Sidewinder firewall.

It'll give you the same type of thing.

Now for the 'show config' command on a Cisco device,

you could use 'show configuration' on a Juniper device

or 'cf config' on a Sidewinder device.

Now for the 'show route' command,

you would still use 'show route' on Juniper devices,

but you use 'cf route status' on a Sidewinder firewall.

For the exam though,

you're only tested on the three I mentioned,

'show interface', 'show config', and 'show route'.

So let's take a look at these three specifically

and what type of information you can get from them.

First, we have 'show interface'.

The 'show interface' command

is going to display the statistics

for a network interface on the device.

Now, if you look at this specific interface,

instead of all of the different interfaces,

you'd want to enter 'show interface',

and then use the ethernet interface you want to look at.

For example, "show interface ethernet 1/1".

This would display only the statistics for ethernet 1/1,

that specific interface in port on that switch or router.

Now, when you use the 'show interface' command,

you can see if the interface is up or down,

if the line protocol is up or down

and some key statistics that'll help you determine

if there's any network issues.

First, you should look at whether the internet address

is a valid address,

or do you have an IP address that was assigned

because you had a DHCP issue.

If you see an IP address,

that means you need to investigate your DHCP.

Second, you should look at the bandwidth

and see if it matches your cable type.

In this example,

the bandwidth is set to 10,000 kilobits per second,

or 10 megabits per second.

This means the interface thinks

it's using a CAT 3 cable.

Now, if this is incorrect

and you're actually using a CAT 5 or CAT 6 cable,

that cable may be damaged,

which is why the device is only reporting

that it's capable of 10 megabits per second.

Third, you want to look at your MTU size.

By default, this is going to be set to 1500 bytes,

but if you're using a storage area network,

you might want to use jumbo frames

and use something as large as up to 9,000 bytes in size.

This is going to depend on what network you're looking at.

Also, you should check to see if there's any runs, giants,

or errors in the statistics,

as these are all indications of potential problems.

Finally, you should check for collisions.

If you're running full duplex on a switch or router,

there should not be any collisions

because each switch port is its own collision domain.

In this example, I see there are 432 collisions,

which indicates there's an issue on this switch port,

or maybe somebody is connected to hubs that switch port

downstream.

Now next we have the 'show config'.

Now 'show config' is a command that's used to display

the current system configuration to your screen.

When you use the 'show config' command,

there are no options or arguments.

It's just going to be entered as 'show config',

and you'll hit enter.

Now for the exam,

you do not need to understand each and every line

of this configuration.

If you move into being a network administrator

and you decide to take your

Cisco certified network associate certification or CCNA,

you're going to be expected to know

each and every line of this.

But for now,

you should be able to read through this configuration

and identify some key areas.

First, we have the shared secrets

that are being stored towards the beginning

of the configuration file,

as well as some basic items

that allow us to configure things like our prompt

and our message of the day.

Next we get into some system settings,

such as the system baud rate,

which is currently set to 9,600 bits per second,

when I'm communicating over a console port.

Next, we have some SNMP settings,

including enabling or disabling some of the traps

for this device,

so it can report back to an SNMP manager.

In this case, they're all disabled.

Next, we're going to have some IP settings

such as those two interface I have "sc0" and "sl0".

You can see the "sc0" is being set up to use

a class B private IP of

172.16.25.142.

And a route was set to allow traffic out the gateway router

at 172.16.1.201.

Now next we have our VMPS,

which is the VLAN Management Policy Server.

In this case,

we have it set to a TFTP server at

1.1.1.1,

and it is set to enable.

Next, we have our DNS set up for this device,

and this is set up to use two DNS servers,

a primary one at

198.92.30.32,

and a backup at

171.69.2.132.

Both of these are enabled,

and our DNS domain is cisco.com

because this is a sample configuration file

that was created for use by Cisco.

Next, we have our TACacs plus configuration,

including servers,

the number of invalid attempts allowed

and the timeout period.

After that, we have the configuration for an older protocol

known as IPX.

And this device is set to allow IPX traffic

to be bridged into this network.

Next, we have the VTP settings,

which are going to allow us to be in server mode.

Remember VTP is the VLAN Trunking Protocol.

And this is a proprietary protocol used by Cisco devices

to exchange VLAN information.

After that, we have some spanning tree protocol settings

specifically that we have enabled STP

leave a max age set at 20.

After that, we have CGMP, which is set to enable.

Now, CGMP is not something we've talked about before

in this course,

but this is a Cisco specific thing.

CGMP is the Cisco Group Management Protocol,

it's an older form of IGP used by Cisco switches.

Next we have CIS Log.

And in this case, it's set to enabled for the console

and it's set to disabled for the server.

All the logging levels are set here as well

and you could see they're either two or five,

anything above those numbers would not be forwarded

or logged by CIS log.

Now, after that, we have the NTP section,

which configures our Network Time Protocol server

that we're going to use,

including what time zone we're in

and if we're going to enable NTP clients or not.

After that, we have a permit list,

which is essentially an ACL.

In this case, the permit list is set to disabled.

Finally, we have the first module in our device,

a two port 100 base TX device.

So this is a fast ethernet device.

Here, you can see what has been enabled and disabled

on this particular module or interface.

As I said, you don't need to be an expert on any of this.

I just wanted to show you what it looked like

inside of a configuration file,

when you use the 'show config' command,

our third command is ''show route''.

The 'show route' command is going to be used

to display the current state of the routing table

on the device.

More accurately, we're normally going to enter this command

as show IP route and hitting enter.

This is because we normally want to see

the routes associated with IP based networks,

for most of our networks.

Most of us aren't running any networks that aren't IP based.

For example, you're probably not running an IPX

or AppleTalk network anymore.

Now here's an example of a router that I have

that I've entered show IP route on.

Here you can see,

first we have a legend that shows us all the different codes

and what they mean.

Then we see the gateway of last resort,

which is our default gateway that we're going to use,

if we can't route traffic to any of the other routes

that are listed below.

As you look at those routes,

you can see they're written in three columns.

The first column indicates

how the route is going to be derived.

Is it from IGRP, RIP, OSPF, directly connected,

a static route, EGP derived, or BGP derived?

Then we have our second column

and this tells us the type of route it is,

when we learn it through OSPF.

In this example,

we have three of these types of routes

and they're listed as E2, for OSPF,

external type 2 routes.

Then we have the address of the remote network,

such as 150.150.0.0.

And then we see a pair of numbers inside some brackets.

In this example, it's 160/5.

This means 160 is the administrative distance

of the information source

and five is the metric for this route.

Next, we see the via and an IP address,

which is the address of the next router

to the remote network.

After that we see a time

and this is the last time the route was updated.

It's written in hours, minutes and seconds.

So this first route is only one minute old.

Finally, we have the interface use for a specified network

in this route.

In this case, ethernet 2

is designated as the path for sending traffic

to this particular network.

So, as you can see from this show IP route command

that OSPF routes have an administrative distance of 160

and a metric of only five.

The EGP routes have an administrative distance of 200

and a metric of either 128 or 129.

This tells me that the router trusts the OSPS routes

more than it trust the EGP routes, right?

Now this makes sense

if you think back to our previous discussions

on broader protocols,

administrative distances and the believability

of these metrics.

All right, let's look one more time at the show IP route,

but this time on a different router.

Here, you could see a router that has fewer routes.

In this router. I only have four routes.

My default, route of one 60.89.0.0,

and then three subnets.

Here, you can see the connected route is showing

as possibly being down on ethernet zero.

Next, we see two IGRP derive routes

and they're using ISIS level 2 as the route type.

These routes have a lower administrative distance

than the OSPF an EGP routes that we looked at earlier,

but their metric is a bit higher than an OSPF one

that we saw before.

Now, if you wanted to get additional details

on any of these specific routes,

you could enter show IP route

and the IP address for that network

to get additional details,

including its routing metrics, reliability,

the delay on the network,

and even the hop count as you can see here.

So in summary,

you need to remember that 'show interface'

gives you the statistics for an interface

that 'show config' is used to display

the current configuration on device

and 'show route' is going to be used to get information

from the routes learned by a particular network device.