Network Troubleshooting Commands

These are measures and processes used to identify, diagnose and solve problems within a
computer network.

Troubleshooting is the process of diagnosing the source of a problem. It is used to fix problems
with hardware, software, and many other products. The basic theory of troubleshooting is that
you start with the most general (and often most obvious) possible problems, and then narrow it
down to more specific issues.

Network troubleshooting is primarily done by network engineers or administrators to repair or

optimize a network. It is generally done to recover and establish network or Internet connections
on end nodes/devices.

Some of the processes within network troubleshooting include but are not limited to:

 Finding and resolving problems and establishing Internet/network connection of a

computer/device/node
 Configuring a router, switch or any network management device
 Installing cables or Wi-Fi devices
 Updating firmware devices on router, switch etc
 Removing viruses
 Adding, configuring and reinstalling a network printer

Basic Network Troubleshooting Steps

Network troubleshooting is a repeatable process, which means that you can break it down into
clear steps that anyone can follow.

I. Identify the Problem

II. Develop a Theory
III. Test the Theory
IV. Plan of Action
V. Implement the Solution
VI. Verify System Functionality
VII. Document the Issue
Command-Line Tools

On Windows PCs, the command prompt can be accessed by searching for it in the start menu or
by typing “cmd” into the Run window. On a Linux system, you can press Ctrl + Alt + T to open
the command line.

The following commands can be entered into the command prompt one at a time to reveal
specific information about the network status:

Ping

Ping is the ideal command to use when you need to confirm network connectivity, at the IP level,
between two hosts, or to confirm whether the TCP/IP stack is working on your local machine. A
successful ping confirms network connectivity between the two hosts and it also gives reports on
packet loss.

Key Features:

 Widely used
 Connection error detection
 Free to use

Below is an example of a successful run of the ping command to the “google.com” remote host.

C:\Users>ping google.com

Pinging google.com [172.217.9.46] with 32 bytes of data:

 Reply from 172.217.9.46: bytes=32 time=38ms TTL=56

 Reply from 172.217.9.46: bytes=32 time=12ms TTL=56
 Reply from 172.217.9.46: bytes=32 time=14ms TTL=56
 Reply from 172.217.9.46: bytes=32 time=12ms TTL=56

 Ping statistics for 172.217.9.46:

 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milliseconds:

Minimum = 12ms, Maximum = 38ms, Average = 19ms

In addition to confirming IP connectivity to “google.com”, these results confirm that we are able
to properly resolve domain names (i.e. DNS is working on the local machine).
That Loss figure that you see in the last line of the ping output is the number of lost packets
followed by the packet loss rate in brackets.

A few pro-tips for working with the ping command for advanced troubleshooting:

 Use ping –t to ping a host continuously. For example:

 ping –t google.com

Would continue to ping google.com until the ping was interrupted. Press control-c (the “CTRL”
and “C” keys) to end a continuous ping.

 If you cannot ping domain names like google.com, but you can ping IP addresses on the
Internet like 8.8.8.8 (Google’s DNS servers), you may have a DNS-related problem.
 If you cannot ping IP addresses on the Internet like 8.8.8.8, but you can ping hosts on
your Local Area Network (LAN), you may have a problem with your default gateway.
 You can use “ping localhost”, “ping::1”, or “ping 127.0.0.1” to test the TCP/IP stack on
your local machine. “Localhost” is a name that resolves to one of the loopback addresses
of a local machine, “::1” is an IPv6 loopback address, and “127.0.0.1” is an IPv4
loopback address.

Ipconfig

Determining the IP settings on your computer is an essential part of network troubleshooting.

The ipconfig command helps you do just that. Entering ipconfig at a command prompt will
return IPv4 and IPv6 addresses, subnets, and default gateways for all network adapters on a PC.
This can help determine if your computer has the right IP configuration. Additionally, ipconfig
can be used to change or update selected IP settings.

Key Features:

 Lists interface statuses

 Shows gateway address
 Free to use

Pro-tips for working with ipconfig:

 If ipconfig returns an IP address that starts with 169.254 (e.g. 169.254.0.5), your PC is
likely configured for DHCP but was unable to receive an IP address from a DHCP server.
 Use ipconfig /all to get the full TCP/IP configuration information for all network adapters
and interfaces.
 Use ipconfig /release to release the current DHCP assigned network parameters.
 Use ipconfig /renew to renew the current DHCP assigned network parameters.
 Use ipconfig /flushdns to clear the DNS cache when troubleshooting name resolution
issues.

The following below are to be implemented in class.

 1. Ipconfig /all
2. Ipconfig /release
3. Ipconfig /renew

Tracert

Tracert is similar to ping, except it leverages Time To Live (TTL) values to show how many
“hops” are between two hosts. This makes it a helpful tool in determining where a network
connectivity breakdown is occurring. Basically, tracert helps you understand if the router or
network that is down between your computer and a remote host is one you control or not.

Key Features:

 Connection path trace

 Spots overloaded links
 Free to use

Again using google.com as an example, we can see there were 10 hops between our PC and
google.com.

 C:\Users>tracert google.com
 Tracing route to google.com [172.217.4.78] over a maximum of 30 hops:
1. 1 ms 1 ms 3 ms 192.168.1.1

2. 246 ms 49 ms 56 ms 10.198.1.17

3. 58 ms 48 ms 54 ms 10.167.184.102

4. 63 ms 55 ms 85 ms 10.167.184.107

5. 50 ms 55 ms 56 ms 10.164.72.244

6. 72 ms 365 ms 69 ms 10.164.165.43

7. 92 ms 61 ms 45 ms 209.85.174.154

8. 67 ms 42 ms 58 ms 108.170.244.1

9. 372 ms 66 ms 46 ms 216.239.51.145

10. 64 ms 73 ms 44 ms lga15s47-in-f78.1e100.net 172.217.4.78]

Trace complete.

Netstat

Netstat allows you to display active connections on your local machine. This can be helpful
when determining why users are unable to connect to a given application on a server or to
determine what connections are made to remote hosts from a computer. Entering netstat at the
command prompt will display all active TCP connections. Adding parameters to the netstat
command will extend or alter the functionality.

Key Features:

 Lists active ports on the device

 Highlights port issues
 Free to use

Here are a few helpful netstat commands and what they do:

1. Netstat –a displays all active TCP connections and the TCP and UDP ports a computer is
listening on.
2. Netstat –n displays all active TCP connections just like the netstat command, but it does
not attempt to translate addresses or port numbers to names and just displays the
numerical values.
3. Netstat –o displays all active TCP connections and includes the process ID (PID) for the
process using each connection.

You can combine different parameters to extend the functionality of netstat. For example,

netstat –ano would display all active TCP connections and the TCP and UDP ports a computer
is listening on, use numerical values, and report the PID associated with the connections.

Nslookup This is a useful command-line utility that enables DNS troubleshooting and
diagnostics. It’s available on Windows and *nix operating systems. There are a variety of use
cases for this flexible utility and it can be run in interactive mode or by entering commands
directly at the command prompt.

To help you get started, we’ll review some nslookup commands that are helpful in three of the
most common use cases: finding an IP address based on a domain name, finding a domain name
based on an IP address, and looking up email servers for a domain.

Key Features:

 Show DNS entry details

 Troubleshoots address problems
 Free to use
Below are examples of how to do each from a Windows command prompt.

C:\Users>nslookup google.com

 Server: ns2.dns.mydns.net
 Address: 192.168.247.45
 Non-authoritative answer:
Name: google.com

Addresses: 2607:f8b0:4009:805::200e

172.217.10.46

The output above shows us that the DNS server used on our local machine was
ns2.dns.mydns.net and since ns2.dns.mydns.net is not an authoritative name server on Google’s
domain, we get a “Non-authoritative answer”. If we wanted to specify a different DNS server in
our query, we simply add the DNS server’s domain name or IP address after the command, like
this (using the 1.1.1.1 DNS server from CloudFlare).

C:\Users>nslookup google.com 1.1.1.1

Server: 1dot1dot1dot1.cloudflare-dns.com

Address: 1.1.1.1

Non-authoritative answer:

Name: google.com

Addresses: 2607:f8b0:4009:812::200e

216.58.192.174