CompTIA Network+ N10-008 – Module 17 – Troubleshooting Networks Part 2

3. 17.2 CLI Troubleshooting Utilities

In this video we’re going to take a look at some command line interface or CLI commands we can use as administrators to manage our network. We might do troubleshooting, we might do verification and we’re going to be in a couple of different operating systems. We’re going to be in a Linux operating system and a Microsoft Windows operating system and we’re going to be taking a look at some commands that CompTIA says that we should know for the network plus exam. And we’re going to start here on Ubuntu. And that is a flavor of Linux.

There are several different flavors or they’re called distros or distributions of Linux. Ubuntu is a common one. And we’re sitting inside of the terminal window of Ubuntu right now. And let’s say that I wanted to connect out to one of the routers I have in my network and I’m going to first show you how I recommend you not do it. You could use telnet. We don’t like to use telnet because it’s not secure. If anybody were to capture the packets that we would be sending in a telnet session, they would be able to read them. Telnet sends data in clear text but this is a way you might connect to a host. I could say Telenet space and give the IP address or the domain name if I had DNS set up of the device I wanted to connect with.

And I have a router in my network with an IP address of 170, 216, 190 and it’s asking for a password. I don’t actually want to log in, I’m just going to give some bad passwords and we’ll time out there. But that was telnet. So if we should not do that, what should we do? We should use Secure Shell or SSH and I want to Secure Shell to a server with a username of admin and I’ll say Admin at and I’ll give the IP address of that server, it’s 170, 216, 2222 and I’ll enter the password and we’re logged in. And now if somebody were to intercept my packets they would not be able to read them because they’re all scrambled up thanks to Secure Shell or SSH. And when we’re doing troubleshooting and we’re sitting here at the command prompt, we’ve got access to lots of different commands such as Telnet and Secure Shell. And it might be difficult to memorize all of the different options for each command, but there’s built in documentation inside of our Linux operating system.

It’s called manual pages or man pages. If I just type in the command man, it says what manual page do you want? It’s not like a catalog we can browse through. So I want to say I want information on, let’s say the ARP command. I’ll say man space ARP and this gives me lots of information about the ARP command. I can scroll and scroll. I just hit Q if I want to pop out of that. But a lot of thorough documentation about these commands, but let’s actually use that ARP command. This is going to show us the ARP cache for a device and let’s say ARP space minus A. Have we learned the Mac address of any IP address is on this Subuntu machine? And we’ve learned one looks like our gateway. It says that the IP address of 192 168 61. One has this as its Mac address.

That’s the contents, somewhat limited contents of the ARP cache. We could also do an Nslookup to determine the IP address of a host out on the Internet somewhere. I could say Nslookup and I could point to, let’s say, my website Kwtrain. com, press Enter and it’s going to look it up and it will say, yes, Kwtrain. com is reachable at these IP addresses. Here are the IP version six addresses. Here are the IP version four addresses. And that was a non interactive way of using Nslookup. I could do it in an interactive mode. I could say Nslookup and press Enter. And now I’m sitting at a greater than sign prompt. Now I could say Kwtrain. com. Press enter. It gives me that same information. I could say cisco. com. So now I can enter multiple domains. And once I’m done, I’ll just say exit. And something else that will tell us the IP address corresponding to a domain name in the Unix world is the Dig command. I’ll say Di g and we’ll say Kwtrain. com and we’ll press Enter. And this can actually give us some additional information that we did not get from the Nslookup command. For example, you see this A right there, followed by these IP version four addresses.

Do you recall what an A record is in DNS? That’s an alias record. That’s a record saying that this domain name maps to this IP version four address. Yet another command we could use to get the IP address of a known domain name is the host command. I could say Host Kwtrain. com. And this also gives me a little different collection of information. It does tell me the IP address is used by Kwtin. com, but also notice it tells me who’s handling email for Kwtrain. com. I think that’s really interesting. In fact, we can just do a host command by itself, and it comes back and shows us all the different options that we have. And if we need to determine the IP address of this machine that we’re on right now, we could say if config and we see that we have an IP version four address of 192 168 61. Three. Looks like we’ve got a 24 bit subnet mask. Here is the directed broadcast address for this subnet. Here is our Link local IPV six address. Here is our Mac address.

We can see if we’re receiving or transmitting packets. Another very common command we use when troubleshooting is the ping command. Ping is going to allow us to check to see if a destination IP address is reachable. One of the things we often do is we’re following the path through the network. We’re trying to get as far along the path to the destination as we can. And we can ping our next top gateway, or our default gateway in this case here in my studio network, to get out to the Internet. The gateway that gets me out to the Internet is 170 216 one one. Let’s see if I can reach that. If I’m having Internet connectivity issues, can I ping 170, 216, one one? Yes, I can. And notice it’s telling me round trip delay times all well under one millisecond. I’m going to control C to break out of that. Something else we can do on our Linux systems is set up a firewall using the IP tables command. And if we want more information, we could say Iptables space minus help.

Or some versions of Linux might make you say dash help instead of just one dash. And you can see there are quite a few options in here. In fact, we can spend a lot of time just talking about how to do this. But for the Network Plus exam, I just want you to know its basic function. I want you to understand that the Iptables command is used to set up firewall rules on a Linux or Unix host. And we can take a look at the existing rules by using the uppercase L or the uppercase S options. In order to give that command though, we have to have an elevated privilege. So I’m going to use the pseudo command sudo, that is short for super user. Do I’ll say? Pseudo IP tablespace minus l.

And it makes me give the administrative password to do an elevated privilege command and it comes back and it would show us any rules that we had set up. Next, let’s take a look at the TCP dump command. And this is another command that’s going to require elevated privileges. So I’ll do that pseudo command again. And what TCP dump is going to do for us, it’s going to give us a packet capture utility right here on our screen. And if I wanted to take a look at packets coming into or going out of a specific interface on my system, I could use this utility and specify the interface in my system. I’m just using one interface so I don’t need to specify an interface. And I could say capture all packets until we tell it to stop. But oftentimes I’ll just give it a limit.

I’ll say give me five packets. Here’s. How I do that? I’m going to say sudo TCP dump space minus C, five that says capture five packets. And to see details inside of those packets, I’m going to say minus V, that’s going to turn on the verbose option and it’s going to come back and it’s going to show us the five packets that it captured. We’ll give it just a few seconds to complete and there they are. And we can wade through here and we could see all the details about the packets. We see things such as what’s in the toss by the type of service value, we see the time to live value, we see the length, we see what layer for protocol and partner we’re using. So lots of information.

But those are just five packets that we told it to capture. Now let’s check out a command that’s used for scanning a target system. This is something we could use for penetration testing or Pen testing. It’s the end map command. And by the way, some of the commands I’m giving might not come on your distro of Linux. You might need to install those. For example, here on Ubuntu I had to install this inmap command, I had to say sudo apt hyphen get install in Map and that’s how I installed in Map. But I’ve already got it installed now, so I’ll not press Enter and the output from the Nmap command is going to be telling me about open ports on the target system.

Now I’ve got an Imac Pro in my office and I’m going to use the Nmap command targeting that Imac Pro computer. I’ll say Nmap space and I’ll give the IP address of my imac pro. It’s 170, 216, 10, 483 and we’ll press Enter. It’s going to come back and it’s going to tell us which ports, UDP ports or TCP ports that are open. So if I were a bad user and I knew about a vulnerability that was using one of those ports, I might try to exploit that. And that’s also the kind of thing I’m doing if I’m doing penetration testing. In this example, it looks like I’ve only got one port that is open and it is TCP port 32 60. It’s open and it’s running the I scuzzy service. And that’s because I have a storage area network set up. So my Imac Pro, it has a volume that actually lives on an Icuzzy server and that’s the reason that particular port is open.

CompTIA also wants us to know about some Microsoft Windows commands. And here I’m on Microsoft Windows Ten and I’m in the command prompt app and let’s take a look at some Microsoft Windows Ten commands. Some are going to be the same as we had in Linux or Unix. For example, I could say ARP and it’s going to give me the options. Or I could say ARP space minus A, just like we did in Linux. And it’s going to tell me the Mac addresses that are known to be associated with specific IP addresses. And notice that we have dynamically learned this one. The other ones seem to be statically assigned, those can be configured by the administrator or they could be statically configured by the operating system. And in the Unix and Linux world we had the if config command to see IP address information.

What about in Microsoft Windows? Well, instead of if it’s IP config and it’s going to give us similar information, it says here is my IP version four address, here is my IPV six link local address, here is my subnet mask, here is my default gateway. But the output from this command doesn’t seem to give me as much information as that if config command did under Linux, for example, I cannot see the Mac address associated with that IP address. If I want more information, I could say Ipconfigspace all and this is going to give me that information that I’m looking for.

Like here is the physical address, that’s the Mac address that I’m interested in, and you can see that I got my IP version four address from a DHCP server. We even see when the lease is going to expire. And sometimes when we’re doing troubleshooting, we might want to release that IP address and refresh it from the DHCP server. We could do that by saying Ipconfigrelease and we’ll press Enter. And now notice that we don’t have the default gateway. We don’t have an IP version four address either. If I want to get my IP address information again, I’ll say IP config renew and it’s going to go out to the DHCP server and hopefully it’s going to come back with an IP version Fordress.

And sure enough it does. And something we don’t really have an equivalent to in the Unix world is the NBT stack command. Now NBT that stands for net BIOS over TCP. This goes way back to the really early days of Microsoft Windows and a network operating system they had back in the mid 1990s that was called Microsoft Land Manager, where you would have a net BIOS name that was the name of a computer associated with an IP address a little different than having a DNS name. We could use broadcasts sometimes to dynamically learn a host’s net BIOS name if we were on the same subnet as that host. But once we had larger networks and we started to split things up into different subnets and different VLANs, a broadcast did not go from one VLAN to the other.

Remember, a broadcast does not survive a router hop. So Microsoft came out with something called a Wins Server Wis, and its purpose was somewhat similar to a DNS server. That Wins server would do a translation from a net BIOS name to a corresponding IP address so we could reach a host in a different subnet by specifying its name. And if we want to see if we’ve learned any net BIOS names that are available over an IP connection, we can say MBT stat space minus C and it looks like I neglected to give a space here. It’s MBT stat space minus C. There we go. Now in this case I have not learned anything, but if we had, it would show up in this output. Another command that would be useful for troubleshooting is the net stat command. If I say net stat, it’s going to give us information about sessions, IP based sessions that are currently open on this PC.

This could be useful for troubleshooting. Let’s press enter. We can see our active connections. Give it a moment. And under this foreign address option, we see destination IP addresses and protocols being used to those addresses, and we see that we have an Https session established to those two IP addresses. Let’s go ahead and break out of that. And do you remember that Linux had that NS lookup command that would allow us to resolve a known domain name to a corresponding IP address? Well, we have an NS lookup command as well here in Microsoft Windows. And if I press Enter, just like with Linux, we could go into an interactive mode. I could say Kwtrain. com exit out of that, or I can do it in non interactive mode Nslookupkwin. com.

Or if I want some help because I don’t have man pages here on Microsoft Windows, I could say Nslookup to go into interactive mode, and then I could give a question mark, and it gives me the different options. And we still have a ping command like we did in the Linux world. I could ping that same IP address of 172 1611, and instead of going on forever, it just tries four times and then it stops. Or if I wanted it to go continually, I could give a minus T option, and now it’s going to be sending out pings until I’m done with it. Maybe I’m doing troubleshooting and I’m not connecting to an IP address. I’ve done this many, many times. I’ll do a ping with a minus T option and I’ll go change a cable, or I’ll reboot this and I keep looking at my screen to see if the pings are ever successful.

And once they’re successful, I realize that whatever I just did that fixed the problem. Let’s go and break out of that. And sometimes your Microsoft Windows machine is going to have its own routing information. It’s not just pointing to a default gateway. In other words, for example, sometimes I have a lab in my studio of networking equipment. I’ve got this rack of equipment that I want my PC to reach, but it’s on its own subnet, and I want my PC to get out to the rest of the world also. So I need a static route saying how to get to this network over here. That’s my lab network. I could do that by setting up a static route. If I want to see what routes I currently have, I could say Route space, print, and this is going to show me the routing information that I currently have. For example, this is my default route, all zeros, and it goes to an EXTOP gateway of 192 168, 61 one.

And we’re going out of an interface with this IP address. And something else that Microsoft Windows has that’s a little bit different under Linux is the Traceroute command. A Trace route command is going to let me see the actual path I’m using to get to a destination IP address. And when I say the specific path, I mean it’s going to give me router hop after router hop after routerhop until I eventually get to my destination. For example, if I wanted to get to the Kw train website, I could say Tracert on Microsoft Windows. And by the way, that would be Traceroute. Here’s the command that we would use on Linux, I would say Trace route followed by the IP address or the domain name. But here in Windows, I’m going to say Tracert. And I’ll say Kwtrain. com. And we’ll press Enter. And this is going to give me a hop by hop reporting of the routers that I’m going through in order to get to my destination.

And you see my first hop, 192, 168, 61, one. And then it looks like I’m going at 170, 216, one, one that gets me out to the internet. Now don’t be concerned if you have some router hops that just come back as All Stars. It doesn’t mean that there’s something wrong with that router because some routers are configured to not respond to these messages that Trace, your route is sending out. So please do not be concerned if some of the responses are all Stars. That’s a normal thing. And it looks like we’re going out some sort of a Louisville connection here. We’ll give it a few more moments to finish. Notice it’s giving me round trip times to each router hop. So if I were doing troubleshooting and I had slow response, it might not be my default gateway that’s having an issue.

It could be that five routers down the line were having an issue. So Trace route is a very helpful command for things like that. Just a few more moments. Looks like we’re on an at and T network now already twelve router hops away. Hopefully I’ll be there soon and we’re done. So about 13 rider hops away, I can get to the website of Kwtrain. com and a command that does a similar thing to Trace route that we have on Microsoft Windows that you probably do not have on Linux is the Path ping command. I could say path ping to Kwtrain. com. And as it starts out, it looks like it’s doing something very similar to Trace route. It’s showing me every hop along the way from this PC to the website, the Kwtin. com website, that I’m doing this Path ping, too.

And when it’s done, it’s going to calculate some statistics. In this case, it says it’s going to compute statistics for about 50 seconds. And I don’t want you to have to wait for that. So I’m going to pause the video now and when it’s done, we will resume. All right, it looks like the calculation is complete. Let’s see what it’s showing us. It can show us information such as the number of lost packets to the number of sent packets and give us a percentage of packet loss. Great news.

We’ve got a 0% of packet loss right now. That’s what we want to see. In addition to seeing these different hops along the path, however, notice this is not as extensive as we had with Trace route. As soon as I hit one that was All Stars, it seemed to give up at that point. It didn’t show me all 13 hops that we saw with the Traceroute command, but this can give me information about percentage of packet loss at different router hops. And that is a collection of command line utilities that we can use on a variety of operating systems such as Linux or Unix or Microsoft Windows to do network troubleshooting.

• Category: Uncategorized