Troubleshooting Network Environment

To troubleshoot a wired connection, it's a good idea to eliminate as many obvious hardware issues as possible.

Assuming that the issue only affects the computer you are working on, check that the cable is inserted correctly into both the NIC and the network port. If that does not solve the problem, try replacing the cable with the one you know is good.

The next step is to perform a basic connectivity test using a ping utility to test the connection to another host on the same subnet. Use the ping command followed by the IP address of another computer on the network. Ping 192.168.1.52, for example.

If ping were successful, you would see something like:

64 bytes from 192.168.1.52: icmp_seq=0 ttl=64 time=9.952 ms

If ping is unsuccessful, you may see something like:

ping: sendto: No route to host

If ping is unsuccessful, try connecting a different computer to the network port. If the new computer can connect, then the issue is likely with the original computer's NIC or its configuration.

You can use Device Manager to check the configuration. If no issues are found, replace the NIC and retest.

Slow connections can be a symptom of a range of network problems, including:

• Congestion at a switch or router
• Users transferring a very large amount of data over the network
• Problem with the network adapter driver
• Being infected with malware
• Interference from an external source.

Check that the cable is of a suitable standard for wired connections and that the NIC is configured for the correct speed.

Wifi uses Radio Frequency (RF) signals that lose strength as the distance between the host and the access point increases.

Try moving the device closer to the access point for slow or intermittent connections issues.

If you are still unable to establish a connection, verify the security and authentication setting are correctly configured on the host and the access point.

If users cannot see a specific network in a list of available wifi networks, they could be out of range, or the Service Set IDentifier (SSID) could be suppressed, meaning it needs to be entered manually.

Another possible issue is the device; an access point may be using incompatible standards.

While modern devices are likely to support modern wifi standards, older devices may not.

Most wifi routers and access points can be configured to accommodate both older and newer standards. However, some cheaper consumer-grade routers and access points will reduce the speed for all wifi connected devices to match that of the slower connected devices.

This table defines the wife standards and their maximum connection speed.

Interference

Intermittent connection issues within the supported range of a wifi access point are likely caused by interference.

Interference can be caused by other RF sources operating in the vicinity, such as other wifi devices, cordless phones, and wireless security cameras broadcasting on the same frequency, or by powerful electromagnetic sources like motors and microwaves.

Radio waves do not pass easily through metal or dense objects. Construction materials such as wire mesh, foil-backed plasterboard, concrete, and mirrors can block or degrade signals. Try angling or repositioning the device or antenna to get better reception.⁴³

Wifi analysing software is available for Windows, macOS, and Linux and can often support a site survey allowing you to identify nearby networks and possible sources of interference. It can help you identify a wifi channel and is likely to provide better, more reliable performance.

When a host computer's IP configuration is not correct for the network being connected to, communication on the network is unlikely to be possible.

Ipconfig

The ipconfig tool is accessed from the command line in windows and includes a range of switches to display specific information about the network connections.

You would use ipconfig to determine whether the adapter has been correctly configured.

Ipconfig can resolve the following questions:

• Is the adapter configured with a static address? Are the parameters (IP address, subnet mask, default gateway, and DNS server correct)?
• Does DHCP configure the adapter? If so:
  • An address in the range 169.254.x.y indicates that the client could not contact a DHCP server and is using Automatic Private IP Addressing (APIPA). If this is the case, Windows will display a yellow alert icon and a notification that the adapter has only Limited connectivity.

A DHCP lease can be static (always assigns the same IP address to the computer) or dynamic (assigns an IP address from a pool)—has the computer obtained a suitable address and subnet mask?

Are other parameters assigned by DHCP correct (default gateway, DNS servers, and so on)?

If any of these results are negative, you should investigate either communication between the client and the DHCP server, the configuration of the DHCP server, or whether multiple DHCP servers are running on the network (and the client has obtained the wrong configuration from one).⁴⁴

ifconfig

UNIX and Linux hosts provide a command called ifconfig, which provides similar output to Windows' ipconfig program. Note some differences between the Windows and Linux commands:

• ifconfig can also be used to bind an address to an adapter interface, set up communication parameters, and enable or disable the adapter.
• The Windows switches for configuring the adapter with DHCP and DNS are not supported by ifconfig.
• The ifconfig command output does not show the default gateway (use route instead). It does show traffic statistics, though.

Suppose a network’s local access to resources functions correctly, but access to the Internet is unavailable. It is usually an issue with DNS on the host machine or router or an issue with the Internet Service Provider (ISP).

Remember that the host DNS setting will likely be the same address as the router or default gateway on a SOHO network.

DNS settings

On a SOHO network, the router is likely using the DNS servers provided by the ISP.

• Vodafone uses 203.109.191.1 and 203.118.191.1
• Spark uses 122.56.237.1 and 210.55.111.1
• Google also provides an alternative public DNS server at 8.8.8.8 and 8.8.4.4.

Windows will attempt to connect to msftncsi.com, checking that the DNS resolves the IP address correctly.

If the host computers settings are correct and the router settings are also correct, check the ISP’s service status page to see if there is a wider network issue.

If there is no ISP-wide issue, try resetting the router and modem. If the problem persists, there might be a security issue, such as a proxy configuration not working or a firewall blocking the host.

The following command-line tools can be used to diagnose network issues:

Ping

The ping command is mentioned above for diagnosing wired and wireless connection issues. PING is an acronym for Packet Internet (inter-Network) Groper and is used to verify a destination IP address or domain name is active or accessible.

A successful ping output will look something like this:

% ping -c 6 google.com


64 bytes from 142.250.67.14: icmp_seq=0 ttl=120 time=45.712 ms

64 bytes from 142.250.67.14: icmp_seq=1 ttl=120 time=46.283 ms

64 bytes from 142.250.67.14: icmp_seq=2 ttl=120 time=43.962 ms

64 bytes from 142.250.67.14: icmp_seq=3 ttl=120 time=44.417 ms

64 bytes from 142.250.67.14: icmp_seq=4 ttl=120 time=44.786 ms

64 bytes from 142.250.67.14: icmp_seq=5 ttl=120 time=53.441 ms


--- google.com ping statistics ---

6 packets transmitted, 6 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 43.962/46.434/53.441/3.228 ms

The command ping -c 6 google.com transmitted and received six packets with 0.0% loss.

The command also resolved the google.com domain with IP address 142.250.67.14.

TTL stands for Time To Live and can show how many routers (hops) a packet has passed through. TTL counts down from 128 for most Windows. If the TTL count reaches zero, the packet is discarded to prevent it from infinitely looping around the Internet.

Netstat

Netstat can investigate open ports and connections on the localhost. In a troubleshooting context, you can use this tool to verify whether file-sharing or email ports are open on a server and whether other clients are connecting to them.

The following represent some of the main switches that can be used:

• -a displays all the connections and listening ports.
• -b shows the process that has opened the port
• -n displays ports and addresses in numerical format. Skipping name resolution speeds up each query.

Linux supports a similar utility with slightly different switches.

Nslookup

If you identify or suspect a problem with name resolution, you can troubleshoot DNS with the nslookup command, either interactively or from the command prompt:⁴⁵

nslookup -Option Host Server

Host can be either a hostname/FQDN or an IP address. Server is the DNS server to query; the default DNS server is used if this argument is omitted. -Option specifies an nslookup subcommand. Typically, a subcommand is used to query a particular DNS record type.

For example, the following command queries Google's public DNS servers (8.8.8.8) for information about comptia.org's mail records:

nslookup -type=mx comptia.org 8.8.8.8

tracert

The tracers (traceroute) command displays the packet's path to the destination passing through each router.

% traceroute google.com

traceroute to google.com (172.217.24.46), 64 hops max, 52 byte packets

ultrahub.hub (192.168.2.1) 23.327 ms 16.323 ms 2.576 ms
unassigned.static.cust.vf.net.nz (203.693.233.255) 31.099 ms 22.993 ms 11.772 ms
10.200.12.17 (10.200.12.17) 17.967 ms 27.116 ms
10.200.12.21 (10.200.12.21) 34.941 ms
atm-2-0-0-402-tig-nz-akl-1.ihug.net (203.109.130.1) 101.624 ms 58.800 ms 43.577 ms
ggl-router.syd.vf.net.nz.130.109.203.in-addr.arpa (203.109.130.2) 46.196 ms 50.821 ms 50.362 ms
108.170.247.81 (108.170.247.81) 47.317 ms 46.323 ms
108.170.247.49 (108.170.247.49) 51.320 ms
216.239.56.69 (216.239.56.69) 55.681 ms
216.239.57.119 (216.239.57.119) 48.414 ms 57.231 ms
hkg07s23-in-f46.1e100.net (172.217.24.46) 47.220 ms 62.323 ms 49.009 ms

The above output is from the command traceroute google.com. In this instance, there are eight hops.

A network cable tester is a device that can be used to test cables and network ports for wiring faults.

The tester comprises two parts, the Main or Master unit and a Remote. One end of the cable is inserted into the main unit and the other into the remote. When the tester is powered on, it sends an electrical current down each of the conductors in the wire, lighting up a corresponding LED on both the main and remote units.

If the light is skipped on the remote unit, this indicates a broken connection for that conductor.

If the lights are out of sequence, the cable has been wired incorrectly (unless the cable is a crossover cable).

Either discard the cable or cut and reattach a new RJ45 connector.

The cable test can test network ports and patch panel connections by using a short patch cable to the main unit, inserting it into the patch panel, and then plugging the remote into the corresponding wall port.

This method can also be used to identify which ports correspond to a particular patch panel port in the case of a poorly labelled network.

As an IT professional, you will often be called to troubleshoot a problem. Many of the tasks involved in diagnoses have been discussed in this and previous topics. Please describe how you would approach troubleshooting poor transfer rates in both wired and wireless networks.

Share your ideas with your peers about troubleshooting wired and wireless networks in the forum.