Connectivity Troubleshooting Flashcards
What is ping?
Ping” is a network utility used to test the reachability of a device on a network and measure the time it takes for data packets to travel to the destination and back. It works by sending ICMP (Internet Control Message Protocol) echo request packets to a target IP address and waiting for a reply.
Key Points:
• Measures latency (round-trip time) between the sender and the target.
• Helps diagnose network connectivity issues (e.g., packet loss, high latency).
ICMP Echo Request
SRC IP: 10.0.0.1
DST IP: 10.1.0.1
ICMP Echo Reply
SRC IP: 10.1.0.1
DST IP: 10.0.0.1
Ping response
• If the ping is successful:
R1#ping 10.1.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
Success rate is 80 percent (4/5), round-trip min/avg/max =
! ! ! !
68/322/1076 ms
• If the router does not have a corresponding route or the destination IF
address does not respond:
R1#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
……..
Success rate is 0 percent (0/5)
• If the router discards the packet (for example it is blocked by an Access
Control List):
R1#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Extended ping
Extended ping is an advanced version of the standard ping command, typically available in network devices like Cisco routers and switches. It provides more options for testing network connectivity, diagnosing issues, and analyzing performance
How to Use Extended Ping (Cisco Example)
Instead of running ping <IP> in privileged EXEC mode, just type ping and press Enter. The system will prompt for additional options:</IP>
Router# ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]: 10
Datagram size [100]: 200
Timeout in seconds [2]: 5
Extended commands [n]: y
Source address or interface: 192.168.1.2
Type of service [0]:
Set DF bit in IP header? [no]:
Sweep range of sizes [n]:
What is Traceroute?
Traceroute is a network diagnostic tool used to track the path that packets take from your device to a destination (e.g., a website or another computer). It helps identify delays, failures, and routing issues in a network.
How Traceroute Works
• It sends ICMP (Windows) or UDP (Linux/macOS) packets with increasing TTL (Time-To-Live) values.
• Each router along the path decreases the TTL by 1 and, when it reaches 0, sends an ICMP Time Exceeded message back.
• This process helps identify each hop (router) along the route to the destination.
• The final destination responds with an ICMP Echo Reply, completing the trace.
When to Use Traceroute
• Diagnosing Slow Connections – Identifies where delays occur.
• Checking for Routing Issues – Shows if traffic is taking an unexpected path.
• Troubleshooting Packet Loss – Helps find network bottlenecks.
Difference between ping and traceroute?
But the difference between a traceroute and a normal ping is that the traceroute also takes advantage of the TTL field, which is in the IP header. TTL is Time To Live. The TTL is used as a route loop prevention mechanism.Every time that a router passes a packet on from one interface to another, it decrements the TTL by one.
What traceroute does is it works like a normal ping, but when we send the first ping, it gets sent with a TTL of 1. So that will reach the first hop, which will then drop it, and then send a time exceeded reply.
Traceroute Responses
• Successful Traceroute:
Ri#traceroute 10.1.2.1
Type escape sequence to abort.
Tracing the route to 10.1.2.1
VRE info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 20 msec 16 msec 16 msec
2 10.1.0.1 36 msec 40 msec 40 msec
3 10.1.1.1 60 msec 64 msec 60 msec
The packet is getting as far as 10.1.0.1. Start troubleshooting there.
• Press Ctrl-Shift-6 to abort # break the command
R1#traceroute 10.1.2.1
Type escape sequence to abort.
Tracing the route to 10.1.2.10
VRE info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 28 msec 16 msec 16 msec
2 10.1.0.1 36 msec 36 msec 40 msec
3 * * *
4 * * * maybe drop by the fire wall
Layer 1 connectivity troubleshooting
Show ip int brief
Show interface
Layer 2 troubleshooting
Show arp
Show mac address -table
show arp (Address Resolution Protocol Table)
The show arp command displays the ARP table, which maps IP addresses to MAC addresses on a network device (e.g., a router or switch). This helps devices communicate within the same subnet.
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 00a1.b2c3.d4e5 ARPA GigabitEthernet0/0
Internet 192.168.1.10 2 00b2.c3d4.e5f6 ARPA GigabitEthernet0/0
Internet 192.168.1.20 5 00c3.d4e5.f6a7 ARPA GigabitEthernet0/0
Explanation:
• IP Address (192.168.1.1, 192.168.1.10, etc.) – The logical address of the device.
• Age – Time since the ARP entry was last updated.
• MAC Address (00a1.b2c3.d4e5) – The physical hardware address.
• Type – ARPA (Standard Ethernet).
• Interface – The physical interface where the device was found.
Use Cases:
• Troubleshooting IP-to-MAC mapping issues.
• Identifying duplicate IP addresses.
• Checking which MAC addresses are connected to a router.
show mac address-table (MAC Address Table on a Switch)
The show mac address-table command displays the MAC address table of a Layer 2 switch, showing which MAC addresses are learned on which ports.
VLAN MAC Address Type Ports
—- ————– ——- ——
10 00a1.b2c3.d4e5 Dynamic Gig1/0/1
10 00b2.c3d4.e5f6 Dynamic Gig1/0/2
20 00c3.d4e5.f6a7 Dynamic Gig1/0/3
20 00d4.e5f6.a7b8 Static Gig1/0/4
• VLAN – The VLAN in which the MAC address exists.
• MAC Address – The unique hardware address of the connected device.
• Type –
• Dynamic (learned automatically)
• Static (manually configured)
• Port – The switch port where the MAC address was detected.
Use Cases:
• Finding which port a specific device is connected to.
• Troubleshooting MAC address flapping.
• Checking if a device is properly learning MAC addresses.
M
Layer 4 troubleshooting
Telnet is a network protocol used for remote command-line access to devices. It operates at Layer 7 (Application Layer) of the OSI model, but it relies on TCP (Transmission Control Protocol) at Layer 4 (Transport Layer).
Using Telnet to Test Layer 4 Connectivity Since Telnet uses TCP, it can be used to test if a specific port on a remote device is open and reachable.
telnet <IP> <Port></Port></IP>
How Telnet Works at Layer 4
1. Telnet Client initiates a TCP connection to the destination IP and port.
2. Three-Way Handshake (TCP Layer 4) is established.
3. If the port is open, the connection is successful, and you may see a blank screen (or a response).
4. If the port is closed, the connection is rejected, or you get a timeout.
Use Cases for Layer 4 Telnet Testing
✅ Check if a service is running on a specific port.
✅ Test if a firewall is blocking traffic.
✅ Verify TCP connectivity when troubleshooting network issues.
DNS troubleshooting
nslookup
# ping by FQDN
nslookup (Name Server Lookup)
nslookup is a command used to query DNS servers and resolve domain names to IP addresses. It helps troubleshoot DNS issues.
Use Cases:
✅ Verify if DNS is working correctly.
✅ Check if a domain resolves to the correct IP.
✅ Find alternative DNS records (MX, CNAME, etc.).
ping by FQDN (Fully Qualified Domain Name)
When you ping an FQDN, the system resolves the hostname to an IP address and then sends ICMP echo requests.
ping www.google.com
Pinging www.google.com [142.250.185.36] with 32 bytes of data:
Reply from 142.250.185.36: bytes=32 time=12ms TTL=118
Reply from 142.250.185.36: bytes=32 time=13ms TTL=118
What Happens in the Background?
1. The system uses DNS to resolve www.google.com to 142.250.185.36.
2. It sends ICMP echo requests to the IP address.
3. If the server responds, it confirms network connectivity.
Troubleshooting with ping by FQDN
• If ping works with an IP but not an FQDN, there is a DNS issue.
• If both fail, there may be a network connectivity problem.
