← Back

Network Troubleshooting

CTS1305C Cable Run -- Week 4

Methodology | Common Issues | Tools | Diagnostics

Press → to begin or use navigation below

Slide 2 of 13

Troubleshooting Methodology

The CompTIA 7-Step Process

The Steps

1 Identify the problem -- gather information, question users, check logs

2 Establish a theory of probable cause -- question the obvious first

3 Test the theory to determine the cause

4 Establish a plan of action to resolve the problem

5 Implement the solution or escalate as necessary

6 Verify full system functionality and apply preventive measures

7 Document findings, actions, and outcomes

Slide 3 of 13

Common Physical Issues

Layer 1 Problems

Cable Problems

Damaged cable: Bent, crushed, or cut -- check for physical damage
Incorrect pinout: T568A vs T568B mismatch on patch cables
Cable length exceeded: Cat5e/6 max 100m -- use a cable certifier to verify
EMI interference: Cables near power lines, fluorescent lights, motors
Bad connectors: Loose or corroded RJ-45 connectors

Duplex & Speed Mismatch

Both sides must agree on speed (10/100/1000 Mbps) and duplex (half/full)
Mismatch causes: slow speeds, packet loss, CRC errors, late collisions
Fix: Set both sides to auto-negotiate, or manually match settings

LED Indicators

Solid green: Link established, connection active
Blinking green: Data traffic flowing
Amber/orange: Port error or disabled
Off: No link -- check cable, device power, port status

Slide 4 of 13

Common Logical Issues

Layers 2-7 Problems

DNS Issues

Can ping IP addresses but not hostnames
Wrong DNS server configured
Stale DNS cache -- run ipconfig /flushdns
DNS server unreachable -- check connectivity to port 53

DHCP Issues

169.254.x.x (APIPA) = DHCP server unreachable
IP address conflict -- two devices with same IP
Exhausted scope -- no available addresses
Rogue DHCP server -- unauthorized server handing out bad configs

                        Routing & Switching Issues
                        Wrong default gateway: Can reach local subnet but not remote networks
VLAN mismatch: Port assigned to wrong VLAN
Routing loop: Packets circle endlessly between routers (TTL expires)
Missing route: No path to destination network in routing table

                    

Firewall / ACL Issues

New service blocked by implicit deny
ACL rules in wrong order (first match wins)
Firewall blocking return traffic (stateless rules)

Slide 5 of 13

Tool: ping

Testing Basic Connectivity

How ping Works

Sends ICMP Echo Request packets to a target
Target responds with ICMP Echo Reply
Measures round-trip time (latency)
Reports packet loss percentage

Diagnostic Strategy

1. Ping 127.0.0.1 (loopback) -- test local TCP/IP stack
2. Ping own IP -- test NIC configuration
3. Ping default gateway -- test local network
4. Ping remote IP (8.8.8.8) -- test internet routing
5. Ping hostname (google.com) -- test DNS

C:\> ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64

Statistics:
  Sent = 4, Received = 4, Lost = 0 (0% loss)
  Minimum = 1ms, Maximum = 2ms, Average = 1ms

Note: Some hosts block ICMP. A failed ping does not always mean the host is down -- it may just be filtering ICMP.

Slide 6 of 13

Tool: traceroute / tracert

Mapping the Path to a Destination

How traceroute Works

Sends packets with incrementing TTL values (1, 2, 3...)
Each router decrements TTL -- when TTL=0, router returns ICMP Time Exceeded
Reveals every hop between source and destination
Shows latency at each hop

What to Look For

* * * -- hop is not responding (may be filtered)
High latency spike: Congestion at that hop
Path loops: Same hop appearing multiple times
Sudden stop: Firewall or routing issue at that point

C:\> tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1    1 ms   1 ms   1 ms  192.168.1.1
  2   12 ms  10 ms  11 ms  10.0.0.1
  3   15 ms  14 ms  15 ms  172.16.0.1
  4   18 ms  17 ms  18 ms  209.85.243.1
  5   20 ms  19 ms  20 ms  8.8.8.8

Trace complete.

Slide 7 of 13

Tool: ipconfig / ifconfig

Viewing and Managing Network Configuration

ipconfig (Windows)

ipconfig -- show basic IP/mask/gateway
ipconfig /all -- detailed config including MAC, DNS, DHCP server
ipconfig /release -- release current DHCP lease
ipconfig /renew -- request new DHCP lease
ipconfig /flushdns -- clear local DNS cache

C:\> ipconfig /all

Ethernet adapter Ethernet0:
  Description: Intel(R) 82579LM
  Physical Address: 00-1A-2B-3C-4D-5E
  DHCP Enabled: Yes
  IPv4 Address: 192.168.1.100
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  DHCP Server: 192.168.1.1
  DNS Servers: 8.8.8.8, 8.8.4.4
  Lease Obtained: Sun 27 Apr 2026
  Lease Expires: Mon 28 Apr 2026

Slide 8 of 13

Tool: nslookup

Querying DNS Records

Common nslookup Commands

nslookup example.com -- resolve hostname to IP
nslookup -type=MX example.com -- find mail servers
nslookup -type=NS example.com -- find nameservers
nslookup example.com 8.8.8.8 -- query specific DNS server

C:\> nslookup google.com
Server:  dns.local
Address:  192.168.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  142.250.80.46
             2607:f8b0:4004:800::200e

C:\> nslookup -type=MX gmail.com
gmail.com  MX preference = 5
  mail exchanger = gmail-smtp-in.l.google.com

"Non-authoritative answer" means the response came from a cached record on the recursive resolver, not directly from the domain's authoritative nameserver.

Slide 9 of 13

Tool: netstat

Viewing Active Connections and Listening Ports

Key netstat Flags

netstat -an -- all connections, numeric format
netstat -b -- show process name per connection (admin)
netstat -r -- display routing table
netstat -s -- protocol statistics

Connection States

LISTENING: Port is open, waiting for connections
ESTABLISHED: Active connection
TIME_WAIT: Connection closing, waiting for stale packets
CLOSE_WAIT: Remote side has closed, local side has not

C:\> netstat -an

Active Connections:
Proto  Local Address       Foreign Address      State
TCP    0.0.0.0:80          0.0.0.0:0            LISTENING
TCP    0.0.0.0:443         0.0.0.0:0            LISTENING
TCP    192.168.1.100:52341 142.250.80.46:443    ESTABLISHED
TCP    192.168.1.100:52342 20.190.159.4:443     ESTABLISHED
UDP    0.0.0.0:53          *:*
UDP    0.0.0.0:67          *:*

Slide 10 of 13

Cable Testing & Hardware Tools

Physical Layer Diagnostics

Cable Tester

Verifies continuity on all 8 wires
Detects opens, shorts, and miswires
Shows T568A/B wiring sequence
Inexpensive and essential

Cable Certifier

Tests against Cat5e/Cat6/Cat6a standards
Measures length, attenuation, crosstalk
Provides pass/fail certification
Required for new installations

Tone Generator & Probe

Trace cables through walls and ceilings
Generator sends signal on one end
Probe detects signal at the other end
Identifies cables in unlabeled bundles

Additional Tools

Loopback plug: Tests NIC and switch port by looping transmit to receive
Multimeter: Measures voltage, continuity, and resistance on cables

OTDR: Optical Time-Domain Reflectometer -- tests fiber optic cables for breaks and splices
Wi-Fi analyzer: Shows signal strength, channel overlap, interference sources

Slide 11 of 13

Log Analysis

Finding Answers in System and Network Logs

Log Sources

System logs: OS events, service start/stop, errors
Security logs: Login attempts, permission changes, access denials
Application logs: Software-specific events and errors
Network device logs: Router, switch, firewall events
Syslog: Centralized log collection (UDP 514)

                        Syslog Severity Levels
                        
                            LevelNameMeaning
0EmergencySystem unusable
1AlertImmediate action needed
2CriticalCritical condition
3ErrorError condition
4WarningWarning condition
5NoticeNormal but significant
6InformationalInformational message
7DebugDebug-level message

                    

Level	Name	Meaning
0	Emergency	System unusable
1	Alert	Immediate action needed
2	Critical	Critical condition
3	Error	Error condition
4	Warning	Warning condition
5	Notice	Normal but significant
6	Informational	Informational message
7	Debug	Debug-level message

Slide 12 of 13

Escalation & Documentation

When to Escalate and How to Document

When to Escalate

Problem exceeds your skill level or access rights
Issue affects critical production systems
Vendor support or ISP involvement required
Security incident detected -- escalate to IR team
SLA deadline approaching

Escalation Best Practices

Document everything you have tried so far
Include error messages, screenshots, logs
State the business impact clearly
Do not keep trying random fixes without escalating

Documentation Checklist

Date, time, and who reported the issue
Symptoms and scope of impact
Steps taken and results of each
Root cause identified
Resolution implemented
Preventive measures applied
Time to resolution (TTR)

Slide 13 of 13

Week 4 Summary

Network Troubleshooting

Methodology

7-step troubleshooting process
Identify, Theory, Test, Plan
Implement, Verify, Document
Always document findings

Common Issues

Cable damage, duplex mismatch
DNS and DHCP failures
Routing and VLAN problems
Firewall/ACL misconfig

Tools

ping, traceroute, ipconfig
nslookup, netstat
Cable testers, tone probes
Syslog and log analysis

Course Complete

You have covered all four weeks of Cable Run. Prepare for the final exam covering Weeks 1-4.

Scroll down for more content