Network Troubleshooting Utilities and Tools PDF

Summary

This document provides an overview of network troubleshooting utilities, focusing on practical tools including ping, traceroute, and ipconfig. It details how these utilities can diagnose network problems and enhance connectivity. The examples explain how to use these tools in both Windows and Linux/Unix environments.

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

Network Troubleshooting Utilities and Tools:
tcpreplay and dnsenum
tcpreplay dnsenum
r‘(\"‘
A\
4M AoA GPLv3 licensed utility that supports Unix-like operating
systems for modifying and replaying previously sniffed
A Perl script that enumerates the DNS information of a
domain to discover noncontiguous IP blocks
v
:‘/_

traffic from tools such as Wireshark and tcpdump

htps //github com
Mtps

Copyright © by EC-Council. AN Rights Reserved. Reproduction
Reproductionis Strictly Prohibited

Network Troubleshooting Utilities and Tools
= Ping
The ping utility is used to test whether an IP address or a website is accessible by a host.
Ping works by sending ICMP echo requests to the targeted host and waiting for ICMP
echo replies. It measures the Internet speed and reports errors and losses of data
packets. A reply from the pinged IP address indicates that the packets are transferring
between the system and given IP. Launch the command prompt and execute ping
X.X.X.xX Or ping example.comto check the availability of the host to the computer.

Network Troubleshooting Using Ping
The primary step is to ping the remote host. If the user has trouble connecting to a
website, then the user must ping the URL. If the ping is returned, then the network is
working properly, and the issues lie somewhere else.

B C:\Windows\system32\cmd.exe — (] >

C:\Users\ dping
Aping www.google.com

I; www.google.com [142.250.182.36]
[142. 250..36] with 32 bytes of da

time=207ms TTL=128
2 time=65ms TTL=128
time=68ms
ti TTL=128
time=66ms TTL=128

Ping statistics for 142.250.182.
142.250.182.3
Packets: Sent = 4, Received (0% loss),
Approximate round trip times in
Minimum = 6@ms, Maximum = 20

Figure 16.50: Ping a Website

Module 16 Page 1979 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

The four replies in the screenshot above indicate that the network connection is good
and the server is reachable. In this scenario, the fault could lie with the web-server
configuration. If the ping is missed, then there might be a problem with the network. If
the replies have a wide variation in the maximum and minimum time of the ping, then
there could be connection issues such as network congestion.
To test connectivity, some administrators ping Google’s primary DNS server (ping
8.8.8.8) because it is easy to remember and is continuously running.

B C:A\Windows\system32\cmd.exe — O x
C:\Users\I'mm"n)ping 8.8.8.8 ~

3.8.8.8 with 32 bytes of data:
from 8.8. 8: bytes=32 time=55ms TTL=128
0

Reply from : bytes=32 time=183ms TTL=128
00 00 00

Reply from bytes=32 time=142ms TTL=128
W

’Rcply from bytes=32 time=67ms TTL=128

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = © (8% loss),
Approximate round trip times in milli-seconds:
Minimum 55ms, Maximum 183ms, Average 111ms

Figure 16.51: Ping Google’s Primary DNS Server

The message “Request timed out” in the screenshot above shows that there is no
connection between the system and host, or the system is unable to connect to the
host. It also indicates that the host might be down or unreachable, the host might be
behind a firewall, or the user does not have network connectivity.

% Command Prompt - O X

C:\Users\ >ping 8.8.8.8

e 8.8.8.8 with 32 bytes of data:
timed out.
timed out.
timed out.
timed out.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Figure 16.52: No Connection between a System and a Host

= traceroute/tracert

The multi-OS-compatible command-line tool trace route (tracert)/traceroute is used to
trace packets across a network and to understand connections to a server. It allows the
user to understand Internet connection problems, including packet loss and high
latency.

Module 16 Page 1980 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

tracert (for Windows) uses ICMP. It sends ICMP echo request messages to the specified
destination. If the destination is active, it sends ICMP echo reply messages as a
response, confirming that the connection is active. Otherwise, the destination may not
be active, or it could be a connectivity issue of the source.
Steps to Use tracert (for Windows)
o Run the traceroute command with example.com (any website):
tracert example.com

:\UsersVesortracert
\UsersNowe oo rtracert Swsoseek.con
aowe - t.con

racing route to o2 [208.43.115.821
[208.43.115.821]
pver a naxinum
mnaxinmun of 30 hops:
1 ns ns 2 ms 192.168.1.254
2 ns ns ?ns s 10.246.112.1
3 ns ns 8 s 96.1.253.134
4 ns ns 13 173.182.214.134
S L] Request timed out.
6 ns ns 12 ?5.154.217.103
K4 3 ms ns 13 nss tel-5.bbrol.ubdl.seabl.networklayer.con
tel-S5.bbrol.ubfl.seaBl.networklayer.con [206.81.
ns 48 aeB.bbrl.csf1l.denBl.networklayer.com
aeB.bbril.csf1l.denBl.networklayer.com [173.192.1

ns 48 nss ae?.bbrf2.csB1i.dendl.networklayer.con
ae?.bbrf2.csB1i.dendi.networklayer.com [173.192.1
ns 9?7 mnss aeB.bbrf2.eqB1.chifl.netvworklayer.con
aeB.bbrB2.eqBl.chifl.networklayer.com [173.192.1

ns 83 sns aeB.bbrd2.eqBl.wdchB2.networklayer.con
aeB.bbri2.eqB1l.wdcB2.networklayer.con [173.192.1

2 ns 83 [email protected]
ael.darfl. srfl.wdcBl.networklayer.com [173.192.1

ns 84 pol.fcrdl.srfl.wdchl.networklayer.con [208.43.11

ns 84.con [208.43.115.82]
race complete.

Figure 16.53: Run the Command “tracert”

Observe the route take form as the system receives responses from the routers along
the way.

o Run the tracert command for another website hosted in different regions of the
world. Observe how the paths differ.

-com

[123.125.114.144]

192.168.1.254
10.246.112.1
96.1.253.134
173.182.214.134
Request timed out.
154.11.10.165
219.158.33.249
219.158.30.253
219.158.19.193
219.158.23.17
219.158.101.121
123.126.0.70
bt-227-018.bta.net.cn [202.106.227.181]
202.106.43.66
Request timed out.
Request timed out.
123.125.114.144

[race complete.

Figure 16.54: Run the Command “tracert”

Module 16 Page 1981 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

In the above screenshot, the first line represents the home router, assuming the
user is behind a router. The remaining lines represent the ISP. The format of each
line is as follows:
Hop RTT1 RTT2 RTT3 Domain Name [IP Address]

Hop: When a packet passes by a router, it is said to have performed a “hop.”
RTT1, RTT2, or RTT3: Also referred to as “latency,” it is the round-trip time that a
packet takes to perform a hop and return to the system (in milliseconds).

*: This output is produced when no response is received, indicating packet loss.
Domain name (IP address): The domain name allows the user to determine the
location of a router. If it is not available, only the IP address of the router is
displayed.
Steps to traceroute for *nix Systems

Traceroute uses UDP on typical *nix systems and sends traffic to port 33434 by default:
traceroute example.com

|
| § traceroute guuylo.com
traceroute to , 7.com (172.217.10.46), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 1747.782 ms 1.812 ms 4.232 ms
2 10.170.2.1 (10.170.2.1) 10.838 ms 12.883 ms 8.510 ms
3 XX.XX.XX.XX (XX.XX.XX.XX) 10.588 ms 10.141 ms 10.652 ms
4 XX.XX.XX.XX (XX.XX.XX.XX) 14.965 ms 16.702 ms 18.275 ms
5 XX.XX.XX.XX (XX.XX.XX.XX) 15.092 ms 16.910 ms 17.127 ms
6 108.170.248.97 (108.170.248.97) 13.711 ms 14.363 ms 11.698 ms
216723962071N (216723986201
11) 120802 NS
216.239.62.169 (216.239.62.169) 12.647 ms 12.963 ms
8 1ga34s13-in-f14.1el00.net (172.217.10.46) 11.901 ms 13.666 ms
11.813 ms

Figure 16.55: Use “traceroute” for *nix Systems

* jpconfig/ifconfig
ipconfig: ipconfig is a command-line utility used to display all current TCP/IP network
configuration values along with the IP address, subnet mask, and default gateway for all
adapters. To display the basic configuration of the system, use ipconfig in the command
prompt. For detailed information on the system configuration, execute ipconfig
/all in the command prompt. ifconfig is a similar utility but for Linux-based machines.

Module 16 Page 1982 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

B Select C:\Windows\system32\cmd.exe —- O x>
C:\User
C:\Users\
s\ 1>ipconfig

Windows IP Configuration

Etherne
Ethernet t adapter Etherneto:

}Connection—specific
Connection-specific DNS Suffix
|Link-local
Link-local IPv6 Address..... : fe8@::a51f:1c29:8fal1:2182%6
fe80::a51f:1c29:8fal1:2182%6
IPvA
IPv4 ABUrESS:
Address...o.w.v 5w
+« + =ow
« +« o« «. &: 20.20.20.20
10.10.10.10
Subnet Mask........... @: 255.255.255.0
jDefault
Default Gateway....« &.+ «.« « « :3 10.10.10.2

Ethernet adapter Npcap Loopback Adapter:

Connection-specific DNS Suffix -H
Link-local IPv6 Address..... : fe80::7c99:753f:b7c8:b27b%7
Autoconfiguration IPv4 Address.. : 169.254.178.123
Subnet -Mask
Mask..... ".+ o..&.
Yole. e. f.oe atue.. 5: 255.255.0.0
299.255.0.0
Default Gateway s :

Figure 16.56: Using ipconfig in Windows System

ifconfig: When troubleshooting a networking issue, the Linux- or Unix-based OS utility
interface configuration (ifconfig) helps display the specific IP address of the affected
hosts, netmask of a network interface, and maximum transmission unit (MTU). This
utility provides commands to configure and enable/disable a network interface.

Steps to Use ifconfig

o To display the network settings of all the active network interfaces on the system,
use ifconfig without any options.

Parrot Terminal
Terminal
File Edit View Search Terminal Help
@parrot|—[~
@parrot |~ |~
#ifconfig
#ifconfig
eth®:
ethd: flags=4163
flags=4163 mtu
mtu 1500
1500
inet 10.10.10.13 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 feB80::8b64:aeeb:fach:28a
feB80::8b64:aee6:fach:28a prefixlen 64 scopeid 0x20
ether 00:0c:29:eb:cd:af txqueuelen 1000 (Ethernet)
RX packets 621 bytes 865044 (844.7 KiB)
RX errors 0 dropped @© overruns @ frame O0
TX packets 102 bytes 7793 (7.6 KiB)
TX errors 0 dropped © overruns @© carrier © collisions ©0

Llo:
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 82 bytes 6826 (6.6 KiB)
RX errors ©@ dropped @© overruns ©0 frame 0
TX packets 82 bytes 6826 (6.6 KiB)
TX errors © dropped @ overruns 0 carrier © collisions 0

Figure 16.57: Display Network Settings of a Network Interface

Module 16 Page 1983 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

o To display the details of all network interfaces, use the command as shown in the
screenshot below.
o Use the interface (eth0) command to display only specific interface details such as
the IP address and MAC address.

Parrot Terminal

File Edit View Search Terminal Help

Figure 16.58: Display any Specific Interface Details

o To assign an IP address and gateway to interface on the fly, use the following
command:
# ifconfig eth0 192.168.50.5 netmask 255.255.255.0

The setting will be removed if system reboots.
o To enable a specific interface, use the following command:
# ifup ethO
o To disable a specific Interface, use the following command:
ifdown ethO

o To set the required MTU, use the following command, where XXXX represents the
size:
# ifconfig eth0 mtu XXXX

o To set the interface in the promiscuous mode to capture all the packets and to
analyze them later, use the following command:
# ifconfig eth0 - promisc

o To configure an IP address, specify the interface to be configured, IP address, and
subnet address.

Module 16 Page 1984 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

LN ) Parrot Terminal

File Edit View Search Terminal Help
#ifconfig H0ho 5.5.5.5
5.5.5.5 netmask
netmask 255.255.255.0]
255.255.255.0]
[T
@parrot
#ifconfig
eth@:
2thO: flags=4163 mtu
mtu 1500
1500
inet 5.5.5.5 netmask 255.255.255.0 broadcast 5.5.5.255
inet6 feB80::8b64:aeeb:facb:28a
fe80::8b64:aee6:fach:28a prefixlen 64 scopeid 0x20
ether 00:0c:29:eb:cd:af txqueuelen 1000 (Ethernet)
RX packets 717 bytes 873954 (853.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 102 bytes 7793 (7.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier ©0 collisions 0

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 82 bytes 6826 (6.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 6826 (6.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier ©0 collisions 0

Figure 16.59: Display an Interface, IP, and Subnet Address

o To enable/disable an interface, perform the following:
Toenable/disable

e Use the “up” or “ifup” flag with the interface name (for example, eth0) that will
activate a network interface.

e Use the “down” or “ifdown” flag with the interface name that will deactivate
the specified network interface.

LN J Parrot Terminal

File Edit S
Search Terminal
Terminal Help
Help

@parrot
#ifconfig
#ifconfiag
lo:
Lo: flags=73 mtu 65536
inet 127.0.0.1
127,0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 82 bytes 6826 (6.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 82 bytes 6826 (6.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

i@parrot|—[-1
#ifconfig
#ifconfiq e
2th0: flags=4163
flags=4163 mtu 1500
inet 10,10.10.13
10.10.10.13 netmask 255,255.255.0 broadcast 10.10.10.,255
10.10.10,255
inet6 fe80::8b64:aee6:facb:28a
fe80::8b64:aee6:fach:28a prefixlen 64 scopeid 0x20
ether 00:0c:29:eb:cd:af txqueuelen 1000 (Ethernet)
RX packets 754 bytes 877470 (856.9 KiB)
RX errors 0 dropped 0 overruns @0 frame 0@
TX packets 115 bytes 8822 (8.6 KiB)
TX errors © dropped 0@ overruns © carrier 0 collisions 0

lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 88 bytes 7060 (6.8 KiB)
RX errors 0 dropped 0 overruns 0@ frame 0
TX packets 88 bytes 7060 (6.8 KiB)
TX errors O0 dropped 0 overruns 0 carrier 0 collisions 0

Figure 16.60: Enable/Disable an Interface

Module 16 Page 1985 Certified Cybersecurity Technician Copyright © by EG-Gouncil
EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.