Network+ Guide to Networks, 5th Edition
Chapter 13
Troubleshooting Network Problems
At a Glance
Instructor’s Manual Table of Contents

Overview

Objectives

Teaching Tips

Quick Quizzes

Class Discussion Topics

Additional Projects

Additional Resources

Key Terms
13-1
Network+ Guide to Networks, 5th Edition
13-2
Lecture Notes
Overview
Many things can go wrong on a network. In fact, a network professional probably spends more
time fixing network problems than designing or upgrading a network. Some breakdowns (such
as an overtaxed processor) come with plenty of warning, but others (such as a hard disk
controller failure) can strike instantly. The best defense against problems is prevention. Of
course, even the most well monitored network will sometimes experience unexpected
problems. In this chapter, the student will learn how to diagnose and solve network problems in
a logical, step-by-step fashion, using a variety of tools.
Chapter Objectives
After reading this chapter and completing the exercises, the student will be able to:
 Describe the steps involved in an effective troubleshooting methodology
 Follow a systematic troubleshooting process to identify and resolve networking
problems
 Document symptoms, solutions, and results when troubleshooting network problems
 Use a variety of software and hardware tools to diagnose problems
Teaching Tips
Troubleshooting Methodology
1. Introduce basic trouble shooting methodology.
2. Mention that these steps follow the recommendations specified in CompTIA’s
Network+ exam objectives.
Identify the Symptoms and Problems
1. Describe the first step in troubleshooting.
2. Explain the eight questions necessary to obtain more information about symptoms of a
network problem that are not immediately obvious.
3. Explain one danger to avoid in troubleshooting technical problems.
4. Remind students to take the time to pay attention to the users, system and network
behaviors, and any error messages.
Network+ Guide to Networks, 5th Edition
13-3
Identify the Affected Area
1. Describe the second step in troubleshooting.
2. Review the areas to consider when determining how many users or network segments
are affected.
3. Review the questions to ask when determining the time frame during which the problem
occurred.
4. Describe the benefit of narrowing down the area affected by a problem.
5. Explain the importance of taking the time to troubleshoot correctly.
6. Describe the benefit of discovering the time or frequency with which a problem occurs.
7. Describe the benefits of identifying the affected area of a problem.
8. Use Figures 13-1 and 13-2 to illustrate the direction that can be gained from narrowing
both the demographic (or geographic) and the chronological scopes of a problem.
Determine What Has Changed
1. Describe the third step in troubleshooting.
2. Emphasize that students should be aware of any recent changes to the network.
3. Review questions that could help pinpoint a problem resulting from a network change.
4. Explain what can be done if an administrator suspects that a network change has
generated a problem.
5. Explain why the IT Department should keep complete network change records.
Establish the Most Probable Cause
1. Describe the fourth step in troubleshooting.
a. Note that a troubleshooter should be close to determining the problem’s cause at
this point.
2. Explain why there is a need to verify user competency.
a. Describe how to verify user competency.
b. Describe the possible results from verifying user competency.
3. Describe the benefit of re-creating the symptoms of a problem.
a. Explain how to go about re-creating the problem.
b. Review the questions to ask to determine whether a problem’s symptoms are
truly reproducible and, if so, to what extent.
Network+ Guide to Networks, 5th Edition
13-4
4. Explain why there is a need to verify Physical layer connectivity.
a. Explain why an administrator should be thoroughly familiar with the symptoms
of network problems occurring at the Physical layer of the OSI model.
5. Describe symptoms of Physical layer problems.
a. Discuss the types of problems that physical connectivity issues do not typically
affect.
b. Emphasize that some software errors may point to a physical connectivity
problem.
6. Explain how an administrator should go about diagnosing Physical layer problems:
a. Ask questions.
b. Verify connection between devices.
c. Verify the soundness of the hardware used in those connections.
7. Describe the importance of being able to swap equipment.
a. Describe how to swap or exchange components.
b. Note a better overall solution is to build in redundancy.
8. Use the flowchart in Figure 13-3 to illustrate how logically assessing Physical layer
elements can help an administrator solve a network problem.
9. Explain why there is a need to verify logical connectivity.
a. Review the questions that may help identify a problem with logical connectivity.
b. Explain why logical connectivity problems often prove more difficult to isolate
and resolve than physical connectivity problems.
c. Review some possible software-based causes for a failure to connect to the
network.
Determine Whether Escalation is Necessary
1. Describe the fifth step in troubleshooting.
2. Explain the various roles within a help desk area.
3. Note that all troubleshooters should follow procedures for when and how to escalate
problems.
Create an Action Plan and Solution Including Potential Effects
1. Introduce the sixth step in troubleshooting.
2. Remind students that they must consider how a solution might affect users and network
functionality.
3. Discuss one of the most important aspects to consider - breadth, or scope, of the change.
Network+ Guide to Networks, 5th Edition
13-5
4. Discuss another factor that must be considered - the trade-off a solution might impose.
5. Explain how security implications of a solution may inadvertently result in the addition
or removal of network access or resource privileges for a user or group of users.
6. Explain why considering scalability is important when deciding on long term or
temporary solutions.
7. Explain why the costs of solutions must be considered.
8. Discuss the various support outlets for obtaining vendor product troubleshooting
information.
Teaching
Tip
Demonstrate the availability of free vendor support by navigating to Microsoft’s
TechNet area at http://technet.microsoft.com
Implement and Test the Solution
1. Introduce the seventh step in troubleshooting.
a. Emphasize that the solution is implemented only after the effects have been
researched.
2. Review implementation considerations.
a. Explain why implementing a solution requires foresight and patience.
b. Explain why students should follow a methodical and logical approach.
c. Review common steps that steps will help a student implement a safe and
reliable solution.
3. Explain when it is best to roll out changes in stages.
4. Note that after implementing a solution, the administrator must test its result and verify
that it solved the problem properly.
a. Describe the dependencies that might affect testing.
Identify the Results and Effects of the Solution
1. Introduce the eighth step in troubleshooting.
2. Describe the steps that should be taken after testing the solution implementation.
Document the Solution and Process
1. Describe the ninth step in troubleshooting.
2. Discuss ways to document the solution and process.
a. Explain the purpose of and components in a call tracking system.
Network+ Guide to Networks, 5th Edition
13-6
3. Review the fields that should be included in a typical problem record if no call tracking
system is available.
4. Define and describe a supported services list document.
5. Explain why it is important to follow-up with the user.
Teaching
Tip
Demonstrate the availability of a call tracking systems by performing a Google
search with the keywords “network call tracking software”. Review and discuss
the results list with the class.
6. Discuss methods for notifying others of changes.
a. Emphasize the importance of recording a problem’s resolution in the call
tracking system, and notifying others of the solution.
b. Describe the two purposes this communication serves.
7. Discuss the types of changes that network personnel should record in a change
management system.
8. Point out that it is generally not necessary to record minor modifications.
Help to Prevent Future Problems
1. Point out that many network problems can be averted by network maintenance,
documentation, security, or upgrades.
Teaching
Tip
Microsoft System Center Essentials 2007 is a commercial product providing a
unified management solution that enables IT professionals in midsize
organizations to proactively manage their IT environment with increased
efficiency. Navigate to the product Web site at
http://www.microsoft.com/systemcenter/essentials to demonstrate the products
capabilities.
Quick Quiz 1
1. True or False: Experience in a network environment may prompt a network professional
to follow the troubleshooting steps in a different order or to skip certain steps entirely.
Answer: True
2. One danger in troubleshooting technical problems is jumping to conclusions about the
____________________.
Network+ Guide to Networks, 5th Edition
13-7
Answer: symptoms
3. To find the probable cause, you might need to ____.
a. Identify the symptoms and problems
b. Verify user competency
c. Determine what has changed
d. Determine whether escalation is necessary
Answer: B
4. Physical connectivity problems often prove more difficult to isolate and resolve than
logical connectivity problems because they can be more complex.
Answer: False
5. True or False: It is best to roll out changes in stages for large systems.
Answer: True
Troubleshooting Tools
1. Introduce the subject of troubleshooting tools.
2. Remind students of the ping command and its use.
3. Note that most efficient troubleshooting approach is to use a tool specifically designed
to analyze and isolate network problems.
4. Point out that the tool selected depends on the specific problem and the characteristics
of the network.
Crossover Cable
1. Define a crossover cable and explain how it is used in troubleshooting.
Tone Generator and Tone Locator
1. Describe the ideal and realistic characteristics of telecommunications wiring.
2. Define and explain the use of a tone generator.
3. Define and explain the use of a tone locator.
4. Point out that when a tone generator and a tone locator are sold together, they are called
a probe kit.
5. Use Figure 13-4 to illustrate the use of a tone generator and a tone locator.
a. Note that testing requires trial and error technique.
b. Point out this combination of devices is also known as a fox and hound, because
the locator (the hound) chases the generator (the fox).
Network+ Guide to Networks, 5th Edition
13-8
6. Describe the use of tone generators and tone locators.
7. Emphasize that tone generators and tone locators cannot be used to determine any
characteristics about a cable, such as whether it is defective or whether its length
exceeds IEEE standards for a certain type of network.
Teaching
Tip
Emphasize that a tone generator should never be used on a wire that is connected
to a device’s port or network adapter. Because a tone generator transmits
electricity over the wire, it could damage the device or network adapter.
Multimeter
1. Describe and explain how a multimeter works.
2. Describe a voltmeter.
3. Describe and explain resistance.
4. Describe and explain impedance.
5. Use Figurer 13-5 to illustrate a multimeter.
Cable Continuity Testers
1. Define and describe cable checkers.
2. Explain how copper-base cable checkers work.
3. Explain how fiber-optic continuity checkers work.
4. Emphasize the importance of testing all network cables whether homemade or
purchased for correct reading.
5. Describe the convenience factors cable continuity checkers offer.
6. Use Figurer 13-6 to illustrate two cable continuity checkers.
Teaching
Tip
Popular manufacturers of cable testing devices include Belkin, Fluke, Microtest,
and Paladin. Navigate to the Fluke Web site at
http://www.flukenetworks.com/fnet/en-us/ and review their products and articles
on a variety of topics.
Network+ Guide to Networks, 5th Edition
13-9
Cable Performance Testers
1. Define and describe cable performance testers.
2. Explain the differences between continuity testers and performance testers.
3. Explain TDR (time domain reflectometer).
4. Describe fiber-optic continuity testers.
5. Explain the functionality of OTDRs (optical time domain reflectometers).
6. Note the expense of cable performance testers.
7. Use Figurer 13-7 to illustrate a cable performance tester.
Voltage Event Recorders
1. Define and describe a voltage event.
2. Describe a voltage event recorder.
3. Use Figure 13-8 to illustrate a voltage event recorder.
Butt Set
1. Define and describe a butt set.
2. Explain why this device is often referred to as a lineman’s handset or telephone test set.
3. Describe how a butt set can be used for troubleshooting.
4. Use Figure 13-9 to illustrate a butt set.
Network Monitors
1. Define and explain network monitors.
2. Discuss the various places from which a network monitor may be obtained.
3. Point out that all network monitors tend to use similar graphical interfaces.
4. Mention that to take advantage of network monitoring and analyzing tools, the network
adapter installed in the machine running the software must support promiscuous mode.
5. Describe the functions all network monitoring tools can perform.
6. Describe some additional functions network monitoring tools can perform.
Network+ Guide to Networks, 5th Edition
13-10
7. Explain how capturing data help you solve a problem.
8. Review some commonly used terms for abnormal data patterns and packets, along with
their characteristics.
Teaching
Tip
Students may read more on analyzing network data with Network Monitor at
http://technet.microsoft.com/en-us/library/cc723623.aspx
Protocol Analyzers
1. Define and describe protocol analyzers.
2. Discus the variety of protocol analyzer tools available.
3. Discuss the features of protocol analyzers as compared to network monitors.
4. Explain the history of the term sniffer.
5. Use Figure 13-10 to illustrate the distribution of traffic captured by a protocol analyzer.
6. Describe the versatility protocol analyzers offer.
7. Explain what information needs to be gathered before using the protocol analyzer.
Wireless Network Testers
1. Define and describe the software and hardware wireless networking tools available.
2. Explain the three advantages of using a vendor supplied tool.
Teaching Students may read more information on troubleshooting tools at
http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1902.html
Tip
Quick Quiz 2
1. A ____ is useful for quickly and easily verifying that a node’s NIC is transmitting and
receiving signals properly.
a. crossover cable
b. tone generator
c. multimeter
d. continuity tester
Answer: A
Network+ Guide to Networks, 5th Edition
13-11
2. True or False: The difference between continuity testers and performance testers lies in
their sophistication and price.
Answer: True
3. A(n) ____________________ collects data about power quality.
Answer: voltage event recorder
4. True or False: Some NOSs come with network monitoring tools.
Answer: True
5. A(n) ____________________ is a tool that can assess the quality of the wireless signal.
Answer: spectrum analyzer
Class Discussion Topics
1. As a class, discuss the importance of documenting network problems and solutions.
What can be done if a lack of time interferes with the documentation process?
2. As a class, discuss the similarities and differences between a network monitor and a
protocol analyzer. Is there overlap in functionality? Are there distinguishing
characteristics?
Additional Projects
1. Hundreds of network monitoring tools exist. You can purchase or download free
network monitoring tools developed by software companies. Students should go to the
Web and research three network-monitoring tools, and provide a report of their
findings. The report should include a comparison of the products.
Additional Resources
1. Project Management Institute
http://www.pmi.org
2. Microsoft TechNet
http://technet.microsoft.com
3. Cisco support page
http://www.cisco.com/en/US/support
4. Windows Networking home page
http://www.windowsnetworking.com
Network+ Guide to Networks, 5th Edition
13-12
5. Wireshark
http://www.wireshark.org
6. Netscout
http://www.netscout.com/default.asp
7. Black box online store
http://www.blackbox.com/store/storefront.aspx
Key Terms
 baseline - A record of how a network operates under normal conditions (including its
performance, collision rate, utilization rate, and so on). Baselines are used for
comparison when conditions change.
 butt set - A tool for accessing and testing a telephone company’s local loop. The butt
set, also known as a telephone test set or lineman’s handset, is essentially a telephone
handset with attached wires that can be connected to local loop terminations at a demarc
or switching facility.
 cable checker - See continuity tester.
 cable performance tester - A troubleshooting tool that tests cables for continuity, but
can also measure cross talk, attenuation, and impedance; identify the location of faults;
and store or print cable testing results.
 cable tester - A device that tests cables for one or more of the following conditions:
continuity, segment length, distance to a fault, attenuation along a cable, near-end cross
talk, and termination resistance and impedance. Cable testers may also issue pass/fail
ratings for wiring standards or store and print cable testing results.
 call tracking system - A software program used to document technical problems and
how they were resolved (also known as help desk software).
 change management system - A process or program that provides support personnel
with a centralized means of documenting changes made to the network.
 continuity tester - An instrument that tests whether voltage (or light, in the case of
fiberoptic cable) issued at one end of a cable can be detected at the opposite end of the
cable. A continuity tester can indicate whether the cable will successfully transmit a
signal.
 escalate - In network troubleshooting, to refer a problem to someone with deeper
knowledge about the subject. For example, a first-level support person might escalate a
router configuration issue to a second- or third-level support person.
 first-level support - In network troubleshooting, the person or group who initially
fields requests for help from users.
 fox and hound - Another term for the combination of devices known as a tone
generator and a tone locator. The tone locator is considered the hound because it
follows the tone generator (the fox).
 ghost - A frame that is not actually a data frame, but rather an aberration caused by a
device misinterpreting stray voltage on the wire. Unlike true data frames, ghosts have
no starting delimiter.
 giant - A packet that exceeds the medium’s maximum packet size. For example, any
Ethernet packet that is larger than 1518 bytes is considered a giant.
Network+ Guide to Networks, 5th Edition
13-13
 help desk analyst - A person who’s proficient in basic (but not usually advanced)
workstation and network troubleshooting. Help desk analysts are part of first-level
support.
 help desk coordinator - A person who ensures that help desk analysts are divided into
the correct teams, schedules shifts at the help desk, and maintains the infrastructure to
enable analysts to better perform their jobs. They might also serve as third-level support
personnel, taking responsibility for troubleshooting a problem when the second-level
support analyst is unable to solve it.
 jabber - A device that handles electrical signals improperly, usually affecting the rest of
the network. A network analyzer will detect a jabber as a device that is always
retransmitting, effectively bringing the network to a halt. A jabber usually results from a
bad NIC. Occasionally, it can be caused by outside electrical interference.
 late collision - A collision that takes place outside the normal window in which
collisions are detected and redressed. Late collisions are usually caused by a defective
station (such as a card, or transceiver) that is transmitting without first verifying line
status or by failure to observe the configuration guidelines for cable length, which
results in collisions being recognized too late.
 lineman’s handset - See butt set.
 local collision - A collision that occurs when two or more stations are transmitting
simultaneously. Excessively high collision rates within the network can usually be
traced to cable or routing problems.
 multimeter - A simple instrument that can measure multiple characteristics of an
electric circuit, including its resistance and voltage.
 negative frame sequence check - The result of the CRC (cyclic redundancy check)
generated by the originating node not matching the checksum calculated from the data
received. It usually indicates noise or transmission problems on the LAN interface or
cabling. A high number of (nonmatching) CRCs usually results from excessive
collisions or a station transmitting bad data.
 network analyzer - See protocol analyzer.
 network monitor - A software-based tool that monitors traffic on the network from a
server or workstation attached to the network. Network monitors typically can interpret
up to Layer 3 of the OSI model.
 Network Monitor - A network monitoring program from Microsoft that comes with
Windows Server 2003 and Server 2008 (as well as with Windows NT and Windows
2000 Server).
 ohmmeter - A device used to measure resistance in an electrical circuit.
 optical time domain reflectometer - See OTDR.
 OTDR (optical time domain reflectometer) - A performance testing device for use
with fiberoptic networks. An OTDR works by issuing a light-based signal on a fiberoptic cable and measuring the way in which the signal bounces back (or reflects) to the
OTDR. By measuring the length of time it takes the signal to return, an OTDR can
determine the location of a fault.
 packet sniffer - See protocol analyzer.
 probe - See tone locator.
 promiscuous mode - The feature of a network adapter that allows it to pick up all
frames that pass over the network - not just those destined for the node served by the
card.
Network+ Guide to Networks, 5th Edition
13-14
 protocol analyzer - A software package or hardware-based tool that can capture and
analyze data on a network. Protocol analyzers are more sophisticated than network
monitoring tools, as they can typically interpret data up to Layer 7 of the OSI model.
 runt - A packet that is smaller than the medium’s minimum packet size. For instance,
any Ethernet packet that is smaller than 64 bytes is considered a runt.
 second-level support - In network troubleshooting, a person or group with deeper
knowledge about a subject and to whom first-level support personnel escalate problems.
 sniffer - See protocol analyzer.
 spectrum analyzer - A tool that assesses the characteristics (for example, frequency,
amplitude, and the effects of interference) of wireless signals.
 supported services list - A document that lists every service and software package
supported within an organization, plus the names of first- and second-level support
contacts for those services or software packages.
 TDR (time domain reflectometer) - A high-end instrument for testing the qualities of
a cable. It works by issuing a signal on a cable and measuring the way in which the
signal bounces back (or reflects) to the TDR. Many performance testers rely on TDRs.
 telephone test set - See butt set.
 third-level support - In network troubleshooting, a person or group with deep
knowledge about specific networking topics to whom second-level support personnel
escalate challenging problems.
 time domain reflectometer - See TDR.
 tone generator - A small electronic device that issues a signal on a wire pair. When
used in conjunction with a tone locator, it can help locate the termination of a wire pair.
 tone locator - A small electronic device that emits a tone when it detects electrical
activity on a wire pair. When used in conjunction with a tone generator, it can help
locate the termination of a wire pair.
 toner - See tone generator.
 voltage event - Any condition in which voltage exceeds or drops below predefined
levels.
 voltage event recorder - A device that, when plugged into the same outlet that will be
used by a network node, gathers data about the power that outlet will provide the node.
 voltmeter - A device used to measure voltage (or electrical pressure) on an electrical
circuit.