IT & InfoSec Troubleshooting Tools

IT & InfoSec Troubleshooting Tools

Troubleshooting Tools Are Important

I covered the basic troubleshooting methodology here. In this article we will cover some basic IT & InfoSec troubleshooting tools. There are some basic command line commands that everyone should be familiar with, and they include Ping, traceroute/tracert, ipconfig/ifconfig, netstat and Nslookup. These tools should be in every IT and Infosec person’s toolbelt because they provide you the information you need to diagnose the symptoms of your problem.

Ping

Ping is a simple tool that uses the ICMP protocol to send packets to the destination you choose and listen for a response. On Linux and Unix machines, it will continue to send packets until you stop it (typically control+a keystroke). On Windows machines, it will send 4 packets and stop itself.

To use ping, you simple type the command like this: ping <ip address or hostname>

Switches for ping include -a which can resolve dns, and -t which in windows provides continuous ping.

If a machine loses connectivity to the internet, you can use ping to another device on your network like your router or switch to see if it can at least reach there. In most cases if you receive a response than that connection is good. If a remote device is reporting a loss of connectivity, you can ping it to see if you can reach it now. If you do not get a response to a ping, then the next tool to use is traceroute.

Trace route

If you can’t reach a destination, it is important to know if you can reach anywhere else on the way to it. Using traceroute can tell you where the connection issue is occurring on your network. Traceroute will show you the path that the packet is taking to reach your destination, and the ip address/hostname where it stops. When you figure out where the connection is lost, you have isolated the issue. If it is an internal device, you can try to connect to it and continue troubleshooting. Some potential issues could be an ACL dropping that traffic, a device malfunctioning that is required to route traffic (like a load balancer, router or firewall) or a broken wire/connector.

Trace route has different syntax on a windows or unix/linux machine. On a Windows machine, it looks like this:

tracert <ip or domain name>

On linux/unix machines

traceroute <ip or domain name>

ip/if config

Knowing what the ip of the machine you are on can be an important step in troubleshooting. There are many situations where this tool will give you the answer to your problems. If there is not an IP configured, then DHCP could be broken or the machine could be misconfigured. If the wrong IP somehow got configured, that would also cause it to stop working properly. Sometimes, machines will use more than one network interface card, and you can configure traffic to use a specific one. If this gets misconfigured, than connectivity will be lost as well.

On the Windows operating system, the tool is called IP config and the syntax looks like this:

ipconfig

On Linux/Unix machines, the tool is called if config, and the syntax looks like this:

ifconfig

Netstat

Netstat is a tool that will show you the network connections, network interfaces and routes known by your machine. This tool is on both Windows and Linux operating systems, but mostly used for windows. This tool is useful because it gives you a more detailed view of what is going on with the machine. If you see tcp connections over familiar ports like 80 or 443, you can know that there are connections using http and https. The display of this command has a proto table which is the protocol (TCP or UDP), the local ip address, the foreign address the connection is with, and the state. If a connection is supposed to be there and it isn’t, you have found your issue. To use this tool on Windows or Linux/Unix machines, just type: netstat .

Nslookup

If you are having a problem with connectivity, but the network is able to resolve the ip address, it might be a DNS issue. You can use nslookup to query dns records to make sure they are configured properly. In the previous post about DNS basics, I explained how DNS means domain naming system and it resolves names to ip address, or ip addresses to names. If these are not configured with the right information, than things like websites won’t work.

The syntax is this:

nslookup <domain>

How are these used on the job?

Scenario 1:

One of our old sites couldn’t connect to a new site we had just configured. The junior personnel onsite said they double checked configurations and everything looked good. First, I had the old site see if they could ping the domain of the new site, and it didn’t work. I called the new site and asked them to run an ifconfig on one of their servers so we could get the ip address. We then tried to ping the ip address and it worked. This was the clue to me that it had a good connection to the new site, but could not resolve the domain name. We used Nslookup to check the dns entries while I was there and found that one number was off. After fixing it, the old site was able to connect to the new site.

Scenario 2:

During my morning health checks I checked my logs to find that a server was unreachable. I tried pinging the domain name of the server, and could not connect. Then, I tried traceroute to see where I was getting, and it was reaching the remote facility and not getting a response. I called over there and told them to check the machines connections, and it was offline. After rebooting it, I was able to ping it.

Scenario 3:

I was troubleshooting a unique system that was new to my site. It wasn’t able to connect to our remote site. I used ping to make sure we had a connection, and it was good. I didn’t know anything about this system so I used netstat to see what connections it was trying to make to the remote site and found it used tcp port 20000. Since this was a custom installation, I thought that during the install they did not configure an acl or firewall rule properly, and knowing what port it used, found that I was right. Our firewall was not allowing the packets to pass through because the rule was set to 2000 by mistake.

Conclusion

Knowing these basic IT & InfoSec Troubleshooting Tools is very important. If you know how to use them, it will help you successfully troubleshoot a lot of different issues.  Being able to speak about these tools in an interview and talk about how to use them, you can impress during an interview.

If you enjoyed this article, please subscribe to be notified about the latest posts or comment below. Thanks for reading!

Return to home page

Return to career page

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!