If names are not resolving, what could happen? and how can we test it?
Web browsing doesn’t work(Internet is broken). We can test it by pinging the IP address and see if it works, it means it’s not a connectivity issue.
How can we troubleshoot DNS issues?
- Check your IP configuration(is the DNS address correct?)
- Use “nslookup” or “dig” to test
- Try a different DNS server(Google is 8.8.8.8 and 8.8.4.4 or Quad9 is 9.9.9.9)
What are some IP configuration issues?
- Communicate to a local IP addresses(but not outside subnets)
- No IP communication(local or remote)
- Communicate to some IP addresses(but not others)
How can we troubleshoot IP configurations?
- Check your documentation(IP address, subnet mask, gateway)
- Monitor the traffic(examine local broadcast)
- Check devices around you(confirm your subnet mask and gateway)
- Traceroute and ping(Issue might be our interference)
What could duplicating IP addresses cause?
Intermitten connectivity(the two addresses “fight” with each other.
how can we troubleshoot duplicate IP addresses?
- Check your IP addresses(did we misconfigure something?)
- Ping an IP address before static addressing(Does it respond)
- Determine the IP addresses(ping the IP address, check our ARP table, find the MAC address in our switch MAC table)
- Capture the DHCP process(what DHCP servers are responding?)
What kind of problem do duplicating MAC addresses can cause? How can we confirm the MAC address of a device?
Intermitten connectivity. By using the ARP command from another computer, we can confirm the MAC matches the IP.
What should we do when we have an expired IP address?
Check the status of our DHCP server.
What is a rogue DHCP server?
It’s a non-authorized server that assigns IP addresses(there is no inherent security in DHCP)
what can a rogue DHCP server cause?
Client is assigned an invalid or duplicate address(intermitten connectivity or no connectivity)
How can we disable rogue DHCP communication?
Enable DHCP snooping on our switch and then disable the rogue DHCP server and renew the IP leases.
What is untrusted SSL certificate?
The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts.
Why is the correct time on a system important?
Some cryptography is very time sensitive.
How can we resolve an incorrect time?
Configure NTP on all devices(automate the clock setting)
What happens when we have an exhausted DHCP scope?
Client will receive an APIPA address(local subnet communication only)
How can we resolve and prevent exhausted DHCP scope?
resolve: Check the DHCP server(add more IP addresses if possible)
prevent: IPAM(IP address management) may help(monitor and report on IP address shortages) or lower the lease time(especially if there are a lot of transient users)
What does the blocked TCP/UDP ports affect? and what could cause that?
a) Applications not working(slowdowns with other applications)
b) Firewall or ACL configuration(security choke points)
How can we resolve blocked TCP/UDP ports?
- Confirm with a packet capture to see if there is any communication problems.
- Run a TCP-or UDP-based traceroute tool(see how far your packet can go)
How can we resolve incorrect host-based firewall setting?
Check the host-based firewall settings and then take a packet capture to see if the traffic made it to the network or not.
How can we confirm an incorrect ACL setting?
We can confirm it with packet captures and TCP/UDP traceroutes(identify the point of no return)
What is unresponsive service?
a) It’s when there is no response to an application request(no answer)
b)
how can we confirm unresponsive service?
- Check the port number to see if we have the right one(and the protocol type of TCP/UDP)
- Confirm connectivity(ping, traceroute)
- We check to see if the application is still working(telnet to the port number and see if it responds)
What can hardware failure cause?
No response(application doesn’t respond)
How can we confirm a hardware failure?
- Confirm connectivity(without a ping, we are not going to connect)
- Run a traceroute(See if we are being filtered, if not it should make it to the other side)
- Check the server(Lights?Fire?)
