Troubleshooting Network Issues

Gathering Initial Information

• Starting Point: No prior information is available; initial step involves gathering details.
• Techniques: Available Tools
  • LLDP (Link Layer Discovery Protocol): Used on switches.
  • CDP (Cisco Discovery Protocol): Cisco's version of LLDP.
  • Network Scanners: Perform ping scans/port scans to identify devices.
  • SNMP (Simple Network Management Protocol): Used in ongoing scans by some organizations.

Traffic Analysis

• Purpose: Understand the type of traffic and devices on the network.
• Methods:
  • Frame-by-Frame/Packet-by-Packet Analysis: A detailed approach.
  • Simplified Views: To avoid sifting through massive data volumes.
• Firewalls Logs:
  • Information Captured:
    • Traffic timestamps
    • Protocols (e.g., TCP, UDP)
    • Port numbers
    • Source and destination IPs
    • Possible IP to hostname conversion

Performance Monitoring

• Purpose: Assess device performance and identify issues.
• Tools and Techniques:
  • SNMP: For network utilization and error statistics.
  • NetFlow Statistics and Protocol Analysis: Offers detailed insights.
  • Availability Monitoring: Checks if devices are up or down.
  • Real-Time Monitoring and Alerts: For immediate problem identification.

Device Configuration Management

• Configuration Files:
  • Storage and Backup: Files should be backed up and stored for future use.
  • Version Compatibility: Config files must match the software version.
  • Downgrading Option: Allows for older config file compatibility.
• Change Management:
  • Ongoing Monitoring: Alerts on unauthorized changes to configurations.
  • Integrated Management System: Part of a larger change control process.

Conclusion

• Regular Monitoring and Reporting: Crucial for maintaining network health and performance.
• Configuration Control: Essential to ensure consistent device settings and compliance.