Network Troubleshooting

# Network Troubleshooting and Analysis [Ping](#Ping) - [Introduction](#Introduction-to-ping) - [Ping Command Options](#Ping-Command-Options) [Wireshark](#Wireshark) - [Introduction](#Introduction-to-wireshark) - [Features](#Features) ## Ping ### Introduction to ping Ping is a command-line program used to check the reachability of a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. It operates by sending Internet Control Message Protocol (ICMP) echo request messages to the target host and waiting for an ICMP echo reply. The term "ping" originates from sonar technology, where a ping is an audible sound wave sent out to locate an object; the echo of the sound wave can indicate the object's location and distance from the source. By analyzing ping results, network administrators could draw several conclusions, including host reachability, transmission latency and packet loss rate. Ping serve as the first test to map issues in networks and possible solutions for different problem displayed by ping results. ### Ping Command Options a. Without options > ping www.google.com > ping 192.168.4.1 Ping command without options in Linux system will send ICMP echo continuously, while in Windows system it will send 4 ICMP echo message b. -c option > ping -c 5 www.google.com > ping -c 5 192.168.4.1 -c option are used to specify the count of ICMP echo messages destined to a host. Both of the example will send 5 echo messages before stopped. c. -i options > ping -i 0.5 www.google.com > ping -i 1 192.168.4.1 -i option are used to specify interval between echo messages. The upper command will send echo messages to www.google.com every 0.5 second while the lower will send echo messages every 1 second to machine with IP address 192.168.4.1 d. -s options > ping -s 50 www.google.com > ping -s 100 192.168.4.1 -s options are used to specify the size of the message. The first example will send a 50 bytes sized echo message while the second will send a 100 bytes sized echo messages. e. -I options > ping -I enp0s3 www.google.com > ping -I wlan0 192.168.4.1 -I options are used to specify local machine physiscal interface that emitt echo message. ## Wireshark ### Introduction to wireshark Wireshark is a graphical user interface (GUI)-based packet analyzer software that captures and analyzes every frame forwarded by a specific network interface. It supports multiple layer 2 protocols such as Wi-Fi, Ethernet, Bluetooth, and many others. Common use cases for Wireshark include educational purposes and network troubleshooting. Wireshark can run on Windows, various Linux distributions, and macOS making it one of the most used tools for network analysis. ### Features #### Wireshark GUI Component ![image](https://hackmd.io/_uploads/SkwspeJsT.png) a. **Menu** **File** : The file tab containing button to open and save a wireshark capture file **View** : The view tab containing button to change time format and other displaying format to improve readibility **Statistics** : This tab containing descriptive information such as count of or total size of each protocol and conversations b. **Packet List** **Time** : A column that displays timestamp of each captured packet **Source** : Source IP or MAC address of a packet **Destination** : Destination IP or MAC address of a packet **Protocol** : Highest level protocol detected by wireshark. Common protocol including ICMP, TCP, UDP, HTTP, SSL **Length** : Size of captured packet **Info** : Additional message of a packet, usually a description of a packet c. **Packet Details** Packed details located under packet list tab. Packed details containing detailed data and value of each protocol field attached in a packet header. This data including Ethernet frame fields (MAC Address, frame size), IP packet header(IP address, TTL, etc), TCP(segment number, port number, window size, flags), HTTP(headers, body and request parameters)