Category 05: Network Troubleshooting & Tools (60 Facts)

Identify the problem — gather info, question users, duplicate the issue (Domain 5.1).
Establish a theory of probable cause (Domain 5.1).
Test the theory to confirm root cause (Domain 5.1).
Establish a plan of action and identify potential effects (Domain 5.1).
Implement the solution or escalate if necessary (Domain 5.1).
Verify full system functionality and apply preventative measures (Domain 5.1).
Document findings, actions, and outcomes for future reference (Domain 5.1).

No connectivity may result from bad cables, NIC issues, or switch port failures (Domain 5.2).
Intermittent connectivity often points to loose connections or EMI (Domain 5.2).
Slow transfer speeds may be caused by duplex mismatch or congestion (Domain 5.2).
IP conflicts occur when two hosts share the same IP (Domain 5.2).
Duplicate MAC addresses cause network instability (Domain 5.2).
Incorrect gateway settings prevent external access (Domain 5.2).
Unresponsive services may indicate firewall or DNS issues (Domain 5.2).
High CPU utilization on network devices reduces performance (Domain 5.2).
Wireless signal interference degrades performance (Domain 5.2).
Excessive collisions in half-duplex networks cause retransmissions (Domain 5.2).

ping verifies connectivity to a host (Domain 5.3).
traceroute/tracert shows the path packets take (Domain 5.3).
nslookup/dig queries DNS servers (Domain 5.3).
ipconfig/ifconfig/ip displays IP configuration (Domain 5.3).
arp -a shows ARP cache and IP-to-MAC mappings (Domain 5.3).
netstat displays active connections and ports (Domain 5.3).
nmap scans hosts and services (Domain 5.3).
tcpdump captures live traffic for analysis (Domain 5.3).
pathping combines ping and traceroute diagnostics (Domain 5.3).
whois reveals domain ownership information (Domain 5.3).

Cable tester verifies continuity, wiring, and shorts (Domain 5.4).
TDR (Time Domain Reflectometer) locates cable faults (Domain 5.4).
OTDR (Optical TDR) locates fiber optic faults (Domain 5.4).
Tone generator and probe trace cables through walls (Domain 5.4).
Loopback plug tests NIC transmit/receive functions (Domain 5.4).
Punch-down tool terminates twisted-pair cables (Domain 5.4).
Crimper attaches RJ-45 connectors to cables (Domain 5.4).
Light meter measures optical fiber signal strength (Domain 5.4).
Multimeter measures voltage, resistance, continuity (Domain 5.4).
Spectrum analyzer identifies wireless interference sources (Domain 5.4).

Low signal strength may be due to distance or obstructions (Domain 5.5).
Incorrect SSID prevents clients from joining the WLAN (Domain 5.5).
Mismatched security settings (WPA2 vs WPA3) block access (Domain 5.5).
Channel overlap in 2.4 GHz reduces throughput (Domain 5.5).
Incorrect antenna placement creates dead zones (Domain 5.5).
AP overload from too many clients causes disconnections (Domain 5.5).
Rogue access points create security risks and instability (Domain 5.5).
Evil twin APs mimic real SSIDs to steal credentials (Domain 5.5).
Captive portal issues may prevent internet access after authentication (Domain 5.5).
Firmware mismatches cause instability in Wi-Fi controllers/APs (Domain 5.5).

Divide and conquer isolates faults by testing midpoint devices (Domain 5.6).
Top-to-bottom OSI approach starts at Application layer down (Domain 5.6).
Bottom-to-top OSI approach starts at Physical layer up (Domain 5.6).
Substitution (swap known-good cable/device) helps isolate issues (Domain 5.6).
Replication reproduces problem for accurate testing (Domain 5.6).
Escalation sends unresolved issues to higher support levels (Domain 5.6).
Root cause analysis identifies underlying reasons for recurring issues (Domain 5.6).
Post-mortem review analyzes outages to prevent future problems (Domain 5.6).
Change rollback restores configs after failed fixes (Domain 5.6).
Proactive monitoring detects issues before they become outages (Domain 5.6).

📊 Category Total: 60 Facts (tools, issues, methodology, wireless, and best practices)

Provide feedback