Troubleshooting Tools CCNA
Troubleshooting Tools CCNA

Troubleshooting Tools

Troubleshooting Tools


This topic describe different networking troubleshooting tools. Start learning CCNA 200-301 for free right now!!

Note: Welcome: This topic is part of Module 12 of the Cisco CCNA 3 course, for a better follow up of the course you can go to the CCNA 3 section to guide you through an order.

Software Troubleshooting Tools

As you know, networks are made up of software and hardware. Therefore, both software and hardware have their respective tools for troubleshooting. This topic discusses the troubleshooting tools available for both.

A wide variety of software and hardware tools are available to make troubleshooting easier. These tools may be used to gather and analyze symptoms of network problems. They often provide monitoring and reporting functions that can be used to establish the network baseline.

Click each button for a detailed description of common software troubleshooting tools.

Network management system (NMS) tools include device-level monitoring, configuration, and fault-management tools. These tools can be used to investigate and correct network problems. Network monitoring software graphically displays a physical view of network devices, allowing network managers to monitor remote devices continuously and automatically. Device management software provides dynamic device status, statistics, and configuration information for key network devices. Search the internet for “NMS Tools” for more information.

Online network device vendor knowledge bases have become indispensable sources of information. When vendor-based knowledge bases are combined with internet search engines, a network administrator has access to a vast pool of experience-based information.

For example, the Cisco Tools & Resources page can be found at under the Support menu. This page provides tools that can be used for Cisco hardware and software.

Many tools for automating the network documentation and baselining process are available. Baselining tools help with common documentation tasks. For example, they can draw network diagrams, help keep network software and hardware documentation up-to-date, and help to cost-effectively measure baseline network bandwidth use. Search the internet for “Network Performance Monitoring Tools” for more information.

Protocol Analyzers

Protocol analyzers can investigate packet content while flowing through the network. A protocol analyzer decodes the various protocol layers in a recorded frame and presents this information in a relatively easy to use format. The figure shows a screen capture of the Wireshark protocol analyzer.

Protocol Analyzers
Protocol Analyzers

The information displayed by a protocol analyzer includes the physical layer bit data, data link layer information, protocols, and descriptions for each frame. Most protocol analyzers can filter traffic that meets certain criteria so that all traffic to and from a device can be captured. Protocol analyzers such as Wireshark can help troubleshoot network performance problems. It is important to have both a good understanding of TCP/IP and how to use a protocol analyzer to inspect information at each TCP/IP layer.

Hardware Troubleshooting Tools

There are multiple types of hardware troubleshooting tools.

Click each button for a detailed description of common hardware troubleshooting tools.

Digital multimeters (DMMs) are test instruments that are used to directly measure electrical values of voltage, current, and resistance.

In network troubleshooting, most tests that would need a multimeter involve checking power supply voltage levels and verifying that network devices are receiving power.

Cable testers are specialized, handheld devices designed for testing the various types of data communication cabling. The figure displays the Fluke LinkRunner AT Network Auto-Tester.

Cable testers can be used to detect broken wires, crossed-over wiring, shorted connections, and improperly paired connections. These devices can be inexpensive continuity testers, moderately priced data cabling testers, or expensive time-domain reflectometers (TDRs). TDRs are used to pinpoint the distance to a break in a cable. These devices send signals along the cable and wait for them to be reflected. The time between sending the signal and receiving it back is converted into a distance measurement. The TDR function is normally packaged with data cabling testers. TDRs used to test fiber-optic cables are known as optical time-domain reflectometers (OTDRs).

Cable analyzers are multifunctional handheld devices that are used to test and certify copper and fiber cables for different services and standards.

The more sophisticated tools include advanced troubleshooting diagnostics that measure the distance to a performance defect such as near-end crosstalk (NEXT) or return loss (RL), identify corrective actions, and graphically display crosstalk and impedance behavior. Cable analyzers also typically include PC-based software. After field data is collected, the data from the handheld device can be uploaded so that the network administrator can create up-to-date reports.

Portable devices are used for troubleshooting switched networks and VLANs.

By plugging the network analyzer in anywhere on the network, a network engineer can see the switch port to which the device is connected, and the average and peak utilization. The analyzer can also be used to discover VLAN configuration, identify top network talkers (hosts generating the most traffic), analyze network traffic, and view interface details. The device can typically output to a PC that has network monitoring software installed for further analysis and troubleshooting.

The Cisco Prime Network Analysis Module (NAM) portfolio, shown in the figure, includes hardware and software for performance analysis in switching and routing environments. It includes an embedded browser-based interface that generates reports on the traffic that consumes critical network resources. In addition, the NAM can capture and decode packets and track response times to pinpoint an application problem to a network or server.

Cisco Prime Network Analysis Module
Cisco Prime Network Analysis Module

Syslog Server as a Troubleshooting Tool

Syslog is a simple protocol used by an IP device known as a syslog client, to send text-based log messages to another IP device, the syslog server. Syslog is currently defined in RFC 5424.

Implementing a logging facility is an important part of network security and for network troubleshooting. Cisco devices can log information regarding configuration changes, ACL violations, interface status, and many other types of events. Cisco devices can send log messages to several different facilities. Event messages can be sent to one or more of the following:

  • Console – Console logging is on by default. Messages log to the console and can be viewed when modifying or testing the router or switch using terminal emulation software while connected to the console port of the network device.
  • Terminal lines – Enabled EXEC sessions can be configured to receive log messages on any terminal lines. Like console logging, this type of logging is not stored by the network device and, therefore, is only valuable to the user on that line.
  • Buffered logging – Buffered logging is a little more useful as a troubleshooting tool because log messages are stored in memory for a time. However, log messages are cleared when the device is rebooted.
  • SNMP traps – Certain thresholds can be preconfigured on routers and other devices. Router events, such as exceeding a threshold, can be processed by the router and forwarded as SNMP traps to an external SNMP network management station. SNMP traps are a viable security logging facility but require the configuration and maintenance of an SNMP system.
  • Syslog – Cisco routers and switches can be configured to forward log messages to an external syslog service. This service can reside on any number of servers or workstations, including Microsoft Windows and Linux-based systems. Syslog is the most popular message logging facility, because it provides long-term log storage capabilities and a central location for all router messages.

Cisco IOS log messages fall into one of eight levels, as shown in the table.

. Level Keyword Description Definition
Highest Level 0 Emergencies System is unusable LOG_EMERG
1 Alerts Immediate action is needed LOG_ALERT
2 Critical Critical conditions exist LOG_CRIT
3 Errors Error conditions exist LOG_ERR
4 Warnings Warning conditions exist LOG_WARNING
Lowest Level 5 Notifications Normal (but significant) condition LOG_NOTICE
6 Informational Informational messages only LOG_NFO
7 Debugging Debugging messages LOG_DEBUG

The lower the level number, the higher the severity level. By default, all messages from level 0 to 7 are logged to the console. While the ability to view logs on a central syslog server is helpful in troubleshooting, sifting through a large amount of data can be an overwhelming task. The logging trap level command limits messages logged to the syslog server based on severity. The level is the name or number of the severity level. Only messages equal to or numerically lower than the specified level are logged.

In the command output, system messages from level 0 (emergencies) to 5 (notifications) are sent to the syslog server at

R1(config)# logging host 
R1(config)# logging trap notifications 
R1(config)# logging on

Glossary: If you have doubts about any special term, you can consult this computer network dictionary.

Ready to go! Keep visiting our networking course blog, give Like to our fanpage; and you will find more tools and concepts that will make you a networking professional.

More Goodies
Malware Types CCNA