Listening to The Art of Network Engineering podcast on my drive to and from teaching class, they discussed network tools used to troubleshoot the network. Now I haven't finished the podcast yet. Still, one thing brought up was tools like Telnet ( insert Ip address or host), then the port number, and you can see if your firewall is blocking that port to that device or it's a good indicator that the firewall is blocking it without checking the firewall logs or hunt through network switch ACLs. Telnet is a program that most security programs will say block it all since it uses plaintext and no encryption. So if you are still using telnet to get to that core switch, it might be time to switch to SSH, or if the switch can't support SSH, it's time to upgrade or update the firmware.
A tremendous built-in program to Windows PowerShell is the Test-NetConnection command. This is a command I learned with a vendor; now that I know it, it is my go-to tool. Here is the link to the Microsoft Docs, but let us dive into the command. This command is a part of the NetTCPIP Module of PowerShell, which has a slew of commands within its module.
If you hit enter on Test-Netconnection, it does a test to a msedge domain.
Here you can see my computer went to this DNS address at that IP address it translated to. It used my Wireless interface because my laptop is on Wi-Fi. What source address is used if the ping succeeded, and what was the reply time to that address. So that is much more information than the ping or traceroute will give you.
The following example is the information level detailed switch.
Notice that this example gives us two new lines. First, the Name Resolution results returned IPv4 and IPv6 addresses. Plus, as a bonus, the following hop route from this PC. This is an excellent test for users with multi-homed servers on networks, and maybe the second Nic has a different hop that is going to a separate switch.
In the following command, we add the Port switch to do a TCP port test.
We kept the same detailed information level, and now we have a few extra lines. we have a Remote port line, MatchingIPsecRules, Network Isolation Context , Isadmin, and TcpTest Succeeded. I usually don't run the information level detailed switch, but without it, here is what it looks like.
Much simpler results and something we can use quickly to troubleshoot issues. Now let us do port 22 and see if it connects.
That's great we got a fail; if it had passed, I might have worried about Microsoft's security there. You can see that it tried on both IPv4 and IPv6 Connections. Since it failed, it added a ping to the command, so it did two troubleshooting steps for you simultaneously. So tested, can you ping it, and is the port open? A great tool!
What else can it do?
Let us add a computer name switch and add google and port 443
That is how you add a Computer name, but does it work with IP addresses?
It does, and you can see above we did a Google DNS server and the DNS port.
Here is another useful 2-in-1 command Traceroute.
Gets you ping and a traceroute all in one. You don't get the per-hop details, but you get the down-and-dirty basics. Sadly you can't add the port switch to this, but it's still good. You can use the Hops switch to limit the TTLs.
Diagnostic Routing tells you your source address, interface, and the routes you are using to that address.
Other good commands
-ConstrainSourceAddress - To Delimitate the source IP address
-ConstrainInterface - To use interface number instead of IP address
That is a quick breakdown of the Test-NetConnection Command in Windows Powershell.
Comments