Dec 16, 2025
If you want to work in IT or cybersecurity, you need to prove one thing fast: you can troubleshoot under pressure. CompTIA Network+ (N10-009) tests that skill directly, and employers care even more than the exam does. The good news is troubleshooting is a learnable process, not a talent.
This post gives you:
A Network+ aligned troubleshooting methodology
A practical tool workflow you can drill daily
A 20-minute routine you can start today
PBQ thinking patterns that convert directly into points
Network+ context (what you are preparing for)
Network+ N10-009 details (per CompTIA):
Up to 90 questions
90 minutes
Multiple-choice + performance-based questions (PBQs)
Passing score 720 on a 100–900 scale
US exam voucher retail price is commonly listed as $369 (pricing can change)
Quick exam facts table:
Item | Network+ (N10-009) |
|---|---|
Max questions | 90 |
Time limit | 90 minutes |
Question types | Multiple choice + PBQs |
Passing score | 720 (100–900 scale) |
US exam voucher price | $369 (may change) |
The troubleshooting methodology Network+ expects (and how to use it)
CompTIA wants a structured approach that minimizes downtime and avoids making things worse. Use this loop every time:
Identify the problem
What exactly is failing: DNS resolution, reachability, authentication, throughput, latency?
Who is affected: one user, one VLAN, one site, everyone?
When did it start: after a change, after a reboot, intermittent?
Establish a theory of probable cause
Start with the simplest cause that fits the symptoms.
Split the problem into layers: physical, L2, L3, name resolution, application.
Test the theory to determine the cause
Use minimal impact tests first.
Validate assumptions with quick commands before changing anything.
Establish a plan of action
If production: choose the lowest risk change first.
If a lab: still practice safe habits and keep notes.
Implement the solution or escalate as necessary
If you cannot fix it safely or lack access, escalate with evidence.
In real jobs, escalation quality matters.
Verify full system functionality and implement preventive measures
Confirm the original symptom is gone.
Confirm nothing else broke.
Add a prevention step if applicable: document the fix, adjust monitoring, add guardrails, update configs.
Document findings, actions, and outcomes
Root cause, what proved it, and what you changed.
Your notes become reusable playbooks.
The skill that raises your score: scope + boundary
Most students lose points because they troubleshoot too broadly.
Scope: how big is the blast radius?
One device? One subnet? One VLAN? One site? All sites?
Boundary: what is the last thing that works?
Example: a PC can ping its gateway but cannot ping 8.8.8.8. The boundary is the default gateway/router.
Your tools help you find the boundary fast.
A practical tool workflow: Baseline -> Ping -> Traceroute -> Validate DNS -> Prove with Capture
Think of the tools as levels:
Baseline answers: “Is the host configured correctly?”
Ping answers: “Can I reach it, and is it stable?”
Traceroute answers: “Where does the path stop responding?”
DNS validation answers: “Is name resolution the issue?”
Wireshark answers: “What exactly happened on the wire?”
Important reality: ICMP can be blocked. Ping and traceroute failing does not always mean the path is down. That is why you validate with other tools and evidence.
Step 0: Baseline checks (30 seconds that saves 10 minutes)
Before you chase the network, confirm the host config is sane:
IP address, subnet mask, default gateway, DNS servers
Link status (up/down), Wi-Fi association, VLAN context (if known)
Common tools:
Windows: ipconfig /all
Linux: ip a, ip r, resolvectl status or /etc/resolv.conf
macOS: ifconfig, netstat -rn, scutil --dns
Step 1: Ping like a pro (not like a beginner)
Ping is not just connectivity. Use it to test assumptions and stability.
4 pings to run in order
Ping loopback (TCP/IP stack sanity check)
ping 127.0.0.1Ping your own IP (NIC and local IP assignment sanity check)
ping <your_IP>Ping your default gateway (local L2/L3 reachability)
ping <gateway_IP>Ping a known Internet IP (routing beyond the LAN)
ping 1.1.1.1 or ping 8.8.8.8
Then separate Internet from DNS:
If ping 8.8.8.8 works but ping google.com fails, suspect DNS.
What to look for in ping output
Packet loss: intermittent issues show here early.
Latency spikes: congestion, wireless interference, bufferbloat, duplex issues, failing links.
Consistent failure: wrong gateway, ACL/firewall blocks, down interface, bad route.
PBQ hint: Network+ questions often reward “boundary thinking.” If loopback works but gateway fails, the issue is local or L2. If gateway works but Internet IP fails, focus on routing or upstream. If Internet IP works but names fail, focus on DNS.
Step 2: Traceroute to find the failure boundary
Traceroute identifies the hop where replies stop returning.
Windows: tracert <destination>
Linux/macOS: traceroute <destination>
How to interpret traceroute quickly
Stops at hop 1 (your gateway): gateway problem, ACL, NAT, upstream routing, wrong route.
Stops after leaving your network: upstream issue, ISP, or destination filtering.
Some hops show * * * but later hops respond: not automatically a problem. Some devices deprioritize or block TTL exceeded responses while still forwarding traffic.
PBQ hint: traceroute output is often used to indicate:
Wrong default gateway
Missing route or wrong next hop
ACL blocking between subnets
Step 3: Validate DNS properly (do not guess)
If “IP works but names do not,” prove it with DNS tools:
Windows: nslookup google.com
Linux/macOS: dig google.com or nslookup google.com
What to look for:
No response: DNS server unreachable, blocked, or misconfigured.
NXDOMAIN: name not found, wrong domain, or DNS filtering.
Wrong IPs: misconfigured DNS, split DNS issues, poisoning in some environments.
This step makes your troubleshooting more exam-aligned than relying only on pinging hostnames.
Step 4: Prove the root cause with Wireshark (ARP, DNS, TCP)
Wireshark is your “court evidence.” Use it after ping/traceroute/baseline tells you where to look.
High-yield filters to memorize
ARP: arp
DNS: dns
ICMP (ping): icmp
TCP: tcp
Only show traffic to/from a host: ip.addr == 192.0.2.10
What Wireshark reveals in common Network+ scenarios
Scenario A: Cannot reach the gateway
Filter: arp
Signs:
Repeating ARP requests (“Who has gateway_IP?”) with no reply
Likely causes:Wrong VLAN, switchport issue, cabling, gateway interface down, port security.
Scenario B: Internet by IP works, websites do not (DNS issue)
Filter: dns
Signs:
DNS queries with no responses
NXDOMAIN responses
Responses returning unexpected IPs
Scenario C: Connection stalls (TCP handshake problems)
Filter: tcp
Signs:
Many SYN packets with no SYN/ACK (filtered, unreachable, or asymmetric path)
RST packets (port closed or actively refused)
Capture strategy that keeps you efficient
Start capture, reproduce the problem immediately, stop capture.
Use Statistics -> Conversations to see top talkers and protocols quickly.
Add these Network+ tools (they show up constantly)
If you want the post to be “Network+ complete,” include these in your workflow:
IP and interface troubleshooting
Windows: ipconfig, route print
Linux/macOS: ip a, ip r, netstat -rn
Neighbor and L2 clues
arp -a (Windows/macOS), ip neigh (Linux)
Port and service reachability
Windows PowerShell: Test-NetConnection <host> -Port <port>
Cross-platform: nc -vz <host> <port> (netcat)
Optional: curl -I https://example.com
Connections and sockets
netstat -an, ss -tulpen
Packet capture without Wireshark GUI
tcpdump (very common in real environments)
Mapping and discovery (know what it is, even if you do not master it yet)
nmap basics (host up, common ports, service detection concepts)
A lab routine you can follow in 20 minutes per day (Mon–Fri)
You do not need a huge home lab. You need repeatable drills.
Daily 20-minute troubleshooting drill
Minutes 1–5: Create a micro-scenario (pick one)
Wrong DNS server
Wrong default gateway
Wrong subnet mask
Firewall rule blocks ICMP or blocks a specific port
Host moved to the wrong VLAN (simulated in a lab)
Minutes 6–10: Run the baseline tool chain
Baseline: check IP, mask, gateway, DNS
Ping: loopback -> gateway -> Internet IP -> hostname
Traceroute: to Internet IP or internal server
Minutes 11–18: Prove with evidence
If DNS suspected: nslookup or dig
If L2 suspected: ARP table and/or Wireshark arp
If service suspected: port test (Test-NetConnection or nc)
If unsure: Wireshark capture while reproducing
Minutes 19–20: Document in 3 lines
Symptom:
Root cause:
Proof (command output or packet detail):
Weekly progression (4-week plan)
Week | Focus | Goal |
|---|---|---|
1 | Layer 1–2 issues (link, VLAN symptoms, ARP) | Identify local vs switched-network problems fast |
2 | Layer 3 issues (gateway, routes, subnetting symptoms) | Use ping + traceroute to set the boundary within 2 minutes |
3 | Name resolution + services (DNS, DHCP symptoms) | Diagnose “IP works, name fails” and “no address” cases confidently |
4 | Mixed failures + performance | Distinguish outage vs degradation and pick the right tool |
How to think through Network+ PBQs under time pressure
PBQs often simulate a ticket with partial info. Use this decision tree:
Is the host configured correctly?
IP, mask, gateway, DNSIs local reachability working?
Can it reach gateway? ARP resolving?Is the path beyond the LAN working?
Traceroute boundary, routing evidenceIs it DNS or the application/service?
IP vs name, port reachability, confirm with capture if needed
Choose the next tool that answers the next question with the least effort:
If you do not know where it fails: traceroute
If you do not know if it fails at all: ping (plus a port test if ICMP might be blocked)
If you need to prove why it fails: Wireshark or tcpdump
High-yield troubleshooting patterns to memorize
Can ping IP, cannot access website
Often DNS or service/port issue. Prove with nslookup/dig and a port test.Can reach local devices, cannot reach other subnets
Often routing or ACL. Prove with traceroute boundary and route/gateway checks.Intermittent drops, Wi-Fi complaints
Often interference or congestion. Prove with ping loss/latency and retransmissions in capture.No connectivity after moving desks
Often wrong VLAN or port config. Prove with ARP symptoms and gateway reachability.
FAQ
1) Should I learn Wireshark for Network+ or is that more Security+?
Learn it now. Network+ includes troubleshooting and protocol analysis concepts. Basic filters (arp, dns, icmp, tcp) boost PBQ confidence.
2) Fastest way to tell routing vs DNS?
Ping a known IP, then test DNS with nslookup/dig. If IP works and name fails, suspect DNS.
3) My traceroute shows asterisks. Is that always packet loss?
No. Some devices do not respond to traceroute probes while still forwarding traffic.
4) How do I practice without breaking home Internet?
Use a contained lab (VMs, spare router/AP). If using your main network, change only client-side settings and revert immediately.
5) What should I write after each drill?
Symptom, boundary, root cause, and the one command or packet detail that proved it. This improves exams and interviews.
Turn this into points on the exam (and skills on the job)
Troubleshooting is a process you can train. If you practice the Baseline -> Ping -> Traceroute -> Validate DNS -> Prove with Capture workflow and document boundary plus proof daily, you stop guessing and start diagnosing.
Master performance-based questions at pbq.cyberexamprep.com: practice real PBQ scenarios for A+, Network+, and Security+.
