[guide] How to report computer and network issues

DON'T post new tutorials here! Please use the "Pending Submissions" board so the staff can review them first.
Post Reply
User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

[guide] How to report computer and network issues

Post by DNR »

I noticed a lot of posts on suck-o regarding computer and networking problems. Some of the posts are lacking in detail and important information that can help anyone solve the problem. Here I put together a guide to help people gather and present, and maybe even solve the problem on their own.

People usually only check their computers for problems when something happens. This is missing a critical part, a baseline. I usually perfer to baseline a computer right after a fresh install of the OS and expected use applications, like browsers, media players, and network tools. The baseline is a measurement of how your system is running, these are facts, concrete numbers that you can keep as a file. Some people might call the baseline a "benchmark", it works for me too. Someday you might be hungover or overcaffinated and think something is wrong with your computer - now you can check your computer stats against the baseline measurements! Using various tools, some already included with your OS, some freeware, and some you pay for. Some tools are called PC health checkers, but they do the same thing, the use their comparison of your computer with a certain standard. (avoid buying to into every PC health checker's claim that you need their software) You can also perform traceroutes and ping sweeps to measure your network's baseline as well. The more numbers that you can verify the helpful it will be to see if you do have a issue. A lot of experienced computer techs would be disappointed if you didn't establish a before and after baseline, it helps to determine where your problem lies.

So rule #1 would be to always establish a baseline on your computers and networks.
(rule #2 is always back-up important files)

When you detect an anomaly, you then perform another measurement of your system. This is an Investigation, sort of like a baseline exam, but like a snapshot after something happened. The investigative snapshot should include at least logs and scan reports. You should record exactly what error messages say.

Do the when, where, how, who, and what of what has happened.

What you are doing is providing helpful nfo so other people can help you. Just like your baseline stats, you now collect the stats you need to present to others (or yourself) about the computer issue.

Even if you have to write it out, do it like so:
Who: MS windows XPsp2, Mobile AMD Sempron Processor 2800+, 222MB RAM, ATI Radeon Xpress 200m.IE6, comcast cable network. Realtek Media player version 11.1
What: IE locks up after closing windows, suspicious internet activity.
Where: anytime after closing IE6, found process xczdk.exe running and firewall log port 6667 traffic to mail.p0wned.ru
How:Issue began after visit to "free CC and warez" at url https://crypto.p0wned.web.ru

*btw in my formal criminalistics study, there is never a good Why, so it is not included here.

Once you have created your report on the computer's system (OS, version, browser, applications, and the logs, error messages and scan reports) you now have a complete profile of the system, facts of the issues - the logs, the AVP/firewall reports, and error messages. Other people can help because you have nfo on the system, the problem as evidenced by error messages or log files.

Now you can search the world wide database called the Internet! You now have usable Keywords to facilitate a useful return. Even if you type in "How fix error.dll" or "windows error messages", you can get started. Your searches can be better if you provide version numbers, file names, and OS/browser/application.
Your search should lead you to credible tech forums and AVP and firewall sites. For Windows issues it would be appropriate to end up at Microsoft Technet, rather than JohnnyIhack.com. For open-source software you might end up searching for forums related to your flavor of OS. Always verify and compare your search results with more search results! - meaning don't just get all your facts from one link. Forums are day-to-day, and 24/7 operations, you should wait a day or two for members to reply to your computer question. Because of this timely delay, using the forums should be a last resort for a fix. Posting computer issues in a forum is more for sharing unreported issues that might lead to interesting discussion or research. The forum is not a quick fix, you are.

Continue to build your Computer issue report - each 'answer' to your problem is only one of possibly a dozen reasons for your computer issue.This is also a good time to back-up important files, just in case your machine becomes unstable. As you try one fix and it doesn't work, go on to the next fix. You should also start with the fix that is least damaging to your system. If there is a registry edit or a file patch, you might want to try the file patch first.
One fix that many sysadmins take in a large network - is just to reformat the workstation, and reload all the applications. Any important document is usually kept off the workstation, on a server. Any server would be backed up routinely. Any smart computer user would perform regular back-ups of their important files - to disk, to pendrives, to a internet portal. This way, your worst scenario is a complete wipe and reinstall.
You still want to investigate what happened, because you want to prevent the issue from happening again.

At the end, you have either fixed your computer, and/or placed prevention steps to keep the issue from returning.

You should keep the baseline stats offline with your back-up data, just like your latest copy of the registry, user settings, and favorite links. Baseline stats might have to be re-run if you do any major installs of applications, new firewalls or AVPs, and obviously after any hardware mods.

As usual in DNR format, some details might have trailed off, I will add more to this later.

Reading:

Forensic Examination of Digital Evidence: A Guide for Law Enforcement http://www.ncjrs.gov/pdffiles1/nij/199408.pdf

DNR
Last edited by DNR on 29 Sep 2008, 11:26, edited 2 times in total.
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

Windows Sysinternals tools list

Post by DNR »

Windows Sysinternals Tools
Table A.4. Windows Sysinternals Tools Information

Tool type Name Description
AccessChk v2.0
Display access to files, registry keys, or Windows services by the user or group you specify.

AccessEnum v1.3
Display who has access to which directories, files, and registry keys on a computer. Use it to find places where permissions aren't properly applied.

Autoruns v8.53
Display programs that are configured to start up automatically when a computer boots and a user logs in (also displays the full list of registry and file locations where applications can configure auto-start settings).

Autorunsc v8.53
The command-line version of the Autoruns program (described in the previous entry).

Diskmon
Capture all hard disk activity. Acts like a software disk activity light in your system tray.

DiskView
Graphical disk sector utility; disk viewer.

Du v1.3
Display disk usage by directory.

Filemon v7.03
Display all file system activity in real-time.

Handle v3.2
Display open files and the process that opened those files.

ListDLLs v2.25
Display all the DLLs that are currently loaded, including where they are loaded and their version numbers (prints the full path names of loaded modules).

LogonSessions v1.1
List active logon sessions

PendMoves v1.1
Display file rename and delete commands that will be executed the next time the computer is started.

Portmon v3.02
Display serial and parallel port activity (will also show a portion of the data being sent and received).

Process Explorer v10.2
Display files, registry keys, and other objects that processes have open, which DLLs they have loaded, owners of processes, etc.

PsExec v1.72
Execute processes remotely.

PsFile v1.01
Display open files.

PsInfo v1.71
Display information about a computer.

PsList v1.27
Display information about processes and threads.

PsLoggedOn v1.32
Display users logged on to a computer.

PsLogList v2.63
Dump event log records.

PsService v2.2
View and control services.

Regmon v7.03
Display all registry activity in real time.

RootkitRevealer
Scan for rootkit–based malware.

ShareEnum v1.6
Scan file shares on a network and view their security settings to eliminate improperly applied settings.

Streams v1.53
Reveal NTFS alternate data streams.

Strings v2.3
Search for ANSI and UNICODE strings in binary images.

TCPVcon v2.34
Display active sockets.

TCPView v2.4
Display all open TCP and UDP endpoints and the name of the process that owns each endpoint.

TDIMon v1.01
Display TCP/IP information.

Tokenmon v1.01
Display security-related activity, including logon, logoff, privilege usage, and impersonation.


Windows Tools
Table A.5. Windows Tools Information

Tool type Name Description
Arp
Display Address Resolution Protocol (ARP) tables.

Date
Display current date setting.

Dir
Display a list of files and subdirectories.

Doskey
Display command history for an open CMD.EXE shell.

Ipconfig
Display local computer configuration.

Net
Update, fix, or view the network or network settings.

Netstat
Display protocol statistics and current connection information.

Time
Display current time setting.

Find
Search file(s) to find a string.

Schtasks
Display scheduled tasks.

Systeminfo
Provide general information about the computer.

Vol
Display the disk volume label and serial number, if they exist.

Hostname
Display the host name portion of the full computer name of the computer.

Openfiles
Query, display, or disconnect open files or files opened by network users.

FCIV
File Checksum Integrity Verifier. Use to compute a MD5 or SHA1 cryptographic hash of the content of a file.

Notepad
Use to examine metadata associated with a file.

Reg
Use to view, modify, export, save or delete, registry keys, values, and hives.

Netcap
Gather network trace information from the command line.

Sc
Use to communicate with the Service Controller and services. (Sc query is useful for dumping all services and their states.)

Assoc
View or modify file name extension associations.

Ftype
View or modify file types used in file name extension associations.

Gpresult
Determine resulting set of policies.

Tasklist
List running processes and loaded modules.

MBSA
Determine security patch status and other known vulnerabilities.

Rsop.msc
Show resulting set of policies.

Rasdiag
Collect diagnostic information about remote services and place that information in a file.

http://technet.microsoft.com/en-us/sysi ... fault.aspx

Perhaps someone will post a tool list for other OS..

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

I can really recommend the tools from Sysinternals, even after they have been swallowed by MS. 2 of my favorite tools are from Sysinternals: TCPView and Process Explorer, every MS user should have them imo... :wink:

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

Benchmark tools and PC health tools

Post by DNR »

PassMark Software - Great site with a lot of benchmarking utilities. Free trials. http://www.passmark.com/index.html
also see http://www.majorgeeks.com/downloads4.html

SiSoftware Sandra 2004.SP1 - http://www.benchmarkhq.ru/english.html?/sandradl_e.html

CPU-Z is a freeware detection program base on the Panopsys hardware detection engine.
http://www.cpuid.com/cpuz.php

HD Speed - Measures both sustained and burst data transfer rates of your hard disks, cd/dvd-roms and floppy. Realtime graphical display.
http://www.steelbytes.com/

Cable / DSL Speed Tests - http://www.dslreports.com/stest

PC Pitstop - Their free automated tests will get your PC running faster, make it more stable, and identify security problems. http://www.pcpitstop.com/
also see http://www.microsoft.com/windowsxp/usin ... ealth.mspx
and http://onecare.live.com/site/en-us/default.htm for Windows Live Online PC checker

Motherboard Monitor - This handy utility will monitor your motherboard and provide you with information about your motherboard`s temperature, voltages, fan speeds ,CPU temperature and more.
http://www.softpedia.com/get/System/Sys ... itor.shtml
also see http://www.lavalys.com/ for the Everest program

Don't miss this link:
http://www.intel.com/personal/computing ... /tools.htm

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply