Members-only Printer-friendly version
Note: not all parameter and switches are decribed in this TechNote, just those of improtance for the Network+ exam. If you want more information about a particular utility type use the command with a /? switch. Try these commands on your own PC when you're preparing for the Network+ exam.
Tracert is a Windows command-line utility that uses ICMP Echo packets and their TTL (Time To Live) value to determine the route and hopcount to a destination. In the following network for example, when a connection between host A and B fails, you can use tracert to find out where the packet stopped.
The following image shows the output of running tracert 192.168.5.110 on host A.
The target can be either a name or an IP address. By default, tracert will try to resolve the IP address of every hop (router) along the path to a hostname. To prevent this, and possibly speed up the tracing process, you can use the –d option as displayed in the following image:
The Unix/Linux counterpart of tracert is traceroute, which basically provides the same functionality as tracert does for Windows systems. However, traceroute offer several additional command-line options to give you more control, such as specifying the gateway or source IP address. Traceroute uses UDP packets by default instead of ICMP packets.
The ping utility is a diagnostic tool that you can use to test TCP/IP configurations and connections. It is useful to determine whether a particular TCP/IP host can be reached and is available. The syntax for the ping command is:
target can be either a name (hostname or NetBIOS name) or an IP address. The following image shows the output of running the command ping www.techexams.net
Some common situations where PING can be useful:
- To verify that TCP/IP is installed, initialized, and bound to your network interface, ping the loopback address (ping 127.0.0.1).
- To verify that the default gateway is available and the computer can communicate with a remote host through a router, ping a host on a remote network.
- To verify that DNS host name resolution is available, ping an existing host name of a computer you know is online and available.
- To verify that WINS name resolution is available, ping an existing NETBIOS name, of a computer you know is online and available.
As described in the TCP/IP Suite TechNotes, the Address Resolution Protocol (ARP) is used for resolving layer 3 IP addresses to layer 2 MAC addresses. The corresponding utility arp can be used to manually resolve an IP address to a MAC addresses and to modify or display the current ARP cache table. Below is an example output of using arp with the -a switch to display the IP address to MAC mappings currently in the ARP cache:
This command is issued on Host A (as shown in the network diagram in the tracert section above). The first entry is dynamic, as it has been discovered using ARP broadcasts. The second is an example of a static entry entered using arp with the -s switch. In this case the IP address 192.168.2.10 was mapped to the MAC address 00-90-69-42-c6-09 by using the following command:
arp -s 192.168.2.10 00-90-69-42-c6-09
Any entry can be deleted by issuing the command arp -d ip_address . By using an * as the ip_address parameter you can delete all entries.
Netstat displays TCP/IP protocol statistics and information about TCP and UDP connections to and from the local computer. N etstat -a displays the current connections and listening ports:
Netstat can also be used to display Ethernet statistics such as the number of bytes sent and received, as well as any dropped network packets, by using the -e switch:
netstat -r produces the same output as the route print command, in other words: displays the contents of the routing table.
Nbtstat is used for troubleshooting NetBIOS name resolution problems. It displays protocol statistics and current TCP/IP connections that are using (NBT) NetBIOS over TCP/IP as well as the NetBIOS name table and cache.
To display the NetBIOS name table of the local computer use nbtstat with the -n switch.
The status of Registered indicates that the name is registered either by broadcast or with a WINS server. If two hosts on the local network would use the same NetBIOS name, the status would be Conflict .
To display the NetBIOS name table of a remote computer use one of the following:
nbtstat -a remotename or nbtstat -A IPaddress
Use nbtstat –c t o display the contents of the local computer NetBIOS name cache.
Use nbtstat -r to display to verify NETBIOS names are correctly resolved by WINS:
Ipconfig can be used on Windows NT, 2000/2003 and XP to display TCP/IP configuration information, renew and release DHCP assigned address configuration, and register in dynamic DNS or flush the local DNS cache. When the ipconfig command is issued without any options the output will be similar to the one below:
ipconfig /all displays full configuration information, for example:
Use ipconfig /release release the IP address configuration.
Use ipconfig /renew Renew the IP address configuration.
ipconfig /flushdns clears the local DNS cache. This is useful when the IP address for a previously resolved host name changed and you want the client to request the IP address fresh from the DNS server rather than the local cache.
Ifconfig is a UNIX/Linux command-line utility used to configure and manage network interfaces. Used without any parameters, ifconfig displays the status of all active network adapters:
ifconfig –a displays the status of all adapters including those that are down. Ifconfig is the most common command for checking basic information such as the IP address or whether an interface is enabled. The ifconfig command can also be used to configure an interface. The following example shows how to set an IP address and subnet mask for interface eth0:
ifconfig eth0 10.0.0.3 netmask 255.0.0.0
Settings configured in this manner are only kept until the machine is rebooted. To make network settings permanent the changes must be made to the appropriate configuration file in the /etc/sysconfig/network-scripts directory.
Ifconfig can be used with either the up or down parameter to start or stop an interface. The following example disables the first Ethernet interface:
ifconfig eth0 down
Winipcfg allows you to display the TCP/IP configuration information and renew and release DHCP assigned address configuration on Windows 9x and ME computers. The screenshot below shows the configuration of an Ethernet adapter with a manually assigned IP address configuration.
When the configuration would be automatically assigned by a DHCP server, the buttons at the bottom would be enabled allowing you to perform the same tasks as with the ipconfig command. Note that winipcfg is available only on Windows 9x/ME and ipconfig is available on Windows 9x/ME, Windows NT, 2000, 2003, and XP.
NSLOOKUP / DIG
Nslookup displays information you can use to diagnose Domain Name System (DNS) servers and to send DNS queries to DNS servers. Nslookup can be used in interactive or non-interactive mode. In interactive mode, the nslookup command is used without options, to enter a text based console where you can use several sub commands to diagnose DNS. In non-interactive mode, you provide the parameters directly on the command-line after the nslookup command.
Following is an example of the results of running nslookup www.techexams.net (non-interactive mode):
You can use a different DNS server by adding the hostname or IP address of another DNS server, for example:
nslookup www.techexams.net ns2.tedomain.net
Dig is a more advanced utility for diagnosing DNS issues. Originally a UNIX/Linux tool but can be downloaded for Windows as well. It provides numerous options that allow you to control the manual host name lookups and responses. The following screenshot shows the output of running dig www.techexams.net