When it comes to network tools, there is nothing more basic than the Transmission Control Protocol (TCP)/Internet Protocol (IP) command line utilities that come along with all instances of Windows. Keeping pace with technology can make it tough to find the time to look back to the basics, but the effort is worthwhile. In this month’s column we take a look at the command line utilities in nearly every computer running TCP/IP. They are available to help you understand your network configuration and create a baseline record for future use when troubleshooting problems. When network problems pop up, run the utility again and compare results. It can tell you a lot about your network and computer’s operating conditions. We will review the most common utilities.
Probably the most commonly used is the ping command. According to its originator, Mike Muus, the term “ping” comes from the sound that sonar makes in a submarine. That is also a pretty good description of what ping does. It is a test to see who is “out there” by bouncing a signal off of them. The biggest difference is that the network version is much more selective. Some years later a “backronym” was created for ping, saying that it meant Packet InterNet Groper—although that was not the original intention.
To use ping or any of these utilities, you must access a DOS-like window or command line. The easiest way via Windows XP or 7 is to press the Windows key and the letter r at the same time. Type CMD in the box that appears, and it will open a command line window. It is not DOS, but those familiar with DOS will be at home here. To find out what options ping has, type, ping /? or ping-? and you will get a list of all the switches available. This also shows you how to use the switches as well as what they mean.
Ping is useful to check IP addresses and fully qualified domain names (FQDNs). For example, by pinging Google (ping www.google.com), you are essentially testing your Internet connection as well as testing to see if the Google servers are up and responding.
Ping uses the Internet Control Message Protocol (ICMP). Ping is really sending ICMP echo requests that look for replies using the TCP/IP stack. If you lose your connection to all or part of the network, one of the first things you can do is to see if your computer has the TCP/IP stack loaded and running by pinging yourself. To check this, you can use the loopback IP address of 127.0.0.1 (the command string would be ping 127.0.0.1). The amount of time it takes for the round trip can be calculated since the ICMP header contains a time-to-live (TTL) counter that is decremented by the switches and routers the packet passes through. This can give you some information about the performance level that can be expected for any client/server application using the network. Be aware that ping can be blocked by a firewall. Some do this to protect their Web server. Popular sites could be kept busy responding to pings, slowing down the Web site for others.
You can also ping your currently loaded IP address. You can find it via the IPCONFIG command. By simply entering IPCONFIG you will see your network connections and what IP addresses they are using. It will also report what domain you are running on. If ping fails to connect to the target, read the messages it reports back carefully. They can provide important clues about any connection problems.
A number of useful switches can be used with IPCONFIG. IPCONFIG /all reports your computer’s domain and domain server address, physical (also known as media access control—or MAC—layer, hardware, or Ethernet) address, IP address, and your default gateway. To find out how your computer is identified on the network, type, HOSTNAME. In this way, you’ll have a complete set of information about your connection. To find out more about what IPCONFIG can do, type, IPCONFIG /?
Address Resolution Protocol (ARP) is responsible to map IP addresses to the MAC layer or hardware addresses. To display the ARP table, type, ARP–a. ARP is important in that it requests the hardware address in order to communicate more directly across a LAN. It can also be used to modify the address mapping. Simply type, ARP to see all the ways you could use it.
The network statistic (netstat) utility reports network statistics as seen by your computer. It includes information such as what ports are listening on the system and any connections they may have established. The command, netstat–a displays a list of current sockets-based connections active on your computer. The –s switch displays per-protocol statistics (good information to keep). In addition to port connections, it reports failed connection attempts, any reset connections, and TCP segments received and sent. Run this command (with –s) and save the results when everything is running well. (See the sidebar for one way to save results from the command line window.) When there is a problem, run the utility and –s switch again and compare results.
Here are a couple more uses of netstat. You can get LAN statistics by using the –e switch. Use netstat to show the routing table by using the –r switch. (You can also use “route print” to see the same routing table.) This is another good one to have as a baseline record. Tip: Use F3 in the command window to retype the last entry you typed, which saves a bit of time when using the same command and changing only the switch.
Tracert, also known as traceroute, provides a way to trace the route of packets between two hosts. The tracert command records a response from each router it hits. It can be used to identify routing problems. If you know that there are three routers normally between you and your destination and tracert shows that there are now eight, your packets are taking an indirect route—maybe due to a link being down. It can be a useful tool in identifying system trouble spots. For example, if your browser is loading Web pages slowly, you can use tracert to see where the longest delays are occurring. Try, tracert www.google.com to get a sense of the kind of results it provides. Record baseline data from tracert by tracing the route to your Domain Name System (DNS) and DHCP server. Their IP addresses are part of the list generated by IPCONFIG –all. Note that tracert also uses ICMP, which may be blocked by some Web sites.
These are the basic TCP/IP command line utilities, but there are others. Other tools such as nslookup (name server lookup) can help diagnose DNS problems. In its most basic usage, it can provide IP addresses for FQDNs. Try, nslookup www.google.com and see what happens. It is also useful to examine the results to find information about your domain server.
Overall, these utilities can be a powerful ally when trouble occurs. A baseline record of network information is a handy thing for troubleshooting. Creating this record in a text file is easy to do and is cheap insurance to have!
Jeff Kabachinski, MS-T, BS-ETE, MCNE, has more than 20 years of experience as an organizational development and training professional. Visit his Web site at kabachinski.vpweb.com. For more information, contact .