This article will continue with covering the TCP/IP Protocol within Windows XP
Professional, specifically, troubleshooting of the network protocol under Windows XP
Professional.
The Transmission Control Protocol/Internet Protocol is a network
communication protocol. It can be used as a communications
protocol on private networks and it is the default protocol
in use on the internet. When you set up any system to have
direct access to the Internet, whether it is via dial-up or
one of the high speed technologies in use today, your system
will need to utilize the TCP/IP protocol whether it is a
Windows based system or not.
Also, if the given system needs to communicate to other
TCP/IP systems on the local LAN or WAN it will need to
utilize the TCP/IP protocol as well.
Windows XP Professional offers several native programs to use to help
in troubleshooting TCP/IP.
PING - Ping can be used to test your TCP/IP connection by sending
a message to the remote node or gateway from a local system.
(It can also be used to test the loopback locally only to
see if it is working correctly.) If the remote node or
gateway receives the message, it responds with a reply
message. The reply consists of the remote's IP address, the
number of bytes in the message, how long it took to
reply-given in milliseconds (ms), the length of time-to-live
(TTL) in seconds and it will also show any pack loss in
terms of percentages.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
-a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
-g Same as -a.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified by if_addr.
-d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts.
-s Adds the host and associates the Internet address inet_addr with the Physical address
eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static
entry.
> arp -a .... Displays the arp table.
IPCONFIG - Use the ipconfig command to get the local system's basic IP configuration information, including the IP address, subnet mask, and default gateway.
The IPCONFIG/all switch produces a detailed configuration
report for all interfaces, including any configured remote
access adapters.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask
and default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then
the IP address leases for all adapters bound to TCP/IP will
be released or renewed.
NBTSTAT - NetBT Statistics (Nbtstat.exe) is used for troubleshooting network NetBIOS names over TCP/IP (NetBT) resolution problems from the command line. It displays protocol statistics and current TCP/IP connections that are using NetBT.
When a network is functioning, NetBT resolves NetBIOS names
to IP addresses. It uses several options for NetBIOS name
resolution, including local cache lookup, WINS server query,
broadcast, Lmhosts and Hosts file lookup, and DNS server
query.
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its IP address.
-c (cache)Lists NBT's cache of remote [machine] names and their IP addresses
-n (names)Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names.
-RR(ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
RemoteName - Remote host machine name.
IP address - Dotted decimal representation of the IP address.
interval - Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.
NETSTAT - Netstat (Netstat.exe) displays TCP/IP protocol
statistics and active connections to and from your computer
from the command line and also provides an option to display
the number of bytes sent and received, as well as network
packets dropped (if any).
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
ROUTE - You can use the route command line tool to display the current IP routing table and add or delete IP routes.
-f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes.
commands
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination - Specifies the host.
MASK -Specifies that the next parameter is the 'netmask' value.
netmask - Specifies a subnet mask value for this route entry. If not specified, it defaults to 255.255.255.255.
gateway - Specifies gateway.
interface - Specifices the interface number for the specified route.
METRIC - Specifies the metric, ie. cost for the destination.
All symbolic names used for destination are looked up in the
network database file NETWORKS. The symbolic names for
gateway are looked up in the host name database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway
can be a wildcard, (wildcard is specified as a star '*'), or
the gateway argument may be omitted.
If Dest contains a * or ?, it is treated as a shell pattern,
and only matching destination routes are printed. The '*'
matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.
Invalid MASK generates an error, that is when (DEST & MASK)
!= DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is
invalid. (Destination & Mask) != Destination.
If IF is not given, it tries to find the best interface for
a given gateway.
route PRINT 112* .... Only prints those matching 112*
route CHANGE 112.0.0.0 MASK 255.0.0.0 112.89.8.5 METRIC 2 IF
2
CHANGE is used to modify gateway and/or metric only.
HOSTNAME - Hostname is used to show the local computer's host name for authentication by the Remote Copy Protocol (RCP), Remote Shell (RSH), and Remote Execution (REXEC) tools
TRACERT - Tracert is
sometimes used to verify that IP addressing has been
correctly configured on a client. It will basically show the
route taken to reach a remote system
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
PATHPING - Pathping also shows the route taken to reach a remote system as does TRACERT but PATHPING does so with more detail and
allows for more functionality as well.
-h maximum_hops Maximum number of hops to search for target.
-i address Use the specified source address.
-n Do not resolve addresses to hostnames.
-p period Wait period milliseconds between pings.
-q num_queries Number of queries per hop.
-w timeout Wait timeout milliseconds for each reply.
-P Test for RSVP PATH connectivity.
-R Test if each hop is RSVP aware.
-T Test connectivity to each hop with Layer-2 priority tags.
-4 Force using IPv4.
-6 Force using IPv6.
There are additional tools that can be used to test TCP/IP connectivity. They are standard use tools for the TCP/IP protocol.
FTP
- FTP is the File Transfer Protocol and it is used to
transfer files from system to system.
Internet
Explorer interconnectivity allows for a Windows Explorer
type of GUI environment for the file transfer by allowing
functionality of file and folder views and drag and drop /
copy and paste.
The command
line FTP allows for more functionality. FTP is considered to
be a connected session using Transmission Control Protocol
(TCP).
-i Turns off interactive prompting during multiple file transfers.
-d Enables debugging.
-g Disables filename globbing (see GLOB command).
-s:filename - Specifies a text file containing FTP commands; the commands will automatically run after FTP starts.
-a Use any local interface when binding data connection.
-A - login as anonymous.
-w:buffersize - Overrides the default transfer buffer size of 4096.
host - Specifies the host name or IP address of the remote host to connect to.
[NOTES FROM THE FIELD] -Use mget and mput commands take y/n/q for yes/no/quit.
Use Control-C to abort actively executing commands.
TFTP - The Trivial File Transfer Protocol allows for the connectionless transfer of files to and from systems using
User Datagram Protocol (UDP).
[NOTES FROM THE FIELD] - User Datagram Protocol (UDP) is a connectionless protocol that does not guarantee delivery of data packets between hosts and is used when data transfer acknowledgments are not required. It can transmit only small portions of data at a time because it is not capable of segmenting and reassembling frames and does not implement sequence numbers.
While TFTP is limited in functionality, there are still some command line switches that can be used to tailor its performance.
TFTP [-i] host [GET | PUT] source [destination]
-i Specifies binary image transfer mode (also called octet). In binary image mode the file is moved literally, byte by byte. Use this mode when transferring binary files.
host - Specifies the local or remote host.
GET - Transfers the file destination on the remote host to the file source on the local host.
PUT - Transfers the file source on the local host to the file destination on the remote host.
source - Specifies the file to transfer.
destination - Specifies where to transfer the file.
TELNET - Telnet is a terminal emulation program, which allows user to perform commands on a remote computer from a command
window.
-a Attempt automatic logon. Same as -l option except uses the currently logged on user's name.
-e Escape character to enter telnet client prompt.
-f File name for client side logging
-l Specifies the user name to log in with on the remote system. Requires that the remote system support the TELNET ENVIRON option.
-t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt only.
host - Specifies the hostname or IP address of the remote computer to connect to.
port - Specifies a port number or service name.
RCP - RCP copies files to and from computer running the RCP service. RCP uses the Transmission Control Protocol (TCP) toutilize the connected and reliable delivery of data between the client and the host and can be scripted in a batch file and does not require a password. The remote host must be running the RSHD service, and the user’s username must be configured in the remote host’s .rhosts file. RCP is one of the r-commands available on all UNIX systems.
[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the RCP
client software but not rshd services.
-a Specifies ASCII transfer mode. This mode converts the EOL characters to a carriage return for UNIX and a carriage return/line feed for personal computers. This is the default transfer mode.
-b Specifies binary image transfer mode.
-h Transfers hidden files.
-r Copies the contents of all subdirectories; destination must be a directory.
host Specifies the local or remote host. If host is specified as an IP address OR if host name contains dots, you must specify the user.
.user: Specifies a user name to use, rather than the current user name.
source Specifes the files to copy.
path\destination Specifies the path relative to the logon directory on the remote host. Use the escape characters (\ , ", or ') in remote paths to use wildcard characters on the remote host.
RSH - RSH is a TCP/IP utility that enables clients to run commands directly on remote hosts running the RSH service without having to log on to the remote host. RSH is one of the UNIX r-commands that are available on all UNIX systems.
[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the RSH client software but not the RSH service. If a user on a computer running in a Windows domain tries to use RSH to run a command on a remote UNIX server that is running the RSH
daemon, the domain controller is required by the RSH client in order to resolve the username of the user.
REXEC - REXEC runs commands on remote hosts running the REXEC service and authenticates the user name on the remote host before executing the specified command.
REXEC host [-l username] [-n] command
host Specifies the remote host on which to run command.
-l username Specifies the user name on the remote host.
-n Redirects the input of REXEC to NULL.
command Specifies the command to run.
FINGER - FINGER is a TCP/IP utility used for viewing information about a user on a system running the finger service.
Typing the command finger [email protected] displays information about user Jason on a server called windowsxp.2000trainers.com.
FINGER [-l] [user]@host [...]
-l Displays information in long list format.
user Specifies the user you want information about. Omit the user parameter to display information about all users on the specified host.
@host Specifies the server on the remote system whose users you want information about.
[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the FINGER client software but not the FINGER service. You are able to run the FINGER client on a machine running a Windows operating system that is connected to the Internet in order to obtain results from a remote UNIX server running the FINGER daemon as a FINGER gateway.
"I still yet have to figure out why they just don't make
mouse-flavored cat food."