Free Certification Practice Tests and Study Guides
Join Us! | Login | Help




Troubleshooting TCP/IP in Windows XP Professional


By Jason Zandri
<<  Index | Next  >>

This article will continue with covering the TCP/IP Protocol within Windows XP Professional, specifically, troubleshooting of the network protocol under Windows XP Professional.

The Transmission Control Protocol/Internet Protocol is a network communication protocol. It can be used as a communications protocol on private networks and it is the default protocol in use on the internet. When you set up any system to have direct access to the Internet, whether it is via dial-up or one of the high speed technologies in use today, your system will need to utilize the TCP/IP protocol whether it is a Windows based system or not.

Also, if the given system needs to communicate to other TCP/IP systems on the local LAN or WAN it will need to utilize the TCP/IP protocol as well.

Windows XP Professional offers several native programs to use to help in troubleshooting TCP/IP.

PING - Ping can be used to test your TCP/IP connection by sending a message to the remote node or gateway from a local system. (It can also be used to test the loopback locally only to see if it is working correctly.) If the remote node or gateway receives the message, it responds with a reply message. The reply consists of the remote's IP address, the number of bytes in the message, how long it took to reply-given in milliseconds (ms), the length of time-to-live (TTL) in seconds and it will also show any pack loss in terms of percentages.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

Switches:

  • -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C.
  • -a Resolve addresses to hostnames.
  • -n count Number of echo requests to send.
  • -l size Send buffer size.
  • -f Set Don't Fragment flag in packet.
  • -i TTL Time To Live.
  • -v TOS Type Of Service.
  • -r count Record route for count hops.
  • -s count Timestamp for count hops.
  • -j host-list Loose source route along host-list.
  • -k host-list Strict source route along host-list.
  • -w timeout Timeout in milliseconds to wait for each reply.
ARP - Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

  • -a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
  • -g Same as -a.
  • inet_addr Specifies an internet address.
  • -N if_addr Displays the ARP entries for the network interface specified by if_addr.
  • -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts.
  • -s Adds the host and associates the Internet address inet_addr with the Physical address
  • eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
  • eth_addr Specifies a physical address.
  • if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.

IPCONFIG - Use the ipconfig command to get the local system's basic IP configuration information, including the IP address, subnet mask, and default gateway.

The IPCONFIG/all switch produces a detailed configuration report for all interfaces, including any configured remote access adapters.

USAGE: ipconfig [/? | /all | /renew [adapter] | /release [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] ]

  • /all Display full configuration information.
  • /release Release the IP address for the specified adapter.
  • /renew Renew the IP address for the specified adapter.
  • /flushdns Purges the DNS Resolver cache.
  • /registerdns Refreshes all DHCP leases and re-registers DNS names
  • /displaydns Display the contents of the DNS Resolver Cache.
  • /showclassid Displays all the dhcp class IDs allowed for adapter.
  • /setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed.

NBTSTAT - NetBT Statistics (Nbtstat.exe) is used for troubleshooting network NetBIOS names over TCP/IP (NetBT) resolution problems from the command line. It displays protocol statistics and current TCP/IP connections that are using NetBT.

When a network is functioning, NetBT resolves NetBIOS names to IP addresses. It uses several options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, Lmhosts and Hosts file lookup, and DNS server query.

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ]

  • -a (adapter status) Lists the remote machine's name table given its name
  • -A (Adapter status) Lists the remote machine's name table given its IP address.
  • -c (cache)Lists NBT's cache of remote [machine] names and their IP addresses
  • -n (names)Lists local NetBIOS names.
  • -r (resolved) Lists names resolved by broadcast and via WINS
  • -R (Reload) Purges and reloads the remote cache name table
  • -S (Sessions) Lists sessions table with the destination IP addresses
  • -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names.
  • -RR(ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh
  • RemoteName - Remote host machine name.
  • IP address - Dotted decimal representation of the IP address.
  • interval - Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.
NETSTAT - Netstat (Netstat.exe) displays TCP/IP protocol statistics and active connections to and from your computer from the command line and also provides an option to display the number of bytes sent and received, as well as network packets dropped (if any).

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

  • -a Displays all connections and listening ports.
  • -e Displays Ethernet statistics. This may be combined with the -s option.
  • -n Displays addresses and port numbers in numerical form.
  • -o Displays the owning process ID associated with each connection.
  • -p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP TCPv6, or UDPv6. If used with the –s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  • -r Displays the routing table.
  • -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
  • interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
ROUTE - You can use the route command line tool to display the current IP routing table and add or delete IP routes.

ROUTE [-f] [-p] [command] [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface]

  • -f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.
  • -p When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes.
commands

  • PRINT Prints a route
  • ADD Adds a route
  • DELETE Deletes a route
  • CHANGE Modifies an existing route
  • destination - Specifies the host.
  • MASK -Specifies that the next parameter is the 'netmask' value.
  • netmask - Specifies a subnet mask value for this route entry. If not specified, it defaults to 255.255.255.255.
  • gateway - Specifies gateway.
  • interface - Specifices the interface number for the specified route.
  • METRIC - Specifies the metric, ie. cost for the destination.
All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Invalid MASK generates an error, that is when (DEST & MASK) != DEST.

Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1 The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

route PRINT
route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
      destination^            mask^    gateway^        metric^    ^Interface

If IF is not given, it tries to find the best interface for a given gateway.

route PRINT 112* .... Only prints those matching 112*
route CHANGE 112.0.0.0 MASK 255.0.0.0 112.89.8.5 METRIC 2 IF 2

CHANGE is used to modify gateway and/or metric only.

HOSTNAME - Hostname is used to show the local computer's host name for authentication by the Remote Copy Protocol (RCP), Remote Shell (RSH), and Remote Execution (REXEC) tools

TRACERT - Tracert is sometimes used to verify that IP addressing has been correctly configured on a client. It will basically show the route taken to reach a remote system 

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:

  • -d Do not resolve addresses to hostnames.
  • -h maximum_hops Maximum number of hops to search for target.
  • -j host-list Loose source route along host-list.
  • -w timeout Wait timeout milliseconds for each reply.
PATHPING - Pathping also shows the route taken to reach a remote system as does TRACERT but PATHPING does so with more detail and allows for more functionality as well.

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-P] [-R] [-T] [-4] [-6] target_name

Options:
  • -g host-list Loose source route along host-list
  • -h maximum_hops Maximum number of hops to search for target. 
  • -i address Use the specified source address.
  • -n Do not resolve addresses to hostnames.
  • -p period Wait period milliseconds between pings.
  • -q num_queries Number of queries per hop.
  • -w timeout Wait timeout milliseconds for each reply.
  • -P Test for RSVP PATH connectivity.
  • -R Test if each hop is RSVP aware.
  • -T Test connectivity to each hop with Layer-2 priority tags.
  • -4 Force using IPv4.
  • -6 Force using IPv6.
There are additional tools that can be used to test TCP/IP connectivity. They are standard use tools for the TCP/IP protocol.

FTP

- FTP is the File Transfer Protocol and it is used to transfer files from system to system.

Internet Explorer interconnectivity allows for a Windows Explorer type of GUI environment for the file transfer by allowing functionality of file and folder views and drag and drop / copy and paste.

The command line FTP allows for more functionality. FTP is considered to be a connected session using Transmission Control Protocol (TCP).

FTP commands are listed in the table below.

! delete literal prompt send
? debug ls put status
append dir mdelete pwd trace
ascii disconnect mdir quit type
bell get mget quote user
binary glob mkdir recv verbose
bye hash mls remotehelp  
cd help mput rename  
close lcd open rmdir  

FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [-A] [host]
  • -v Suppresses display of remote server responses.
  • -n Suppresses auto-login upon initial connection.
  • -i Turns off interactive prompting during multiple file transfers.
  • -d Enables debugging.
  • -g Disables filename globbing (see GLOB command).
  • -s:filename - Specifies a text file containing FTP commands; the commands will automatically run after FTP starts.
  • -a Use any local interface when binding data connection.
  • -A - login as anonymous.
  • -w:buffersize - Overrides the default transfer buffer size of 4096.
  • host - Specifies the host name or IP address of the remote host to connect to.
[NOTES FROM THE FIELD] - Use mget and mput commands take y/n/q for yes/no/quit.
Use Control-C to abort actively executing commands
.

TFTP - The Trivial File Transfer Protocol allows for the connectionless transfer of files to and from systems using User Datagram Protocol (UDP).

[NOTES FROM THE FIELD] - User Datagram Protocol (UDP) is a connectionless protocol that does not guarantee delivery of data packets between hosts and is used when data transfer acknowledgments are not required. It can transmit only small portions of data at a time because it is not capable of segmenting and reassembling frames and does not implement sequence numbers.

While TFTP is limited in functionality, there are still some command line switches that can be used to tailor its performance.

TFTP [-i] host [GET | PUT] source [destination]

  • -i Specifies binary image transfer mode (also called octet). In binary image mode the file is moved literally, byte by byte. Use this mode when transferring binary files.
  • host - Specifies the local or remote host.
  • GET - Transfers the file destination on the remote host to the file source on the local host.
  • PUT - Transfers the file source on the local host to the file destination on the remote host.
  • source - Specifies the file to transfer.
  • destination - Specifies where to transfer the file.
TELNET - Telnet is a terminal emulation program, which allows user to perform commands on a remote computer from a command window.

telnet [-a][-e escape char][-f log file][-l user][-t term][host [port]]

  • -a Attempt automatic logon. Same as -l option except uses the currently logged on user's name.
  • -e Escape character to enter telnet client prompt.
  • -f File name for client side logging
  • -l Specifies the user name to log in with on the remote system. Requires that the remote system support the TELNET ENVIRON option.
  • -t Specifies terminal type. Supported term types are vt100, vt52, ansi and vtnt only.
  • host - Specifies the hostname or IP address of the remote computer to connect to.
  • port - Specifies a port number or service name.
RCP - RCP copies files to and from computer running the RCP service. RCP uses the Transmission Control Protocol (TCP) toutilize the connected and reliable delivery of data between the client and the host and can be scripted in a batch file and does not require a password. The remote host must be running the RSHD service, and the user’s username must be configured in the remote host’s .rhosts file. RCP is one of the r-commands available on all UNIX systems.

[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the RCP client software but not rshd services.

RCP [-a | -b] [-h] [-r] [host][.user:]source [host][.user:] path\destination

  • -a Specifies ASCII transfer mode. This mode converts the EOL characters to a carriage return for UNIX and a carriage return/line feed for personal computers. This is the default transfer mode.
  • -b Specifies binary image transfer mode.
  • -h Transfers hidden files.
  • -r Copies the contents of all subdirectories; destination must be a directory.
  • host Specifies the local or remote host. If host is specified as an IP address OR if host name contains dots, you must specify the user.
  • .user: Specifies a user name to use, rather than the current user name.
  • source Specifes the files to copy.
  • path\destination Specifies the path relative to the logon directory on the remote host. Use the escape characters (\ , ", or ') in remote paths to use wildcard characters on the remote host.
RSH - RSH is a TCP/IP utility that enables clients to run commands directly on remote hosts running the RSH service without having to log on to the remote host. RSH is one of the UNIX r-commands that are available on all UNIX systems.

[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the RSH client software but not the RSH service. If a user on a computer running in a Windows domain tries to use RSH to run a command on a remote UNIX server that is running the RSH daemon, the domain controller is required by the RSH client in order to resolve the username of the user.

REXEC - REXEC runs commands on remote hosts running the REXEC service and authenticates the user name on the remote host before executing the specified command.

REXEC host [-l username] [-n] command

  • host Specifies the remote host on which to run command.
  • -l username Specifies the user name on the remote host.
  • -n Redirects the input of REXEC to NULL.
  • command Specifies the command to run.
FINGER - FINGER is a TCP/IP utility used for viewing information about a user on a system running the finger service.

Typing the command finger [email protected] displays information about user Jason on a server called windowsxp.2000trainers.com.

FINGER [-l] [user]@host [...]

  • -l Displays information in long list format.
  • user Specifies the user you want information about. Omit the user parameter to display information about all users on the specified host.
  • @host Specifies the server on the remote system whose users you want information about.
[NOTES FROM THE FIELD] - Microsoft’s implementation of TCP/IP includes the FINGER client software but not the FINGER service. You are able to run the FINGER client on a machine running a Windows operating system that is connected to the Internet in order to obtain results from a remote UNIX server running the FINGER daemon as a FINGER gateway.


"I still yet have to figure out why they just don't make mouse-flavored cat food."

Jason Zandri
2000trainers.com

<<  Index | Next  >>