Some of the following commands can be used to track any TCP/IP errors. The commands can be used to examine whether or not any router is down or any connection is established. It will then help us a lot to decide on the proper solution.
We used the
ipconfig
command earlier to identify the MAC address and the IP address. In addition to this, we can use this command to check the TCP/IP configuration. We can also use this command as explained in the upcoming sections.
To display the configuration information completely, we can call the following command on the console:
ipconfig /all
All the configuration information about the network adapter will be displayed for us, such as the network interface card, wireless card, and Ethernet adapter, like we have already tried in The Data Link layer section in this chapter when we looked for MAC Address.
The following command will display the content of the DNS Resolver Cache using the following option:
ipconfig /displaydns
By calling the preceding command, we will be provided with the information about DNS in our local system, as follows:
Windows IP Configuration ipv4only.arpa ---------------------------------------- Record Name . . . . . : ipv4only.arpa Record Type . . . . . : 1 Time To Live . . . . : 77871 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.0.0.170 Record Name . . . . . : ipv4only.arpa Record Type . . . . . : 1 Time To Live . . . . : 77871 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.0.0.171 ieonlinews.microsoft.com ---------------------------------------- Record Name . . . . . : ieonlinews.microsoft.com Record Type . . . . . : 1 Time To Live . . . . : 307 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 131.253.34.240
The meaning of each field in the output of displaying DNS is as follows:
Answer
, this means that it replies the actual query, but if the value is Additional
, this means that it contains information that will be needed to find the actual answer.The following command is used to remove the resolved DNS server item but not the item in a cache. Type the following command in the command prompt:
ipconfig /flushdns
Once it successfully flushes the DNS Resolver Cache, we will be showed this message in the console:
Successfully flushed the DNS Resolver Cache.
If we call the ipconfig /displaydns
command again, the resolved DNS server has been removed and remaining are the item in the cache.
The ping
command is used to examine the connectivity with other computers. It uses Internet Control Message Protocol (ICMP) to send a message to target computers. We can use the IP address and hostname to ping the target. Suppose we have a device whose hostname is HOST1
, to ping itself, we can use the following command:
ping HOST1
Then, we will get the following output in our console window:
Pinging HOST1 [fe80::f14e:d5e6:aa0a:5855%3] with 32 bytes of data: Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Ping statistics for fe80::f14e:d5e6:aa0a:5855%3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
If we get the IPv6 address and we want to display it in the IPv4 address instead, we can use the -4
option to force the use of an IPv4 address, as shown in the following code:
ping HOST1 -4
Then, we will get the output, as follows:
Pinging HOST1 [10.1.6.165] with 32 bytes of data: Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Ping statistics for 10.1.6.165: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
However, what if we are displayed the IPv4 address and we need to get inside the IPv6 address instead? We can use the -6
option to force the use of an IPv6 address, as follows:
ping HOST1 -6
From the ping
command, there are two points that occur. First, the computer named HOST1
is resolved to the IP address 10.1.6.165
. If the hostname resolution does not work, we will get an error like this:
Ping request could not find host HOST1. Please check the name and try again.
Second, this command sends four packets to HOST1
and receives four packets. This reply expresses that the computer named HOST1
is working properly and is able to respond to the command request. If HOST1
does not work or is disabled to respond to the request, we will see an output as follows:
Pinging HOST1 [10.1.6.165] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.112: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
There is some error information that we may encounter when we send the ping
command, some of which are as follows:
Another option that we can use in the ping command is –t
. With this option, instead of sending four packets, the ping
command will continue to send packets until the user stops the same by pressing Ctrl + C. This is usually used when we wait for the disconnect status to turn to the connected status. We can send the command to the console, as follows:
ping HOST1 -t
When we have more than one router, we can use the tracert
command to trace the path that is taken by the packets. The tracert
command is similar to the ping
command, except that tracert
has the information about the router between the source device and the destination device. Here is the command that I used to trace the communication track from my device to google.com:
tracert google.com
I got this output in my console window:
Tracing route to google.com [173.194.126.32] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 254.1.168.192.in-addr.arpa [192.168.1.254] 2 23 ms 26 ms * 125.166.200.1 3 * * 331 ms 189.subnet125-160-11.speedy.telkom.net.id [125.1 60.11.189] 4 293 ms 76 ms 84 ms 73.171.94.61.in-addr.arpa [61.94.171.73] 5 504 ms 612 ms 612 ms 61.94.117.229 6 698 ms 714 ms 209 ms 42.193.240.180.in-addr.arpa [180.240.193.42] 7 * * * Request timed out. 8 * * * Request timed out. 9 * 668 ms 512 ms 190.221.14.72.in-addr.arpa [72.14.221.190] 10 * * * Request timed out. 11 * * 582 ms 136.142.85.209.in-addr.arpa [209.85.142.136] 12 184 ms 202 ms 202 ms 233.242.85.209.in-addr.arpa [209.85.242.233] 13 * * 563 ms 241.251.85.209.in-addr.arpa [209.85.251.241] 14 273 ms 96 ms 83 ms kul01s08-in-f0.1e100.net [173.194.126.32] Trace complete.
As you can see, there are 14 rows, and each row represents a hop (a circumstance in which the ping
command passes the router). If we divide one row by a column, for instance the fourth row, we will get the following table:
Hop # |
RTT1 |
RTT2 |
RTT3 |
Name/IP address |
---|---|---|---|---|
4 |
293 ms |
76 ms |
84 ms |
73.171.94.61.in-addr.arpa [61.94.171.73] |
The explanation of each row is as follows:
tracecert
command sends three separate signal packets. This is to display the consistency, or a lack of it thereof, in the route.The
pathping
command is used to verify the routed path. It examines the route of two devices just like the tracert
command does, and then checks the connectivity in each router like the ping
command does. The
pathping
command sends 100 request commands to each router and expects to get 100 replies back. For every request that is not replied, the pathping
command will count it as 1 percent data loss. So if, for instance, there are ten requests that do not reply back, there will be 10 percent data loss. The smaller the percentage of data loss, the better connection we have.
We will try to send the pathping
command to google.com with the help of the following command:
pathping google.com
By doing this, we will get the output as follows:
Tracing route to google.com [173.194.126.67] over a maximum of 30 hops: 0 HOST1 [10.1.7.101] 1 10.1.7.1 2 ns.csl-group.net [192.168.2.4] 3 101.255.54.25 4 115.124.80.209 5 peer-Exch-D2-out.tachyon.net.id [115.124.80.73] 6 ip-sdi.net.id [103.11.31.1] 7 ip-31-253.sdi.net.id [103.11.31.253] 8 209.85.243.158 9 216.239.40.129 10 209.85.242.243 11 209.85.251.175 12 kul06s05-in-f3.1e100.net [173.194.126.67] Computing statistics for 300 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 HOST1 [10.1.7.101] 0/ 100 = 0% | 1 33ms 1/ 100 = 1% 1/ 100 = 1% 10.1.7.1 0/ 100 = 0% | 2 24ms 1/ 100 = 1% 1/ 100 = 1% ns.csl-group.net [192.168.2.4] 0/ 100 = 0% | 3 19ms 1/ 100 = 1% 1/ 100 = 1% 101.255.54.25 0/ 100 = 0% | 4 18ms 1/ 100 = 1% 1/ 100 = 1% 115.124.80.209 0/ 100 = 0% | 5 33ms 1/ 100 = 1% 1/ 100 = 1% peer-Exch-D2-out.tachyon.net.id [115.124.80.73] 0/ 100 = 0% | 6 53ms 0/ 100 = 0% 0/ 100 = 0% ip-sdi.net.id [103.11.31.1] 0/ 100 = 0% | 7 38ms 2/ 100 = 2% 2/ 100 = 2% ip-31-253.sdi.net.id [103.11.31.253] 0/ 100 = 0% | 8 44ms 1/ 100 = 1% 1/ 100 = 1% 209.85.243.158 0/ 100 = 0% | 9 59ms 0/ 100 = 0% 0/ 100 = 0% 216.239.40.129 4/ 100 = 4% | 10 --- 100/ 100 =100% 96/ 100 = 96% 209.85.242.243 0/ 100 = 0% | 11 --- 100/ 100 =100% 96/ 100 = 96% 209.85.251.175 0/ 100 = 0% | 12 62ms 4/ 100 = 4% 0/ 100 = 0% kul06s05-in-f3.1e100.net [173.194.126.67] Trace complete.
In the 10th and 11th rows, we get 100 percent packet loss because 100 of the packets sent to the network were lost. However, this is not likely because the data does not arrive at the destination router as ICMP is blocked by the routers. With this command, we can identify in which specific router we will encounter the large percentage of data loss, especially in a large network with many routers connected.
We can also change the number of requests to be sent to the router using the –q
option. We just need to state the new number of requests after the option, as follows:
pathping -q 10 google.com
This will send ten requests to the router instead of 100 requests and will be faster.
The netstat
(stands for network statistics) command is used to view the TCP/IP statistics by displaying all the information about the TCP/IP connection in the current device. It will show information about connections, ports, and applications that are involved in the network. We can use this command by typing it in the console window:
netstat
After this, we will get something as shown in the following output:
Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:50239 HOST1:50240 ESTABLISHED TCP 127.0.0.1:50240 HOST1:50239 ESTABLISHED TCP 127.0.0.1:50242 HOST1:50243 ESTABLISHED TCP 127.0.0.1:50243 HOST1:50242 ESTABLISHED TCP 127.0.0.1:60855 HOST1:60856 ESTABLISHED TCP 127.0.0.1:60856 HOST1:60855 ESTABLISHED TCP 127.0.0.1:60845 HOST1:60846 ESTABLISHED TCP 127.0.0.1:60846 HOST1:60845 ESTABLISHED TCP 192.168.1.4:50257 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50258 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50259 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50260 a104-78-107-69:http ESTABLISHED TCP 192.168.1.4:50261 a72-246-188-35:http TIME_WAIT TCP 192.168.1.4:50262 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50263 151:http SYN_SENT TCP [::1]:12372 HOST1:49567 ESTABLISHED TCP [::1]:49567 HOST1:12372 ESTABLISHED
We can see that there are four columns in the netstat
command's output. The explanation of each column is as follows:
*
) will be shown as the hostname. If the port has not been established yet, the port number will be shown as an asterisk as well.*
).For more details and information about these states, you can go to tools.ietf.org/html/rfc793 and refer to Chapter 3, Functional Specification.
The telnet
(stands for Terminal Network) command is used to access remote computers over the TCP/IP network. In Windows, there are two Telnet features, which are the Telnet Server and Telnet Client. The former is used to configure Windows in order to listen for incoming connections and allow others to use it. Whereas, the latter is used to connect through Telnet with any server.
By default, Telnet is not installed on the Windows system because of the security risks. It is more secure to keep Telnet disabled since an attacker can check the opening port on the system using Telnet. However, no one can stop us from installing it in our system. We can by do so by performing these steps:
%SYSTEMROOT%System32OptionalFeatures.exe
in the text box, and then press the OK button. The Windows Features window will open then.Telnet should be installed by now on our computer. Open the Command Prompt window and run the following command to start Telnet:
telnet
After pressing Enter, you will be showed the following output with the blinking cursor at the end:
Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet>_
Now, Telnet is ready to receive our command. To test it, we can run various commands in it. The complete list of the commands that are available in telnet can be found at windows.microsoft.com/en-us/windows/telnet-commands.