Some of the following commands can be used to track any TCP/IP errors. The commands can be used to examine whether or not any router is down or any connection is established. It will then help us a lot to decide on the proper solution.
We used the
ipconfig command earlier to identify the MAC address and the IP address. In addition to this, we can use this command to check the TCP/IP configuration. We can also use this command as explained in the upcoming sections.
To display the configuration information completely, we can call the following command on the console:
ipconfig /all
All the configuration information about the network adapter will be displayed for us, such as the network interface card, wireless card, and Ethernet adapter, like we have already tried in The Data Link layer section in this chapter when we looked for MAC Address.
The following command will display the content of the DNS Resolver Cache using the following option:
ipconfig /displaydns
By calling the preceding command, we will be provided with the information about DNS in our local system, as follows:
Windows IP Configuration ipv4only.arpa ---------------------------------------- Record Name . . . . . : ipv4only.arpa Record Type . . . . . : 1 Time To Live . . . . : 77871 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.0.0.170 Record Name . . . . . : ipv4only.arpa Record Type . . . . . : 1 Time To Live . . . . : 77871 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 192.0.0.171 ieonlinews.microsoft.com ---------------------------------------- Record Name . . . . . : ieonlinews.microsoft.com Record Type . . . . . : 1 Time To Live . . . . : 307 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 131.253.34.240
The meaning of each field in the output of displaying DNS is as follows:
- Record Name: This is the name of the DNS that is to be associated with the IP address.
- Record Type: This is the type of the record and is represented as a number.
- Time To Live: This is the cache expired time in seconds.
- Data Length: This is the size of the memory to store the text of a record value in byte.
- Section: If the value is
Answer, this means that it replies the actual query, but if the value isAdditional, this means that it contains information that will be needed to find the actual answer. - A (Host) Record: This is the place where the actual value is stored.
The following command is used to remove the resolved DNS server item but not the item in a cache. Type the following command in the command prompt:
ipconfig /flushdns
Once it successfully flushes the DNS Resolver Cache, we will be showed this message in the console:
Successfully flushed the DNS Resolver Cache.
If we call the ipconfig /displaydns command again, the resolved DNS server has been removed and remaining are the item in the cache.
The ping command is used to examine the connectivity with other computers. It uses Internet Control Message Protocol (ICMP) to send a message to target computers. We can use the IP address and hostname to ping the target. Suppose we have a device whose hostname is HOST1, to ping itself, we can use the following command:
ping HOST1
Then, we will get the following output in our console window:
Pinging HOST1 [fe80::f14e:d5e6:aa0a:5855%3] with 32 bytes of data: Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Reply from fe80::f14e:d5e6:aa0a:5855%3: time<1ms Ping statistics for fe80::f14e:d5e6:aa0a:5855%3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
If we get the IPv6 address and we want to display it in the IPv4 address instead, we can use the -4 option to force the use of an IPv4 address, as shown in the following code:
ping HOST1 -4
Then, we will get the output, as follows:
Pinging HOST1 [10.1.6.165] with 32 bytes of data: Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Reply from 10.1.6.165: bytes=32 time<1ms TTL=128 Ping statistics for 10.1.6.165: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
However, what if we are displayed the IPv4 address and we need to get inside the IPv6 address instead? We can use the -6 option to force the use of an IPv6 address, as follows:
ping HOST1 -6
From the ping command, there are two points that occur. First, the computer named HOST1 is resolved to the IP address 10.1.6.165. If the hostname resolution does not work, we will get an error like this:
Ping request could not find host HOST1. Please check the name and try again.
Second, this command sends four packets to HOST1 and receives four packets. This reply expresses that the computer named HOST1 is working properly and is able to respond to the command request. If HOST1 does not work or is disabled to respond to the request, we will see an output as follows:
Pinging HOST1 [10.1.6.165] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.112: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
There is some error information that we may encounter when we send the ping command, some of which are as follows:
- Destination Host Unreachable: This indicates that there is a problem with the routing. This might be because of the misconfiguration of the default gateway in the local computer or remote computer.
- TTL Expired in Transit: This indicates that the ping process has passed through the number of routers that is greater than the TTL (Time To Live) value. Every time the ping passes through a router, the TTL value will be decremented. If the total number of router that a ping has to pass through is more than the TTL value, this error message will be displayed.
Another option that we can use in the ping command is –t. With this option, instead of sending four packets, the ping command will continue to send packets until the user stops the same by pressing Ctrl + C. This is usually used when we wait for the disconnect status to turn to the connected status. We can send the command to the console, as follows:
ping HOST1 -t
When we have more than one router, we can use the tracert command to trace the path that is taken by the packets. The tracert command is similar to the ping command, except that tracert has the information about the router between the source device and the destination device. Here is the command that I used to trace the communication track from my device to google.com:
tracert google.com
I got this output in my console window:
Tracing route to google.com [173.194.126.32] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms 254.1.168.192.in-addr.arpa [192.168.1.254] 2 23 ms 26 ms * 125.166.200.1 3 * * 331 ms 189.subnet125-160-11.speedy.telkom.net.id [125.1 60.11.189] 4 293 ms 76 ms 84 ms 73.171.94.61.in-addr.arpa [61.94.171.73] 5 504 ms 612 ms 612 ms 61.94.117.229 6 698 ms 714 ms 209 ms 42.193.240.180.in-addr.arpa [180.240.193.42] 7 * * * Request timed out. 8 * * * Request timed out. 9 * 668 ms 512 ms 190.221.14.72.in-addr.arpa [72.14.221.190] 10 * * * Request timed out. 11 * * 582 ms 136.142.85.209.in-addr.arpa [209.85.142.136] 12 184 ms 202 ms 202 ms 233.242.85.209.in-addr.arpa [209.85.242.233] 13 * * 563 ms 241.251.85.209.in-addr.arpa [209.85.251.241] 14 273 ms 96 ms 83 ms kul01s08-in-f0.1e100.net [173.194.126.32] Trace complete.
As you can see, there are 14 rows, and each row represents a hop (a circumstance in which the ping command passes the router). If we divide one row by a column, for instance the fourth row, we will get the following table:
|
Hop # |
RTT1 |
RTT2 |
RTT3 |
Name/IP address |
|---|---|---|---|---|
|
4 |
293 ms |
76 ms |
84 ms |
73.171.94.61.in-addr.arpa [61.94.171.73] |
The explanation of each row is as follows:
- The Hop number: This is the first column and is just the number of hops along the route.
- RTT columns: This is the Round Trip Time (RTT) for our packet to reach that destination and return to our computer. The RRT is bifurcated into three columns because the
tracecertcommand sends three separate signal packets. This is to display the consistency, or a lack of it thereof, in the route. - The domain/IP column: This is the IP address of the router. The domain name will also be informed if it is available.
The
pathping command is used to verify the routed path. It examines the route of two devices just like the tracert command does, and then checks the connectivity in each router like the ping command does. The
pathping command sends 100 request commands to each router and expects to get 100 replies back. For every request that is not replied, the pathping command will count it as 1 percent data loss. So if, for instance, there are ten requests that do not reply back, there will be 10 percent data loss. The smaller the percentage of data loss, the better connection we have.
We will try to send the pathping command to google.com with the help of the following command:
pathping google.com
By doing this, we will get the output as follows:
Tracing route to google.com [173.194.126.67] over a maximum of 30 hops: 0 HOST1 [10.1.7.101] 1 10.1.7.1 2 ns.csl-group.net [192.168.2.4] 3 101.255.54.25 4 115.124.80.209 5 peer-Exch-D2-out.tachyon.net.id [115.124.80.73] 6 ip-sdi.net.id [103.11.31.1] 7 ip-31-253.sdi.net.id [103.11.31.253] 8 209.85.243.158 9 216.239.40.129 10 209.85.242.243 11 209.85.251.175 12 kul06s05-in-f3.1e100.net [173.194.126.67] Computing statistics for 300 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 HOST1 [10.1.7.101] 0/ 100 = 0% | 1 33ms 1/ 100 = 1% 1/ 100 = 1% 10.1.7.1 0/ 100 = 0% | 2 24ms 1/ 100 = 1% 1/ 100 = 1% ns.csl-group.net [192.168.2.4] 0/ 100 = 0% | 3 19ms 1/ 100 = 1% 1/ 100 = 1% 101.255.54.25 0/ 100 = 0% | 4 18ms 1/ 100 = 1% 1/ 100 = 1% 115.124.80.209 0/ 100 = 0% | 5 33ms 1/ 100 = 1% 1/ 100 = 1% peer-Exch-D2-out.tachyon.net.id [115.124.80.73] 0/ 100 = 0% | 6 53ms 0/ 100 = 0% 0/ 100 = 0% ip-sdi.net.id [103.11.31.1] 0/ 100 = 0% | 7 38ms 2/ 100 = 2% 2/ 100 = 2% ip-31-253.sdi.net.id [103.11.31.253] 0/ 100 = 0% | 8 44ms 1/ 100 = 1% 1/ 100 = 1% 209.85.243.158 0/ 100 = 0% | 9 59ms 0/ 100 = 0% 0/ 100 = 0% 216.239.40.129 4/ 100 = 4% | 10 --- 100/ 100 =100% 96/ 100 = 96% 209.85.242.243 0/ 100 = 0% | 11 --- 100/ 100 =100% 96/ 100 = 96% 209.85.251.175 0/ 100 = 0% | 12 62ms 4/ 100 = 4% 0/ 100 = 0% kul06s05-in-f3.1e100.net [173.194.126.67] Trace complete.
In the 10th and 11th rows, we get 100 percent packet loss because 100 of the packets sent to the network were lost. However, this is not likely because the data does not arrive at the destination router as ICMP is blocked by the routers. With this command, we can identify in which specific router we will encounter the large percentage of data loss, especially in a large network with many routers connected.
We can also change the number of requests to be sent to the router using the –q option. We just need to state the new number of requests after the option, as follows:
pathping -q 10 google.com
This will send ten requests to the router instead of 100 requests and will be faster.
The netstat (stands for network statistics) command is used to view the TCP/IP statistics by displaying all the information about the TCP/IP connection in the current device. It will show information about connections, ports, and applications that are involved in the network. We can use this command by typing it in the console window:
netstat
After this, we will get something as shown in the following output:
Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:50239 HOST1:50240 ESTABLISHED TCP 127.0.0.1:50240 HOST1:50239 ESTABLISHED TCP 127.0.0.1:50242 HOST1:50243 ESTABLISHED TCP 127.0.0.1:50243 HOST1:50242 ESTABLISHED TCP 127.0.0.1:60855 HOST1:60856 ESTABLISHED TCP 127.0.0.1:60856 HOST1:60855 ESTABLISHED TCP 127.0.0.1:60845 HOST1:60846 ESTABLISHED TCP 127.0.0.1:60846 HOST1:60845 ESTABLISHED TCP 192.168.1.4:50257 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50258 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50259 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50260 a104-78-107-69:http ESTABLISHED TCP 192.168.1.4:50261 a72-246-188-35:http TIME_WAIT TCP 192.168.1.4:50262 a72-246-188-35:http ESTABLISHED TCP 192.168.1.4:50263 151:http SYN_SENT TCP [::1]:12372 HOST1:49567 ESTABLISHED TCP [::1]:49567 HOST1:12372 ESTABLISHED
We can see that there are four columns in the netstat command's output. The explanation of each column is as follows:
- Proto: This displays the name of the protocol, which is TCP or UDP.
- Local Address: This displays the IP address of the local computer along with the port number being used. If the server is listening on all interfaces, the asterisk symbol (
*) will be shown as the hostname. If the port has not been established yet, the port number will be shown as an asterisk as well. - Foreign Address: This displays the IP address and port number of the remote computer to which the socket is connected. If the port has not been established yet, the port number will be shown as an asterisk (
*). - State: This indicates the state of a TCP connection. The possible states that we will get are as follows:
- SYN_SEND: This indicates active open systems.
- SYN_RECEIVED: This indicates that the server just received SYN from the client.
- ESTABLISHED: This indicates that the client received the server's SYN and that the session is established.
- LISTEN: This indicates that the server is ready to accept the connection.
- FIN_WAIT_1: This indicates active close systems.
- TIMED_WAIT: This indicates that the client enters this state after active close.
- CLOSE_WAIT: This indicates passive close, which means that the server just received its first FIN from a client.
- FIN_WAIT_2: This indicates that the client just received an acknowledgment of its first FIN from the server.
- LAST_ACK: This indicates that the server is in this state when it sends its own FIN.
- CLOSED: This indicates that the server received ACK from the client and that the connection is now closed.
For more details and information about these states, you can go to tools.ietf.org/html/rfc793 and refer to Chapter 3, Functional Specification.
The telnet (stands for Terminal Network) command is used to access remote computers over the TCP/IP network. In Windows, there are two Telnet features, which are the Telnet Server and Telnet Client. The former is used to configure Windows in order to listen for incoming connections and allow others to use it. Whereas, the latter is used to connect through Telnet with any server.
By default, Telnet is not installed on the Windows system because of the security risks. It is more secure to keep Telnet disabled since an attacker can check the opening port on the system using Telnet. However, no one can stop us from installing it in our system. We can by do so by performing these steps:
- Open the Run window by pressing Windows + R, type
%SYSTEMROOT%System32OptionalFeatures.exein the text box, and then press the OK button. The Windows Features window will open then. - Check Telnet Client and Telnet Server options, and then press the OK button to confirm the change. The checked option will look like the following screenshot:
Telnet should be installed by now on our computer. Open the Command Prompt window and run the following command to start Telnet:
telnet
After pressing Enter, you will be showed the following output with the blinking cursor at the end:
Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet>_
Now, Telnet is ready to receive our command. To test it, we can run various commands in it. The complete list of the commands that are available in telnet can be found at windows.microsoft.com/en-us/windows/telnet-commands.