Ping command usage
Ping is a frequently used utility used to determine whether a local host can exchange (send and receive) data packets with another host. Based on the returned message, you can infer whether the TCP/IP parameter is set correctly and whether the operation is normal. Note: successful one or two datagram exchanges with another host do not mean that the TCP/IP configuration is correct, you must exchange data between a large number of local hosts and remote hosts to ensure the correctness of TCP/IP.
To put it simply, Ping is a test program. If the ping runs correctly, you can eliminate faults in the network access layer, Nic, modem input/output lines, cables, and routers, this reduces the scope of the problem. However, Ping can also be used as a DDoS (Denial of Service Attack) tool by someone with ulterior motives to customize the size and endless high-speed transmission of the datagram, some time ago, Yahoo was paralyzed by hackers using hundreds of computers that can access the Internet at high speed to send a large number of ping data packets consecutively.
According to the default settings, the ping command on Windows sends four ICMP (inter-network control packet protocol) Send back requests, each 32 bytes of data, if everything is normal, you should receive four replies.
Ping can display the time between sending a return request and returning a return response in milliseconds. If the response time is short, the datagram does not have to pass through too many routers or network connections. Ping can also display the TTL value. You can use the TTL value to estimate the number of routers that the data packet has passed: the start value of the TTL at the source location (that is, a 2th percentile value that is slightly greater than the returned TTL)-the TTL value returned. For example, if the returned TTL value is 119, the initial TTL value of the outbound data packet from the source address is 128, and the source point to the target location must pass 9 vro network segments (128-119 ); if the returned TTL value is 246, the start value of TTL is 256, and the source and target locations must pass through nine vro network segments.
Typical order of network faults detected by Ping
Under normal circumstances, when you use the ping command to find the problem or check the network running status, you need to use many ping commands. If all of them are running correctly, you can trust that the basic connectivity and configuration parameters are correct. If some ping commands fail, it can also specify where to locate the problem. The following describes a typical detection sequence and possible faults:
Ping 127.0.0.1 -- the ping command is sent to the IP address software of the local computer. This command will never exit the computer. If this is not done, it indicates that the installation or running of TCP/IP has some basic problems.
Ping the local IP Address -- this command is sent to the IP address configured on your computer. Your computer should always respond to the ping command. If not, it indicates that there is a problem with the local configuration or installation. When this problem occurs, the LAN/index.html '> LAN user must disconnect the network cable and resend the command. If this command is correct after the network cable is disconnected, it indicates that the same IP address may be configured on the other computer.
Ping LAN/index.html '> other IP addresses in the LAN-this command should leave your computer, go through the nic and network cable to other computers, and then return. If you receive a response, the NIC and carrier in the local network are running correctly. However, if you receive 0 replies, it indicates the subnet mask (code that separates the network part of the IP address from the host part during subnet division) incorrect or the NIC configuration is incorrect or the cable system is faulty.
Ping the gateway IP Address -- if the command is correct, it indicates that the LAN/index.html '> the Gateway Router in the LAN is running and can respond.
Ping remote IP -- if four responses are received, the default gateway is successfully used. A dial-up Internet user can successfully access the internet (but it is not ruled out that the ISP's DNS may be faulty ).
Ping localhost -- localhost is a reserved network name for the system. It is the alias of 127.0.0.1. Every computer that is too computer should be able to convert the name to this address. If this is not done, the host file (/Windows/host) is faulty.
Pingwww.yahoo.com -- execute pin for this domain name... address, usually through the DNS server if the fault occurs here, it indicates that the IP address of the DNS server is incorrectly configured or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set DNS servers ). By the way, you can also use this command to convert the IP address of a domain name.
If all the ping commands listed above can run properly, you can basically rest assured that the local and remote communication functions of your computer can be performed. However, the success of these commands does not mean that all your network configurations are normal. For example, some subnet mask errors may not be detected using these methods.
Common Parameter options of Ping Command
Ping IP-t -- run the ping command continuously on the IP address until it is interrupted by the user using Ctrl + C.
Ping IP-l 2000 -- specify that the data length in the ping command is 2000 bytes instead of the default 32 bytes.
Ping IP-n -- run the ping command for a specified number of times.
Netstat
Netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols. It is generally used to check the network connection of each port on the local machine.
If your computer sometimes receives a datagram that may cause an error in data deletion or failure, you do not have to be surprised that TCP/IP can allow these types of errors and automatically resend the datagram. However, if the cumulative number of errors accounts for a considerable percentage of the received IP data packets, or the number of errors increases rapidly, then you should use netstat to check the cause.
Some common netstat options:
Netstat-s -- this option displays statistics for each protocol. If your applications (such as Web browsers) run slowly or cannot display data such as web pages, you can use this option to view the displayed information. You need to carefully check the rows of the statistical data, find the keyword of the error, and then confirm the problem.
Netstat-e -- this option is used to display statistics about Ethernet. It lists items including the total number of bytes, number of errors, number of delimiters, number of datagram, and number of broadcasts. These statistics include both the number of sent and received data packets. This option can be used to calculate some basic network traffic ).
Netstat-r -- this option displays information about the route table, similar to the information shown later when you use the route print command. In addition to valid routes, valid connections are also displayed.
Netstat-a -- this option displays a list of all valid connection information, including the established connections (established) and those that listen to the listening requests.
Netstat-n -- display all established valid connections.
The use of netstat
People who frequently access the Internet usually use ICQ. I wonder if you have been harassed by some annoying people and do not know how to get started when you want to complain? In fact, as long as you know the IP address of the other party, you can complain to its ISP. But how can I know the IP address of the other Party through ICQ? If the recipient chooses not to display the IP address when setting ICQ, you cannot see it in the Information bar. In fact, you only need to use netstat to easily achieve this: when he is connected to you through ICQ or other tools (for example, you send him an ICQ message or he sends you a message ), you can immediately enter netstat-N or netstat-A in DOS prompt to view the IP address or ISP domain name used by the recipient to access the Internet. Even the ports used are completely exposed. If you want to give him some lessons, this information is enough ......
Ipconfig usage
Ipconfig utility and its equivalent graphical user interface -- winipcfg in Windows 95/98 can be used to display the current TCP/IP configuration setting value. This information is generally used to check whether the manually configured TCP/IP settings are correct. However, if your computer and the LAN/index.html '> lan use the Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol, DHCP-a protocol in Windows NT that assigns a small number of IP addresses to a large number of hosts, similar to the dynamic IP Address Allocation for dial-up Internet access), the information displayed by this program may be more practical. In this case, ipconfig allows you to know whether your computer has successfully rented an IP address. If you have rented an IP address, you can know the address assigned to it. Understanding the current IP address, subnet mask, and default gateway of a computer is a necessary item for testing and fault analysis.
The most common options:
Ipconfig -- When ipconfig is used without any Parameter options, it displays IP addresses, subnet masks, and default gateway values for each configured interface.
Ipconfig/all -- when the all option is used, ipconfig displays the configured and used additional information (such as IP addresses) for the DNS and WINS servers ), and displays the physical address (MAC) built in the local Nic ). If the IP address is rented from the DHCP server, ipconfig displays the IP address of the DHCP server and the expected expiration date of the lease address (for more information about the DHCP server, see other books about the NT Server or ask your network administrator ), the output information is shown in the lower half of Figure 6.
Ipconfig/release and ipconfig/Renew -- these are two additional options that can only work on computers that lease their IP addresses to the DHCP server. If you enter ipconfig/release, the leased IP addresses of all interfaces will be re-delivered to the DHCP server (return the IP address ). If you enter ipconfig/renew, the local computer will try to contact the DHCP server and lease an IP address. Note that in most cases, the NIC will be assigned the same IP address as previously assigned.
If you are using Windows 95/98, you should be more accustomed to using winipcfg instead of ipconfig, because it is a graphical user interface and displays the same information as ipconfig, it also provides the option to publish and update Dynamic IP addresses. If you have purchased the Windows NT Resource Kit (NT resource package), Windows NT also contains a graphical alternative interface, the utility is named wntipcfg, which is similar to winipcfg in Windows 95/98.
How to Use ARP tracert
ARP (Address Translation Protocol)
ARP is an important TCP/IP protocol used to determine the physical IP address of the NIC. The practical ARP command allows you to view the current content in the ARP cache of a local computer or another computer. In addition, you can manually enter a static physical/IP address pair for the NIC using the ARP command. You may use this method for common hosts such as the default gateway and local server, this helps reduce the amount of information on the network.
According to the default settings, items in the ARP high-speed cache are dynamic. ARP automatically adds a project whenever a datagram from a specified location is sent and the current project does not exist in the cache. Once the cached items are input, they begin to become invalid. For example, in a Windows NT network, if you do not enter a project for further use, the physical/IP address pair will expire within 2 to 10 minutes. Therefore, if there are few or no items in the ARP cache at all, do not be surprised. You can add them by using the ping command of another computer or router. Therefore, when you need to use the ARP command to view the content in the cache, you 'd better ping this computer first (not the Ping Command sent from the local machine ).
Common Command Options:
ARP-A or ARP-g -- used to view all items in the cache. The results of the-A and-G parameters are the same. For many years,-G has been the option used on UNIX platforms to display all items in the ARP cache, windows uses ARP-A (-A can be regarded as all, that is, all), but it can also accept more traditional-G options.
ARP-a ip Address -- if you have multiple NICs, you can only display ARP cache items related to this interface by using the IP address of the ARP-A interface.
Physical ARP-s IP address-you can manually enter a static project into the ARP cache. The project remains valid during the computer boot process, or when an error occurs, the manually configured physical address automatically updates the project.
ARP-d ip -- Use this command to manually delete a static project.
You may have been tired ...... In fact, it is enough for general users-you can use ipconfig and ping commands to view your network configuration and determine whether it is correct. You can use netstat to view the connections established between others and you and find out the IP information hidden by the ICQ user, and use ARP to view the MAC address of the NIC-these are enough to let you lose the cainiao title. If you are not satisfied, "Stick your head" (the content below may be boring) and continue follow me ......
Tracert
When a datagram is transmitted from your computer through multiple gateways to the destination, the tracert command can be used to track the route (PATH) used by the datagram ). The path tracked by this utility is a path from the source computer to the destination. It cannot be guaranteed or considered that the datagram always follows this path. If your configuration uses DNS, you will often get the name of the city, address, and common communication company from the response. Tracert is a slow command (if the destination address you specify is too long), you need to give it 15 seconds for each vro.
Tracert is easy to use. You only need to follow tracert with an IP address or URL. tracert will convert the domain name accordingly. Tracert is generally used to detect the location of the fault. You can use tracert IP to identify the link where the problem occurred. Although it is still not sure what the problem is, it has already told us where the problem is located, you can also confidently tell others that something has gone wrong.
Route NBTSTAT Net Usage
Route
Most hosts usually reside in the CIDR block that is connected to only one vro. Because there is only one vro, no vro is used to publish the data to a remote computer. the IP address of the vro can be input as the default gateway of all computers in the CIDR block.
However, if you have two or more routers on the network, you do not have to rely on the default gateway. In fact, you may want to transmit some of your remote IP addresses through a specific vro, while other remote IP addresses are transmitted through another vro.
In this case, you need the corresponding route information, which is stored in the routing table. Each host and each router have their own unique route table. Most routers use dedicated routing protocols to exchange and dynamically update route tables between routers. However, in some cases, you must manually add the project to the router and Host Routing tables. Route is used to display, manually add, and modify route table items.
General options:
Route print -- this command is used to display the current project in the route table. The output result 12 is displayed on the network segment of a single router. Because the network adapter is configured with an IP address, all these items are automatically added.
Route add -- Use this command to add a route entry to the route table. For example, if you want to set a route to the destination network of 209.98.32.33, the route must go through five vro CIDR blocks. First, you must go through a vro on the local network with the IP address 202.96.123.5, if the subnet mask is too many then you should enter the following command:
Route add 209.98.32.33 mask merge limit 202.96.123.5 Metric 5
Route change -- you can use this command to modify the data transmission route. However, you cannot use this command to change the data destination. In the following example, you can change the data route to another vro, which uses a straight path containing three CIDR blocks:
Route add 209.98.32.33 mask merge limit 202.96.123.250 metric 3
Route Delete -- Use this command to delete a route from the route table. Example: Route Delete 209.98.32.33
NBTSTAT
The NBTSTAT (NetBIOS statistics on TCP/IP) utility is used to provide statistics about NetBIOS. With NETBIOS, you can view the NetBIOS name table on a local computer or remote computer.
Common options:
NBTSTAT-n -- display the local name and service program
NBTSTAT-c -- this command is used to display the content cached by NetBIOS name. The NetBIOS name cache is used to store the NetBIOS Name and IP address pairs of other computers that recently communicate with this computer.
NBTSTAT-r -- this command is used to clear and reload the NetBIOS name cache.
NBTSTAT-a ip Address: displays the physical address and name list of the other computer through the IP address. The content displayed is the same as that of the other computer running nbtstat-n.
NBTSTAT-s IP -- display the NetBIOS connection table of another computer that uses its IP address.
Net
Net commands have many functions used to utility and verify the NetBIOS connection between computers. Here I will only introduce the two most commonly used: Net view and net use.
Net view unc -- Use this command to view the name of a shared Vertex on the target server. Anyone on the LAN/index.html> can issue this command without providing a user ID or password. The UNC name always starts with the name of the target computer. For example, net view lx is the sharing point of the computer whose host name is lx (see figure 15 ).
Net use local drive letter destination computer Share Point-this command is used to establish or cancel the connection to the image drive to a specific Share Point (if needed, you must provide a user ID or password ). For example, if you enter net use F: lxmp3 to connect the image drive F: To the lxmp3 sharing point, you can directly access F: To access the lxmp3 sharing point in the future, this is similar to if you right-click my computer and select ing network drive.
NSLookup command
The NSLookup command is used to query the IP address of a machine and its corresponding domain name. It usually requires a Domain Name Server to provide domain name services. If you have configured a Domain Name Server, you can use this command to view the domain name corresponding to the IP addresses of different hosts.
The common format of this command is:
NSLookup [IP Address/domain name]
[Example] Run the NSLookup command on the local machine.
NSLookup
Default Server: name.tlc.com.cn
Address: 192.168.1.99
> 〉
Enter the IP address or domain name to be queried after the symbol ">" and press Enter. To exit the command, enter exit and press Enter.