|For those who are engaged in network management and maintenance work or often surf the internet, it is almost inevitable that a network failure will happen. In the face of strange network failures, I believe many people will feel that there is no way out, so they often turn to a variety of professional fault diagnosis tools, hope that through these professional tools to quickly find the cause of the failure in order to take timely measures to respond to the specific.
In fact, no matter what type of fault diagnosis tools, in the face of some special network failures will appear powerless; At this point, all we can do is to rely on ourselves, starting with the ping command, to manually troubleshoot the cause of the failure.
in order, use the ping command.
Although the ping command usually looks trivial, it can sometimes play an unexpected role when using the command at a critical time. Of course, in order to make the ping command effective, we first need to grasp the use of the command to troubleshoot some of the test sequence, as long as the sequence of troubleshooting, and then difficult to solve the network fault can be quickly resolved, the following is the use of ping to test the reasons for the specific sequence of operations:
First, ping the circular address 127.0.0.1 of the local workstation. When you encounter a special network failure that cannot directly find the cause of the failure, we first need to use the ping command to test the local workstation's cyclic address 127.0.0.1 can be normal ping, if the address can not be normal ping, then the local workstation tcp/ The IP protocol program has been compromised or the NIC device has been damaged.
At this point, we may open the local workstation system's Device Manager window, find the network card device options, right-click the option, and execute the Properties command from the pop-up shortcut menu to open the Properties Settings window for the NIC device, in the general On the label page we can see whether the current NIC is working properly (as shown in the following image).
When the NIC is found to be working properly, it is likely that the local workstation's TCP/IP protocol has been compromised, at this point we may wish to open the local Connection Properties Settings window, select and remove the TCP/IP protocol options in the Settings window, and then reinstall the TCP/IP protocol program, It is believed that the local workstation's cyclic address 127.0.0.1 can be ping through normal.
Second, ping the IP address of the local workstation. To confirm that the 127.0.0.1 address can be ping, we continue to use the ping command to test the local workstation static IP address can be normal ping, if the address can not be normal ping, then the local workstation network card parameters are not set correctly, Either the NIC driver is incorrect or the local routing table may be corrupted.
At this point we can re-examine the local workstation network parameters are set correctly, if the network parameters are set correctly in the case still can not ping the local IP address, we'd better reinstall the original network card device driver, It is believed that we can ping the static IP address of the local workstation correctly. Once the static IP address of the local workstation is successfully ping, it indicates that the local workstation has been able to join the LAN network.
Then ping the default gateway address for the local area network. Because the local workstation communicates with other workstations in the local area network through a gateway, only the local workstation is connected to the default gateway to ensure that the local workstation communicates with the other workstation normally. If the gateway address can be properly ping, it means that the local workstation can communicate with other stations in the LAN.
If the ping command is unsuccessful, it is likely that the gateway device itself is having problems, or that the line connection between the local workstation and the gateway is not working properly, or that the local workstation is not set up in the same subnet as the gateway. At this point, we can first test the network cable connectivity with a professional cable test tool, and then check if the network parameters of the local workstation are set to the same subnet as the gateway parameters if the online cable connectivity is normal.
If the network parameters are set correctly, we will ping the gateway address from other workstations, in order to confirm the existence of the gateway itself, if the other workstations in the LAN can not ping the gateway, it is mostly the gateway equipment itself problems, This time we just have to focus on the fault troubleshooting in the gateway device on it.
The following ping the IP addresses of any remote workstation in the local area network to verify that the local workstation can communicate with other stations on the LAN through the gateway device. If we find that the IP address of the remote workstation is not ping, it is most likely that the remote workstation itself is unable to respond, or that there is a problem with the line connection between the remote workstation and the gateway device, where we can focus the troubleshooting of the network on the remote workstation or on the network device on the LAN.
Finally, ping the remote workstation host name of the local area network. This test is necessary when you are sure that you can ping the remote workstation IP address and still have access to remote workstation content. If the host name cannot be ping successfully, it is most likely that there is a problem with DNS resolution, rather than a network connection failure, at this point we might as well lock the fault check focus on the DNS server.
tip: to effectively identify the cause of the network failure, we try to ensure that the ping command obtains the correct test results by ensuring that only one gateway is configured on the local area network while the ping command is being used for the test check.
Secure, deactivate ping function
In the event that the network access is normal, we sometimes use ping to test the connectivity of an address, there will be a ping impassability phenomenon, in fact, this phenomenon is not a network failure, because at present many virus programs through the LAN to send a large number of garbage packets, in order to implement a DDoS attack , and many servers or workstations often take steps to shut down the ping function in order to stay away from such an attack, and this can occur when the network access is normal, and still the strange phenomenon of ping impassability.
To protect the local workstation, we can usually take the following steps to ensure that other users cannot ping the IP address of the local workstation:
First click the start/Settings/Control Panel commands. In the Control Panel window that pops up, double-click the Administrative Tools icon, double-click the Local Security policy item, and then select the security settings, IP Security Policy option in the subsequent interface, and in the corresponding IP security policy option, right-click an empty area and execute the Create IP Security Policy command on the shortcut menu to open the Create wizard window as shown in the following illustration;
Click the Next button in the window and set the IP Security policy name to Noping, and then follow the wizard prompts to step through the Next button to complete the creation of the IP Security policy. After you create the IP Security policy, open the Group Policy editing interface for the local workstation system, select Computer Configuration, Windows settings, security settings, IP Security settings, on the local computer option on the left display area of the editing interface, and select the display area on the right side of the option. Noping The IP Security policy, and then right-click the option to execute the "assign" command from the pop-up right-click menu, so that the ping function of the local workstation is temporarily discontinued.
Tip: In addition to enhancing the security performance of the local workstation by deactivating the ping feature, we can protect the local workstation or server by disguising the ping command test results. For example, in the ping command test, if the DefaultTTL result is 128, we can determine the target host's operating system type is a Windows system, if the DefaultTTL result is 64, the target host's operating system type is the Linux system, Based on such test results information hackers are likely to implement targeted attacks, so that we can deliberately camouflage defaultttl results information, so that hackers return a wrong result, so that the hacker launched an illegal attack to deviate from the direction.
To disguise the DefaultTTL result information, we simply open the system's Registry editing window and expand the hkey_local_machine/system/currentcontrolset/services/tcpip/ Parameters Branch, and then create a "DefaultTTL" double byte value under the "Parameters" branch, and then set its value to any other number.
For example, under Windows, we could try to set the DefaultTTL result information to "64" so that when the hacker uses ping to test the local workstation, it also thinks that the local workstation has the Linux system installed, so they may launch an attack against the Linux system. However, such an attack does not have any effect on Windows system workstations, so the security of the local workstation is guaranteed to a certain extent.
focus on speed, use good pathping
In the Windows 2000 version of the workstation system, the ping command also has a "brother" companion, the "brother" is in fact rarely appear in the pathping command, the command at a critical moment can also help us find the reason for the network failure. For example, when the network access speed is very slow, we may not be able to find the cause of the slow speed of network access, using the Pathping command, we can easily find in which network link in the phenomenon of packet loss.
When we found that the local workstation is very slow to surf the Internet, you can click the "Start"/"Run" command, in the pop-up system run box to enter the "cmd" string command, click the "OK" button, the system to switch to MS-DOS operation status;
Second, in the DOS command line, the input string command "Pathping xxx" (where "XXX" is the IP address of the DNS server specified by the local workstation), and then after clicking the Enter key, we can see from the resulting message that in the process of accessing the DNS server, Midway through a number of intermediate routers (as shown in the following illustration).
And can clearly know in which jump link occurred data packet loss or network delay phenomenon. If we find that a certain router's data packet loss rate is very high, then the router is very likely to have an accident, at this time we will only focus on the fault checking the corresponding