Windows Network Command line program
This section includes:
Use Ipconfig/all to view configuration
Use Ipconfig/renew to refresh the configuration
Using Ipconfig to manage DNS and DHCP class IDs
Use Ping to test connection
Resolving hardware address problems with ARP
Using nbtstat to troubleshoot NetBIOS name problems
Display connection statistics using netstat
Using tracert to track network connections
Testing routers using Pathping
Use Ipconfig/all to view configuration
When you discover and troubleshoot TCP/IP network problems, first check the TCP/IP configuration on the computer that is having problems. You can use the ipconfig command to obtain host configuration information, including IP addresses, subnet masks, and default gateways.
Attention
For Windows 95 and Windows 98 clients, use the winipcfg command instead of the ipconfig command.
When using the ipconfig command with the/ALL option, detailed configuration reports for all interfaces are given, including any configured serial ports. With Ipconfig/all, you can redirect the command output to a file and paste the output into another document. You can also use this output to confirm the TCP/IP configuration for each computer on your network, or to investigate TCP/IP network problems further.
For example, if the computer is configured with an IP address that duplicates an existing IP address, the subnet mask is displayed as 0.0.0.0.
The following example is the Ipconfig/all command output, which is configured to use the DHCP server to dynamically configure TCP/IP and to resolve names using WINS and DNS servers.
Windows IP Configuration
Node Type ..... : Hybrid
IP Routing Enabled ..... : No
WINS Proxy Enabled ..... : No
Ethernet Adapter Local Area Connection:
Host Name ..... : corp1.microsoft.com
DNS Servers .......:10.1.0.200
Description ...: 3Com 3c90x Ethernet Adapter
Physical Address ...: 00-60-08-3e-46-07
DHCP Enabled ...: Yes
Autoconfiguration Enabled.: Yes
IP address ..... . : 192.168.0.112
Subnet Mask ..... : 255.255.0.0
Default Gateway ... : 192.168.0.1
DHCP Server ..... : 10.1.0.50
Primary WINS Server .... : 10.1.0.101
Secondary WINS Server ...: 10.1.0.102
Lease obtained ..... : Wednesday, September, 1998 10:32:13 AM
Lease Expires ..... : Friday, September, 1998 10:32:13 AM
If there is no problem with TCP/IP configuration, the next test can connect to other hosts on the TCP/IP network.
use Ipconfig/renew to refresh the configuration
When troubleshooting TCP/IP network problems, first check the TCP/IP configuration on the computer that is experiencing the problem. If your computer enables DHCP and uses a DHCP server to obtain configuration, start refreshing the lease using the Ipconfig/renew command.
When using ipconfig/renew, all network adapters on computers that use DHCP, except those that are manually configured, try to connect to the DHCP server, update existing configurations, or obtain new configurations.
You can also use the ipconfig command with the/release option to immediately release the current DHCP configuration of the host. For more information about DHCP and the lease process, see how clients obtain configuration.
Attention
For DHCP-enabled Windows 95 and Windows 98 customers, use the release and renew options for the winipcfg command, instead of the ipconfig/release and Ipconfig/renew commands, manually releasing or update the client's IP configuration lease.
You can also use the ipconfig command for managing DNS and DHCP class IDs using ipconfig:
Displays or resets the DNS cache.
For more information, see View or reset the client resolver cache using Ipconfig.
Refreshes the registered DNS name.
For more information, see Updating DNS client registration using ipconfig.
Displays the DHCP class ID for the adapter.
For more information, see Displaying DHCP class ID information on a client computer.
Sets the DHCP class ID for the adapter.
For more information, see Setting DHCP class ID information on a client computer.
use Ping to test connection
The Ping command helps verify the connectivity of IP levels. When you discover and resolve a problem, you can use Ping to send an ICMP response request to the destination host name or IP address. Use Ping when you need to verify that your host can connect to TCP/IP network and network resources. You can also use Ping to isolate network hardware problems and incompatible configurations.
It is usually best to Ping the command to verify that the route between the local computer and the network host exists, and the IP address of the network host to which you want to connect. Ping the IP address of the target host to see if it responds, as follows:
Ping IP_Address
The following steps should be performed when using Ping:
Ping loopback addresses Verify that TCP/IP is installed on the local computer and that the configuration is correct.
Ping 127.0.0.1
Ping the IP address of the local computer to verify that it is correctly added to the network.
Ping Ip_address_of_local_host
Ping the IP address of the default gateway to verify that the default gateway is running and can communicate with local hosts on the local network.
Ping Ip_address_of_default_gateway
Ping the IP address of the remote host to authenticate the ability to communicate through the router.
Ping Ip_address_of_remote_host
The ping command resolves the computer name to an IP address with the name resolution of Windows sockets, so if the address succeeds, but Ping fails with the name, the problem is with address or name resolution rather than network connectivity. For more information, see Resolving Hardware address problems with ARP.
If you are unable to successfully use Ping at any point, confirm:
Restart the computer after you install and configure TCP/IP.
The IP address of the local computer on the General tab of the Internet Protocol (TCP/IP) Properties dialog box is valid and correct.
With IP routing, and the links between routers are available.
You can use the different options of the Ping command to specify the packet size to use, how many packets to send, whether to record the used route, the time to Live (TTL) value to use, and whether to set the "Do not Fragment" flag. Can you type ping-? View these options.
The following example shows how to send two Ping to an IP address 172.16.48.10, each of which is 1,450 bytes:
C:/>ping-n 2-l 1450 172.16.48.10
Pinging 172.16.48.10 with 1450 bytes of data:
Reply from 172.16.48.10:bytes=1450 time<10ms ttl=32
Reply from 172.16.48.10:bytes=1450 time<10ms ttl=32
Ping statistics for 157.59.8.1:
Packets:sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 2ms
By default, the Ping waits 1,000 milliseconds (1 seconds) for each response to return before the request timeout is displayed. If a Ping-probed remote system passes through a long delayed link, such as a satellite link, the response may take longer to return. You can use the-w (wait) option to specify a longer timeout.
Resolving hardware address problems with ARP
Address Resolution Protocol (ARP) allows a host to find the media access control address of a host on the same physical network, if the IP address of the latter is given. To make ARP more efficient, each computer caches IP to media access control address mappings to eliminate duplicate ARP broadcast requests.
You can use the ARP command to view and modify ARP table entries on the local computer. ARP commands are useful for viewing ARP caching and resolving address resolution problems.
For more information, see View the Address Resolution Protocol (ARP) cache and add static ARP cache entries.
Using nbtstat to troubleshoot NetBIOS name problems
NetBIOS (NetBT) on TCP/IP resolves the NetBIOS name to an IP address. TCP/IP provides many options for NetBIOS name resolution, including local cache search, WINS server queries, broadcasts, DNS server queries, and Lmhosts and host file searches.
Nbtstat is a useful tool for solving NetBIOS name resolution problems. You can use the nbtstat command to delete or correct a preloaded project:
NBTSTAT-N displays the names that are registered locally on the system by programs such as the server or redirector.
NBTSTAT-C Displays the NetBIOS name cache, which contains the names of other computers to address mappings.
Nbtstat-r clears the name cache and reloads it from the Lmhosts file.
NBTSTAT-RR releases the NetBIOS names registered on the WINS server, and then refreshes their registrations.
Nbtstat-a name performs the NetBIOS adapter status command on the computer specified by name. The adapter Status command returns the local NetBIOS name table for the computer and the media access control address of the adapter.
Nbtstat-s lists the current NetBIOS sessions and their status, including statistics, as shown in the following example:
NetBIOS Connection Table
Local name In/out Remote Host Input Output
------------------------------------------------------------------
CORP1 <00> Connected out corpsup1<20> 6MB 5MB
CORP1 <00> Connected out corpprint<20> 108KB 116KB
CORP1 <00> Connected out corpsrc1<20> 299KB 19KB
CORP1 <00> Connected out corpemail1<20> 324KB 19KB
CORP1 <03> Listening
Display Connection statistics using netstat
You can use the Netstat command to display protocol statistics and current TCP/IP connections. The netstat-a command displays all connections, while NETSTAT-R displays the routing table and active connections. The NETSTAT-E command displays Ethernet statistics, and netstat-s displays statistics for each protocol. If you use Netstat-n, you cannot convert addresses and port numbers to names. Here is an example of Netstat's output:
C:/>netstat-e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast Packets 120099 131015
Non-unicast Packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown Protocols 363054211
C:/>netstat-a
Active connections
Proto Local Address Foreign
TCP corp1:1572 172.16.48.10:nbsession established
TCP corp1:1589 172.16.48.10:nbsession established
TCP corp1:1606 172.16.105.245:nbsession established
TCP corp1:1632 172.16.48.213:nbsession established
TCP corp1:1659 172.16.48.169:nbsession established
TCP corp1:1714 172.16.48.203:nbsession established
TCP corp1:1719 172.16.48.36:nbsession established
TCP corp1:1241 172.16.48.101:nbsession established
UDP corp1:1025 *:*
UDP CORP1:SNMP *:*
UDP Corp1:nbname *:*
UDP Corp1:nbdatagram *:*
UDP Corp1:nbname *:*
UDP Corp1:nbdatagram *:*
C:/>netstat-s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets discarded = 0
Received Packets delivered = 4616524
Output Requests = 132702
Routing discards = 157
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
reassembly Failures =
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMP Statistics
Received Sent
Messages 693 4
Errors 0 0
Destination Unreachable 685 0
Time Exceeded 0 0
Parameter Problems 0 0
Source quenches 0 0
Redirects 0 0
Echoes 4 0
Echo Replies 0 4
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask replies 0 0
TCP Statistics
Active Opens = 597
Passive opens = 135
Failed Connection attempts = 107
Reset connections = 91
Current Connections = 8
Segments Received = 106770
Segments Sent = 118431
Segments retransmitted = 461
UDP Statistics
Datagrams Received = 4157136
No Ports = 351928
Receive Errors = 2
Datagrams Sent = 13809
using tracert to track network Connections
The Tracert (trace route) is the routing trace utility that determines the path taken by IP datagram access targets. The Tracert command uses the IP lifetime (TTL) field and ICMP error messages to determine routes from one host to another host on the network.
Tracert Working principle
The Tracert diagnostics determine the route to the destination by sending an Internet Control Message Protocol (ICMP) response packet to the destination with different IP time to live (TTL) values. Requires that each router on the path decrements at least 1 of the TTL on the packet before forwarding the packet. The TTL on the packet is reduced to 0 o'clock, and the router should send the "ICMP timed out" message back to the source system.
Tracert sends a response packet with a TTL of 1 and increments the TTL by 1 in each subsequent send process until the target response or TTL reaches its maximum value to determine the route. Route is determined by examining the "ICMP timed out" message sent back by the intermediary router. Some routers discard the TTL-expired packets without asking, which is not visible in the tracert utility.
The Tracert command prints a list of the near-end router interfaces in the path that returns the ICMP timeout message in order. If you use the-D option, the Tracert utility does not query DNS on each IP address.
In the following example, the packet must pass through two routers (10.0.0.1 and 192.168.0.1) to reach the host 172.16.0.99. The default gateway for the host is the IP address of the router on the 10.0.0.1,192.168.0.0 network is 192.168.0.1.
C:/>tracert 172.16.0.99-d
Tracing route to 172.16.0.99 over a maximum of hops
1 2s 3s 2s 10,0.0,1
2 ms Ms 192.168.0.1
3 ms-Mobile MS 172.16.0.99
Trace complete.
solve problems with tracert
You can use the TRACERT command to determine where the packet will stop on the network. In the following example, the default gateway determines that the 192.168.10.99 host does not have a valid path. This may be a problem with the router configuration, or the 192.168.10.0 network does not exist (the wrong IP address).
C:/>tracert 192.168.10.99
Tracing route to 192.168.10.99 over a maximum of hops
1 10.0.0.1 reportsestination net unreachable.
Trace complete.
The Tracert utility is useful for solving large network problems and can take several paths to the same point.
Tracert Command line Options
The Tracert command supports a variety of options, as shown in the following table.
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] Target_name
Option description
-d specifies that the IP address is not resolved to the host name.
-h maximum_hops Specifies the metric to track the route to a host called Target_name.
-j host-list Specifies the list of router interfaces in the path used by the Tracert utility packet.
-W Timeout Wait timeout the number of milliseconds specified for each reply.
Target_name the name or IP address of the target host.
For more information, see Using the tracert command to track paths.
testing routers using Pathping
The Pathping command is a route tracking tool that combines the functionality of the ping and Tracert commands with other information not provided by the two tools. The Pathping command sends packets over a period of time to each router on the path to the final destination, and then returns from each hop based on the packet's computer results. Because the command displays the extent to which packets are lost on any given router or link, you can easily identify the routers or links that may be causing network problems. Some options are available, as shown in the following table.
Options |
Name |
Function |
-N |
Hostnames |
Do not resolve addresses to host names |
-H |
Maximum Hops |
Maximum number of hops for a search target |
-G |
Host-list |
Releasing source routes along the routing list |
-P |
Period |
The number of milliseconds to wait between ping |
-Q |
Num_queries |
Number of queries per hop |
-W |
Time-out |
The number of milliseconds to wait for each reply |
-T |
Layer 2 Tag |
Attach the 2nd-tier priority tag (for example, to IEEE 802.1p) to a packet and send it to each network device in the path. This helps identify network devices that do not have the proper configuration of level 2nd priority. -T switch for testing quality of service (QoS) connectivity |
-R |
RSVP Isbase Che |
Check to determine whether each router in the path supports the Resource Reservation Protocol (RSVP), which allows the host to retain a certain amount of bandwidth for the data stream. The-r switch is used to test quality of service (QoS) connectivity. |
The default metric is 30, and the default wait time before the timeout is 3 seconds. The default time is 250 milliseconds, and the number of queries per router along the path is 100.
The following is a typical pathping report. The statistics edited after the hop list indicate the loss of packets on each independent router.
D:/>pathping-n MSW
Tracing route to MSW [7.54.1.196]
Over a maximum of hops:
0 172.16.87.35
1 172.16.87.218
2 192.68.52.1
3 192.68.80.1
4 7.54.247.14
5 7.54.1.196
Computing Statistics for seconds ...
Source to here This Node/link
Hop RTT lost/sent = pct lost/sent = pct address
0 172.16.87.35
0/100 = 0% |
1 41ms 0/100 = 0% 0/100 = 0% 172.16.87.218
13/100 = 13% |
2 22ms 16/100 = 16% 3/100 = 3% 192.68.52.1
0/100 = 0% |
3 24ms 13/100 = 13% 0/100 = 0% 192.68.80.1
0/100 = 0% |
4 21ms 14/100 = 14% 1/100 = 1% 10.54.247.14
0/100 = 0% |
5 24ms 13/100 = 13% 0/100 = 0% 10.54.1.196
Trace complete.
When you run Pathping, you first view the results of the route when you test the problem. This path is the same as the path shown by the tracert command. The pathping command then displays the busy message for the next 125 milliseconds (this time varies based on the hop count). During this time, Pathping collects information from all previously listed routers and from the links between them. At the end of this period, it displays the test results.
The rightmost two columns this node/link lost/sent=pct and address contain the most useful information. 172.16.87.218 (Hop 1) and 192.68.52.1 (Hop 2) lose 13% of the packets. All other links work properly. Routers in Hops 2 and 4 also lose packets addressed to them (as shown in the This Node/link column), but the loss does not affect the forwarded path.
The loss rate shown on the link (labeled | In the rightmost column) indicates that the missing packet is forwarded along the path. The loss indicates that the link is blocked. The loss rate shown to the router (shown by the IP address in the rightmost column) indicates that the CPUs of these routers may be overloaded. These blocked routers may also be a factor in end-to-end issues, especially when software routers forward packets.