Practical Network Tools

Home , Default gateway, Ipconfig, PathPing, Route (command)

Session 1793

V. Rajaravivarma Computer Electronics, School of Technology Central Connecticut State University New Britain, CT 06050, USA [email protected]

Abstract

This paper discusses ten practical commands useful in troubleshooting and solving network problems. These commands will be helpful for students in networking curricula and for entry-level network administrators. Troubleshooting is often a process of elimination. While troubleshooting problems, network administrators are either trying to discover what the problem is and rule out what the problem is not. They are always looking for simple solutions. This paper attempts to instill proficiency in basic network troubleshooting skills.

Introduction

This section briefly introduces all the ten basic commands discussed in this paper. 1. IPCONFIG is useful because it helps you determine a lot of relevant network information such as IP Address, Subnet Mask, DNS, and DHCP Servers. This command would generally be used to confirm proper network configurations that are in place. It is a very useful tool for troubleshooting as well as informational purposes 2. PING is an excellent test for basic network connectivity that allows verifying a connection with a particular host by sending ICMP request and reply packets. If a successful ping reply is received, with no packet loss, this indicates that the connection is functioning properly. Ping is probably one of the most useful and commonly used networking commands for troubleshooting. Ping can be used on a LAN or a remote host. To test the host by itself, ping the host NIC using the address 127.0.0.1. 3. TRACERT provides a view into the route in which packets follow en route to their destination. It can be used to identify where problems, or bottlenecks, may be occurring during a packet’s journey to its final destination. TRACERT is commonly used if the ping fails. 4. PATHPING takes elements from both PING and TRACERT and helps to identify where, along a packet’s journey, any packet loss might be occurring. PATHPING Page 9.998.1 is a good tool to use for isolating network problems. PATHPING tests IP

connectivity, measures network latency and packet loss, and establishes exactly where the packet loss is occurring. 5. NSLOOKUP is a way to learn more about a network destination from its DNS name. From this, an IP address can be determined, and connectivity can be tested, etc. This tool is useful if you are troubleshooting a problem that you think is with the DNS server, you can use the NSLOOKUP command to obtain the ip address, if you can ping the IP address, you know the problem is with name resolution. 6. NBTSTAT allows viewing NETBIOS name tables for local and remote computers. You can also view if a computer is a unique computer or a special group of computers. The status column allows you to see if a particular service is running, in the process of registering, or has been registered with the WINS service. 7. Route is a very useful tool that allows you to display a computers routing table. With this command a network administrator can also add or modify the routing table with this command. 8. NETSTAT displays all TCP/IP connections and protocol statistics. It allows you to see if a TCP connection is established or not. It also displays many specific protocol statistics such as Ethernet statistics. 9. HyperTerminal is a software program that is useful when connecting directly or remotely to routers or switches. Using hyper terminal and a rolled cable connected to the console port of a router or switch, anyone can view the log into the device. When logged in one can view router configurations, as well as modify them as long as you are authorized to do so. 10. TELNET is a program that allows you to log into a remote computer (usually through port 23) on a TCP/IP network. It is used to administer other computers on a network, test services or applications on a remote server and configure devices on a network such as a switch, a router or a printer A detailed description of the commands described above is explained in the following sections.

IPCONFIG 1-4

IPCONFIG is a simple tool used to discover the IP settings and reset the DHCP client settings of a computer. The command is implemented differently on Windows operating systems. The command is a graphical user interface on Windows 9x computers and a command line interface on Windows NT/2000/XP computers. On a Windows 9x computer, click START , RUN , type WINIPCFG , and then click OK. Click the MORE INFO button to display all of the information regarding the network adapter. On a Windows NT/2000/XP computer, click START , RUN , type CMD , click OK and at the command prompt, type IPCONFIG /ALL .

C:\>ipconfig /all

Windows 2000 IP Configuration

Page 9.998.2 Host Name ...... : CNC22414009 Primary DNS Suffix ...... : students.ccsu.edu

Node Type ...... : Hybrid IP Routing Enabled...... : No WINS Proxy Enabled...... : No DNS Suffix Search List...... : students.ccsu.edu ccsu.edu Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : ccsu.edu Description ...... : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) #2 Physical Address...... : 00-06-5B-A3-61-49 DHCP Enabled...... : Yes Autoconfiguration Enabled . . . . : Yes IP Address...... : 149.152.97.130 Subnet Mask ...... : 255.255.224.0 Default Gateway ...... : 149.152.96.1 DHCP Server ...... : 149.152.122.1 DNS Servers ...... : 149.152.125.1 149.152.122.1 Primary WINS Server ...... : 149.152.123.1 Lease Obtained...... : Tuesday, December 10, 2002 2:07:24 PM Lease Expires ...... : Wednesday, December 11,2002 2:07:24 AM A list of information is displayed; hostname, node type, physical or MAC Address, IP address, subnet mask, default gateway, DNS server, DHCP server, and WINS server information. If the computer is a DHCP client, the lease information and the IP address of the DHCP server will be displayed. Windows will only allow the DHCP options to be changed if the adapter is set to be a DHCP client. If the IP settings are static, the Renew and Release options will be dimmed on Windows 9x computers and any changes made via the command line on Windows NT/2000/XP computers will be refused by the operating system.

The information displayed by this command is self-explanatory, except for three fields; the Node Type, NetBIOS Scope ID and IP Routing Enabled. Before Windows 2000, Windows-based networks were designed to use Windows Internet Name Service or WINS for name resolution. WINS is used to resolve NetBIOS computer names to IP addresses over UDP port 137. The Node Type is an indicator for one of four methods of NetBIOS name resolution; broadcast, point to point, mixed, or hybrid. The NetBIOS Scope ID is a NetBIOS over TCP/IP option that isolates a group of computers. Only computers using the same Scope ID can communicate with each other. A computer with a Scope ID will ignore packets from a computer with a different Scope ID. The NetBIOS Scope ID consists of the NetBIOS name and a character string.

The IP Routing Enabled field indicates whether or not the computer will forward packets from one interface to another. The judgment of the network administrator is imperative in regard to this setting. Unless IP Forwarding is needed, do not enable it. To verify,

enable, or disable a Windows NT 4.0 computer from forwarding packets, go to the Page 9.998.3 CONTROL PANEL and double-click on the NETWORK ICON . Go to the PROTOCOLS tab and

Proceedings of the 2004 American Society for Engineering Education Annual Conference & Exposition Copyright © 2004, American Society for Engineering Education select “TCP/IP PROTOCOL ” and click the PROPERTIES button. Go to the ROUTING tab and note the “E NABLE IP FORWARDING ” check box. If it is checked, then the computer is routing packets. In Windows 2000/XP, an edit to the registry is required to enable or disable IP Forwarding.

NBTSTAT 5, 6

NBTSTAT is a powerful NetBIOS over TCP/IP (NetBT) tool. This command displays protocol statistics, NetBIOS name tables for local and remote computers, and the NetBIOS name cache. NBTSTAT used with the –RR switch, releases and then refreshes NetBIOS names for the local computer that is registered with WINS servers. If there is a registration problem with the WINS server, NBTSTAT is the tool for discovering and fixing these problems. Go to a COMMAND PROMPT , and type NBTSTAT –N and following example is displayed.

C:\>nbtstat -n

Node IpAddress: [10.0.0.1] Scope Id: []

NetBIOS Local Name Table

Name Type Status ------PARIS <00> UNIQUE Registered PARIS <20> UNIQUE Registered FRANCE <00> GROUP Registered FRANCE <1C> GROUP Conflict FRANCE <1B> UNIQUE Registered FRANCE <1E> GROUP Registered PARIS <03> UNIQUE Registered ADMINISTRATOR<03> UNIQUE Registered FRANCE <1D> UNIQUE Registered ..__MSBROWSE_<01> GROUP Registered PARIS <6A> UNIQUE Registered PARIS <06> UNIQUE Registered PARIS UNIQUE Registered INet~Services<1C> GROUP Registered IS~PARIS.....<00> UNIQUE Registered PARIS <6B> UNIQUE Registered PARIS <87> UNIQUE Registered

The name consists of the hostname of the computer and a hex character enclosed in angled-brackets. The network administrator specifies the first 15 characters of the NetBIOS hostname and the operating system specifies the last character to associate the hostname with a resource type. In the example above, Paris is the name of the computer that is in the domain France. Paris is capable of file and/or print sharing because of the listing “PARIS <20>.” The type indicates whether a listing is a unique computer or a special group of computers. Status indicates a computer with a particular service is running, in the process of registering, or has been registered with the WINS server. If Page 9.998.4

Proceedings of the 2004 American Society for Engineering Education Annual Conference & Exposition Copyright © 2004, American Society for Engineering Education there is another computer on the network with a duplicate hostname that has registered the same service, then the status is “Conflict.”

PING 7-11

Named after the sound sonar makes, PING is the most commonly used program known to test connectivity. Written by Michael Muuss in December of 1983, PING made its debut in the 4.2a BSD version of UNIX. To use PING, go to a COMMAND PROMPT , type PING , then either an IP ADDRESS or a DOMAIN NAME .

C:\>ping 198.133.219.25

Pinging 198.133.219.25 with 32 bytes of data:

Reply from 198.133.219.25: bytes=32 time=201ms TTL=241 Reply from 198.133.219.25: bytes=32 time=259ms TTL=241 Reply from 198.133.219.25: bytes=32 time=267ms TTL=241 Reply from 198.133.219.25: bytes=32 time=278ms TTL=241

Ping statistics for 198.133.219.25: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 201ms, Maximum = 278ms, Average = 251ms

PING output is simple and concise. In the example above, four 32-byte ICMP packets were sent to the IP address 198.133.219.25. The time it took to receive a reply is displayed in milliseconds. The number of hops the packets took is decremented by a router in the TTL or Time To Live figure. A summary of statistics follows the PING responses.

The most common error messages returned by PING are Unknown host, Request timed out, and Destination host unreachable.

If the Unknown host error message is returned, the domain name can not be resolved possibly due to an incorrectly entered hostname, domain name or IP address. PING relies upon name resolution for a hostname or domain name. If it doesn't work, something is wrong with the name service.

At least three reasons can cause the Request timed out error message. The destination host or router is down or physically disconnected. A router is configured to filter ICMP packets. The ICMP packets took longer than 1,000 milliseconds or one second to return because the network is congested. If the network is congested, use PING with the –W switch to increase the time PING will wait for a response.

The routers at IBM.com filter ICMP packets:

C:\>ping www.ibm.com -w 10000 Page 9.998.5

Pinging www.ibm.com [129.42.18.99] with 32 bytes of data:

Request timed out. Request timed out. Request timed out. Request timed out.

Ping statistics for 129.42.18.99: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

If the Destination host unreachable error message is returned, the router doesn't know the path because the address is not in its routing table, the process port is not active, or there’s fragment error. To begin troubleshooting, verify that the host and all of the local network devices between the source and the destination host are connected to the network and working. Sometimes routers or gateways will fragment a packet and return the error message. Use PING –F to set the Don’t Fragment flag.

C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Destination host unreachable. Destination host unreachable. Destination host unreachable. Destination host unreachable.

Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PING will resolve the hostname if the -a switch is used. PING can be used as a keep alive mechanism if the –T switch is used or to test when a computer comes back up.

C:\>ping /?

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list

Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list.

-k host-list Strict source route along host-list. Page 9.998.6 -w timeout Timeout in milliseconds to wait for each reply.

PING is a tool that used several times while troubleshooting to gain information about the network problem. The question is what to PING first depends upon the problem. If you can’t PING the loopback, the TCP/IP stack is corrupted or the incorrect drivers for the adapter are installed. If you can’t PING the IP address of local host, use IPCONFIG and ARP to verify that the host is configured properly and ARP resolution is taking place. If you can’t PING the IP address of the default gateway or a remote host, verify that the default gateway is functioning and that it isn’t filtering ICMP packets. If you can’t PING a hostname on a different network, verify that name resolution is functioning properly.

ROUTE 12

The ROUTE command allows network administrators to manage the routing table on a local computer. ROUTE is an essential tool for diagnosing and correcting routing issues because the routing entries can be viewed, added, or modified with this command. A network administrator must completely understand the routing table in order to troubleshoot any routing problem. To display a computer’s routing table, type ROUTE PRINT at a COMMAND PROMPT .

C:\>route print ======Interface List 0x1 ...... MS TCP Loopback interface 0x2 ...00 06 5b a3 61 49 ...... 3Com EtherLink PCI ======Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 149.152.96.1 149.152.97.130 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 149.152.96.0 255.255.224.0 149.152.97.130 149.152.97.130 1 149.152.97.130 255.255.255.255 127.0.0.1 127.0.0.1 1 149.152.255.255 255.255.255.255 149.152.97.130 149.152.97.130 1 224.0.0.0 224.0.0.0 149.152.97.130 149.152.97.130 1 255.255.255.255 255.255.255.255 149.152.97.130 149.152.97.130 1 Default Gateway: 149.152.96.1 ======

Persistent Routes: Page 9.998.7 None

There are three parts to the output; the Interface List, Active Routes, and the Persistent Routes. The Interface List simply displays the interface number, it’s corresponding MAC address, and a description. The Active Routes displays the path the packets are going to take. If there are any static routes, they’ll be listed in the last section; Persistent Routes.

The Active Routes output is verbose if it’s a multi-homed computer because all of the active routes for each interface are displayed. Following are the basics of Active routes: The Network Destination is a destination host, subnet address, or network address. The Netmask is the subnet mask applied to the Network Destination. The Gateway is the IP address that the local host will use to forward the packets to a destination on a different network. The Interface is the local interface that will used for the network destination and the Metric is the cost of that route.

The first line begins with 0.0.0.0 and it means that if no other route is found, it will be routed to the computer’s local IP address. Any packets for the 127.0.0.0 network will be routed to the loopback address. The third line begins with 149.152.96.0 and it means that anything on this subnet will be routed to the computer’s local interface. The fourth line indicates that any packets destined for the local host will be routed to the loopback. The next line indicates that any broadcasted packets on the 149.152.0.0 network will be routed to the local interface. The sixth line begins with 224.0.0.0 and it’s used for multi- casts. The last line means that any broadcasts will be sent to the local interface.

TRACERT 13

TRACERT is used to discover the path of which packets take once they leave the local interface. It’s very useful tool in locating a misconfigured or failed router. In 1987, Van Jacobson wrote the first of version of TRACEROUTE in response to severe routing problems in the Internet.

C:\>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options: -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply.

TRACERT and TRACEROUTE are the same basic command but they’re not created equal. Microsoft uses ICMP packets, while UNIX uses UDP packets. If a router is configured to filter ICMP packets, using TRACERT from a Microsoft computer will fail because the router is discarding ICMP packets, while the computer running Unix works perfectly because it uses UDP packets. Use TRACERT with a DOMAIN NAME or an IP Page 9.998.8 ADDRESS . The first number is the hop number. The next three numbers are the times in

Proceedings of the 2004 American Society for Engineering Education Annual Conference & Exposition Copyright © 2004, American Society for Engineering Education milliseconds for the probes. The next column is the name of the internetworking device and its IP address.

C:\>tracert 198.133.219.25

Tracing route to www.cisco.com [198.133.219.25] over a maximum of 30 hops:

1 10 ms <10 ms <10 ms 149.152.96.1 2 * * * Request timed out. 3 * * * Request timed out. 4 10 ms 10 ms 10 ms bos-edge-02.inet.qwest.net [65.120.112.245] 5 21 ms 90 ms 70 ms bos-core-02.inet.qwest.net [205.171.28.29] 6 20 ms 90 ms 90 ms jfk-core-01.inet.qwest.net [205.171.8.19] 7 10 ms 90 ms 80 ms jfk-core-03.inet.qwest.net [205.171.230.6] 8 20 ms 90 ms 81 ms jfk-brdr-02.inet.qwest.net [205.171.230.25] 9 20 ms 90 ms 80 ms qwest-gw.n54ny.ip.att.net [192.205.32.169] 10 21 ms 210 ms 140 ms tbr1-p014001.n54ny.ip.att.net [12.123.3.1] 11 40 ms 201 ms 170 ms tbr1-p013801.cgcil.ip.att.net [12.122.10.50] 12 110 ms 200 ms 191 ms tbr1-cl1.sffca.ip.att.net [12.122.10.6] 13 80 ms 100 ms 100 ms gbr5-p100.sffca.ip.att.net [12.122.11.74] 14 80 ms 100 ms 90 ms gar1-p360.sj2ca.ip.att.net [12.122.2.253] 15 100 ms 271 ms 280 ms 12.127.200.82 16 90 ms 90 ms 100 ms sjce-dirty-gw1.cisco.com [128.107.239.53] 17 81 ms 100 ms 90 ms sjck-sdf-ciod-gw2.cisco.com [128.107.239.102] 18 90 ms 100 ms 101 ms www.cisco.com [198.133.219.25]

Trace complete.

NETSTAT 14, 15

NETSTAT displays current TCP/IP connections and protocol statistics. The output of NETSTAT consists of following; the Protocol field, which is either TCP or UDP, the local address field, which is the hostname or IP address and the port number, the foreign address describes the remote computer that’s connected to the local address and the connection state. For more information on connection states, refer to page 20 in RFC 793.

C:\>netstat Page 9.998.9 Active Connections

Proto Local Address Foreign Address State TCP CNC22414009:2206 tigger.students.ccsu.edu:netbios-ssn ESTABLISHED TCP CNC22414009:2233 cadstudent1.students.ccsu.edu:microsoft-ds TIME_WAIT TCP CNC22414009:2237 cadstudent1.students.ccsu.edu:ldap TIME_WAIT TCP CNC22414009:2241 cadstudent1.students.ccsu.edu:ldap TIME_WAIT TCP CNC22414009:2243 cadstudent1.students.ccsu.edu:ldap TIME_WAIT

All of the NETSTAT switches are helpful. Any of the information provided by NETSTAT can be monitored at specific time interval by adding the number of seconds to the end of the command. Use any of the switches to get the desired output.

C:\>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports. -e Displays Ethernet statistics. This may be combined with the –s option. -n Displays addresses and port numbers in numerical form. -p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

For example, the –E switch displays all of the Ethernet Statistics.

C:\>netstat -e Interface Statistics

Received Sent

Bytes 345169969 5488525 Unicast packets 25925 25551 Non-unicast packets 5212830 185 Discards 0 0 Errors 0 0 Unknown protocols 238193 Page 9.998.10

NSLOOKUP 16, 17

NSLOOKUP is a tool used to look up DNS records and solve name server problems. It has two modes; non-interactive and interactive. If one piece of information is needed, use NSLOOKUP in non-interactive mode by typing NSLOOKUP and the DOMAIN NAME at a COMMAND PROMPT . In all other cases, use NSLOOKUP in interactive mode by typing NSLOOKUP and pressing ENTER .

C:\>nslookup Default Server: cadroot2.ccsu.edu Address: 149.152.125.1

> set type=all > ccsu.edu Server: cadroot2.ccsu.edu Address: 149.152.125.1 ccsu.edu internet address = 149.152.122.1 ccsu.edu internet address = 149.152.125.1 ccsu.edu nameserver = cadroot2.ccsu.edu ccsu.edu nameserver = cadroot1.ccsu.edu ccsu.edu primary name server = cadroot2.ccsu.edu responsible mail addr = admin.ccsu.edu serial = 1545 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) ccsu.edu MX preference = 20, mail exchanger = cmmsrv1.ccsu.edu ccsu.edu MX preference = 10, mail exchanger = cfacmail2.facstaff.ccsu.edu cadroot2.ccsu.edu internet address = 149.152.125.1 cadroot1.ccsu.edu internet address = 149.152.122.1 cmmsrv1.ccsu.edu internet address = 149.152.98.12 cfacmail2.facstaff.ccsu.edu internet address = 149.152.29.31

To return a particular record type, set the type. For example, if only mail server records are needed, set the type to MX and only those records will be returned.

> set type=mx > ccsu.edu Server: cadroot2.ccsu.edu Address: 149.152.125.1 ccsu.edu MX preference = 20, mail exchanger = cmmsrv1.ccsu.edu ccsu.edu MX preference = 10, mail exchanger = cfacmail2.facstaff.ccsu.edu cmmsrv1.ccsu.edu internet address = 149.152.98.12 cfacmail2.facstaff.ccsu.edu internet address = 149.152.29.31 Page 9.998.11

PATHPING 18

From a computer running Windows 2000 or XP, use PATHPING to isolate network problems. PATHPING is a very powerful tool because it tests IP connectivity, measures network latency and packet loss, and establishes exactly where the packet loss is occurring.

In the first half of the output, PATHPING performs a TRACERT and identifies all of the routers in the path to the destination host. In the second half, it computes the network statistics. PATHPING takes 25 seconds to compute these statistics for each hop to the destination. PATHPING will ping each router on the way to the destination host 100 times while keeping track of the time it takes to receive the responses. The first three columns are self-explanatory; hop number, the RTT or Round Trip Time, and the percentage of packets lost. The next two columns are the meat of the output. In the Node/Link column, network latency is calculated at each router or link. The Address column establishes exactly which router or link is congested.

C:\>pathping 198.133.219.25 Tracing route to www.cisco.com [198.133.219.25] over a maximum of 30 hops: 0 monet [172.144.47.193] 1 ipt-ck08.proxy.aol.com [152.163.204.109] 2 wc4-rtc-G3-0-3.proxy.aol.com [152.163.204.125] 3 pop2-rtc-P1-0.atdn.net [66.185.143.129] 4 bb2-rtc-P1-0.atdn.net [66.185.140.114] 5 bb2-ash-P14-0.atdn.net [66.185.152.52] 6 pop1-ash-P1-0.atdn.net [66.185.139.195] 7 sl-st21-ash-13-0.sprintlink.net [144.223.246.129] 8 sl-bb26-rly-15-2.sprintlink.net [144.232.20.2] 9 sl-bb25-rly-13-0.sprintlink.net [144.232.14.169] 10 sl-bb21-sj-5-3.sprintlink.net [144.232.20.91] 11 sl-bb20-sj-14-0.sprintlink.net [144.232.3.157] 12 sl-gw11-sj-9-0.sprintlink.net [144.232.3.138] 13 sl-ciscopsn2-11-0-0.sprintlink.net [144.228.44.14] 14 sjce-dirty-gw1.cisco.com [128.107.239.89] 15 sjck-sdf-ciod-gw1.cisco.com [128.107.239.98] 16 www.cisco.com [198.133.219.25] Computing statistics for 400 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 paris [172.144.44.195] 0/ 100 = 0% | 1 134ms 0/ 100 = 0% 0/ 100 = 0% ipt-ck08.proxy.aol.com [152.163.204.109] 0/ 100 = 0% | 2 --- 100/ 100 =100% 100/ 100 =100% wc4-rtc-G3-0-3.proxy.aol.com [152.163.204.125] 0/ 100 = 0% | 3 130ms 0/ 100 = 0% 0/ 100 = 0% pop2-rtc-P1-0.atdn.net [66.185.143.129] 0/ 100 = 0% | 4 131ms 0/ 100 = 0% 0/ 100 = 0% bb2-rtc-P1-0.atdn.net [66.185.140.114] 0/ 100 = 0% | 5 130ms 0/ 100 = 0% 0/ 100 = 0% bb2-ash-P14-0.atdn.net [66.185.152.52]

0/ 100 = 0% | Page 9.998.12 6 130ms 0/ 100 = 0% 0/ 100 = 0% pop1-ash-P1-0.atdn.net [66.185.139.195] 0/ 100 = 0% |

7 132ms 0/ 100 = 0% 0/ 100 = 0% sl-st21-ash-13-0.sprintlink.net [144.223.246.129] 0/ 100 = 0% | 8 131ms 0/ 100 = 0% 0/ 100 = 0% sl-bb26-rly-15-2.sprintlink.net [144.232.20.2] 0/ 100 = 0% | 9 131ms 0/ 100 = 0% 0/ 100 = 0% sl-bb25-rly-13-0.sprintlink.net [144.232.14.169] 0/ 100 = 0% | 10 209ms 0/ 100 = 0% 0/ 100 = 0% sl-bb21-sj-5-3.sprintlink.net [144.232.20.91] 0/ 100 = 0% | 11 208ms 0/ 100 = 0% 0/ 100 = 0% sl-bb20-sj-14-0.sprintlink.net [144.232.3.157] 0/ 100 = 0% | 12 211ms 0/ 100 = 0% 0/ 100 = 0% sl-gw11-sj-9-0.sprintlink.net [144.232.3.138] 0/ 100 = 0% | 13 217ms 0/ 100 = 0% 0/ 100 = 0% sl-ciscopsn2-11-0-0.sprintlink.net [144.228.44.14] 0/ 100 = 0% | 14 214ms 0/ 100 = 0% 0/ 100 = 0% sjce-dirty-gw1.cisco.com [128.107.239.89] 0/ 100 = 0% | 15 211ms 0/ 100 = 0% 0/ 100 = 0% sjck-sdf-ciod-gw1.cisco.com [128.107.239.98] 0/ 100 = 0% | 16 210ms 0/ 100 = 0% 0/ 100 = 0% www.cisco.com [198.133.219.25]

Trace complete.

HYPERTERMINAL 19

HYPERTERMINAL is a program that is used to communicate with other computers to transfer files. It’s also used to directly connect to routers or switches. There are a few configuration changes that require physical access to a router or switch, most notably, password recovery.

To connect to a router or switch, use HYPERTERMINAL in conjunction with a console cable or a DB-9 connector with a rollover cable to physically connect to the device. In addition to using a COM port, HYPERTERMINAL can connect to the device using TCP/IP.

Begin a HYPERTERMINAL session by clicking START , followed by RUN . Type HYPERTRM in the RUN box and press OK. CHOOSE A NAME AND AN ICON FOR THE SESSION . Go to the Connect Using drop down box and select the proper COM port. Click OK and use the following Port Settings: 9600 BITS PER SECOND , 8 DATA BITS , NO PARITY , 1 STOP BIT , AND NO FLOW CONTROL . Click OK, and press ENTER , and the device will respond with a command prompt or menu.

TELNET 20

TELNET or “telecommunications network protocol” is a program that allows you to log

on to a remote computer on a TCP/IP network. It’s used to administer other computers Page 9.998.13 on the network, test services or applications on a remote server and configure devices on the network such as a switch, router or printer.

TELNET is a client/server application that is available for computers running TCP/IP. The client program is available on most operating systems, while the server program is usually made available as third party software, although Windows 2000/XP provides a TELNET server. On a Windows 2000 or XP computer, right-click on MY COMPUTER , select MANAGE , expand SERVICES AND APPLICATIONS , find and start the TELNET SERVICE or go to the CONTROL PANEL , double-click the ADMINISTRATIVE TOOLS icon, double- click on the SERVICES icon, and find and start the TELNET SERVICE . You’ll need a computer account on the remote computer to log on with TELNET.

The client program for TELNET is a graphical user interface on Windows 9x and NT 4.0 computers and a command line interface on Windows 2000 and XP computers. On a Windows 9x or NT 4.0 computer, click START , RUN , type TELNET , and click OK. From the menu, choose CONNECT , then REMOTE SYSTEM and the Connect dialog box appears. Enter an IP ADDRESS or HOSTNAME in the Host Name: box and a port number in the Port: box if want to connect using a different port over the default port number 23 and click OK.

On a Windows 2000 or XP computer, click START , RUN , type CMD , click OK and at the command prompt, type TELNET and press ENTER . Type the command OPEN and press ENTER . When telnet responds with “( to ),” enter the HOSTNAME or the IP ADDRESS of the computer you’re trying to reach, then enter your USERNAME and PASSWORD . Once you’re connected to the remote system, it is as if you were physically at the computer.

C:\>telnet

Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> open ( to ) 192.168.0.5

Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: username password: ********

*======Welcome to Microsoft Telnet Server. *======C:\>

The shortcut method is to type the TELNET command, the HOSTNAME or IP ADDRESS , and a PORT NUMBER on one line. In the example below, I have connected to a computer through port 25 or the SMTP port. The response indicates that the SMTP service is running on this computer. Page 9.998.14

C:\>telnet 192.168.0.5 25

220 Servername Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready at Sun, 14 Jul 2002 15:03:19 –0500

There a few things to keep in mind while using TELNET. First, beware of any configuration changes that would cause you to lose your connection to the remote host. The importance of this point is in direct proportion to how far away you are from the remote host. Second, if you can’t connect to another computer using TELNET, realize that a router may be configured to discard the packets or the TELNET server or service isn’t running. Third, TELNET is a powerful tool for the network professional. It may be one of oldest applications of the Internet, but it’s still immensely useful.

Summary

All prospective network administrators should be familiar with the above-mentioned commands for two reasons; ease of use and availability. First, there’s no proprietary or complicated training needed to use these commands. Second, all of the commands are available on any computer running Windows 9x except for NSLOOKUP and PATHPING, which are available on any computer running Windows 2000 or XP. With some variations in use and output, these commands are also used in UNIX environments. These ten basic commands for troubleshooting computer networks should be part of Computer Engineering Technology curriculum.

Bibliography 1. RFC 1001; Protocol standard for a NetBIOS service on a TCP/UDP Transport: Concepts and methods ftp://ftp.rfc-editor.org/in-notes/rfc1001.txt 2. RFC 1002; Protocol standard for a NetBIOS service on a TCP/UDP Transport: Detailed specifications ftp://ftp.rfc-editor.org/in-notes/rfc1002.txt 3. Microsoft Knowledge Base Article – 119493; NetBIOS over TCP/IP Name Resolution and WINS http://support.microsoft.com/default.aspx?scid=kb;[LN];119493 4. Microsoft Knowledge base Article – 138449; Using and Troubleshooting the TCP/IP Scope ID http://support.microsoft.com/default.aspx?scid=kb;[LN];138449 5. Minasi M. and Lammle T. TCP/IP for NT Server , SYBEX Inc., 1997. 6. Windows Internet Naming Service (WINS): Architecture and Capacity Planning http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/W INS10-12.asp 7. Michael Muuss’ website; The Story of the PING Program http://ftp.arl.mil/~mike/ping.html

8. RFC 792; Internet Control Message Protocol ftp://ftp.rfc-editor.org/in- Page 9.998.15 notes/rfc792.txt

9. RFC 793; Transmission Control Protocol ftp://ftp.rfc-editor.org/in- notes/rfc793.txt 10. Comer D. Internetworking with TCP/IP; Principles, Protocols, and Architectures , Fourth edition, Prentice Hall, 2000. 11. Microsoft Knowledge Base Article – 314067; How to Troubleshoot TCP/IP Connectivity with Windows XP http://support.microsoft.com/default.aspx?scid=KB;en-us;q314067 12. Microsoft Windows 2000 Server Documentation http://www.microsoft.com/windows2000/en/server/help/route.htm 13. Sloan D. Networking Troubleshooting Tools , O’Reilly Press, 2001. 14. Microsoft TechNet http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ winxppro/proddocs/netstat.asp 15. RFC 793; Transmission Control Protocol ftp://ftp.rfc-editor.org/in- notes/rfc793.txt 16. Microsoft Knowledge base Article – 200525; Using NSlookup.exe http://support.microsoft.com/default.aspx?scid=kb;[LN];200525 17. Albitz P.and Liu C. DNS and BIND , 4 th Edition, O’Reilly Press, 2001. 18. Microsoft TechNet Windows 2000 Server Manual – Networking TCP/IP 19. http://www.hilgraeve.com 20. Stevens W Richard. TCP/IP Illustrated, Volume 1: The Protocols , Addison- Wesley, 1994.

Veeramuthu Rajaravivarma V. Rajaravivarma is currently a professor with the Computer Electronics and Graphics Technology department at Central Connecticut State University, New Britain, CT. Since his graduation in 1988, he has taught electrical and computer networking courses at Tennessee State University, Morehead State University, and North Carolina A&T State University. Page 9.998.16