34384_CPEG_04 2/17/2005 17:3:44 Page 208 OBJECTIVES 4.1 Given a troubleshooting scenario, select the appropriate network utility from the following: TRACERT / TRACEROUTE, NETSTAT, AND NBTSTAT UNDERSTANDING THE OBJECTIVE Tracert and traceroute are utilities used to send packets to a specified host and retrieve information on the path the packets took to reach the host. Netstat is a similar utility that provides information about all connected TCP/IP hosts, including the connections’ port numbers and status.Nbtstat is a utility that reveals the NetBIOS names and status of connected devices running NetBIOS over TCP/IP (NBT). WHAT YOU REALLY NEED TO KNOW ◆ Tracert on Windows systems (or traceroute on UNIX-type of systems) is a TCP/IP util- ity that traces the path of a packet from the originating host to another host. In its simplest form, it displays the number of router hops the packet traverses, those routers’ addresses, and how long the packet took to go from one router to the next. ◆ Tracert and traceroute are most useful for determining where network bottlenecks are occurring. They also indicate whether a host is unreachable. ◆ The most commonly used expression of the tracert command is tracert Y, where Y is the IP address or host name of a system. On a UNIX-type of system, sub- stitute traceroute for tracert. ◆ Netstat is a utility that displays specifics about active inbound and outbound TCP/IP connections on a host. When used in its most basic form, netstat displays the address (or host name) of connected systems, and the connected port, the type of Transport layer protocol in use, and the connection status. ◆ Netstat can be used with numerous parameters that supply more information about a host’s connections, including statistics for network interfaces and routing tables for active connections. ◆ Nbtstat displays information about connected devices running NetBIOS over TCP/IP. Thus, nbtstat is useful only on Windows-based networks. ◆ Nbtstat can be used with several parameters to discover, for example, the work- group and domain to which the NetBIOS machine belongs, MAC addresses, IP addresses, and sessions with connected hosts. ◆ Nbtstat is most commonly used with the following syntax to determine the Net- BIOS name of a machine: nbtstat –a X (where X is the machine’s IP address). OBJECTIVES ON THE JOB Nbtstat, netstat, and tracert/traceroute are included with the TCP/IP software provided with every modern operating system. Although many software developers have created updated versions of these utilities,they are so easy to use that many network administrators don’t bother with newer, modified versions. 208 NETWORK+ COURSEPREP 34384_CPEG_04 2/17/2005 17:3:45 Page 209 PRACTICE TEST QUESTIONS 1. Which of the following can reveal the time it takes a packet to reach a host? (Choose all that apply.) a. Telnet b. PING c. tracert d. netstat 2. Which of the following can reveal hackers connected to a TCP/IP host? a. PING b. Telnet c. tracert d. netstat 3. Which of the following can reveal the number of router hops a packet has taken on its way to a remote host? (Choose all that apply.) a. netstat b. PING c. tracert d. traceroute 4. If you are working on the help desk when a user calls and complains about slow connection times to a particular Web site, what utility would you recommend using to locate the performance problem? a. SNMP b. netstat c. nbtstat d. tracert 5. What parameter should be used with the nbtstat command when attempting to determine the Net- BIOS name of a machine whose IP address you know? a. -a b. -s c. -i d. -I 6. Suppose you are logged on to the Internet and have accessed the www.yahoo.com Web site. What utility would you use to determine which port on your machine is being used to connect to the Web site? a. nbtstat b. netstat c. Telnet d. tracert 7. The nbtstat utility can easily show whether an IP gateway to the Internet is down. True or False? NETWORK+ COURSEPREP 209 34384_CPEG_04 2/17/2005 17:3:45 Page 210 OBJECTIVES 4.1 Given a troubleshooting scenario, select the appropriate network utility from the following (continued): PING UNDERSTANDING THE OBJECTIVE The PING (Packet Internet Groper) utility is one of the most commonly used trouble- shooting tools. PING sends at least one packet to the specified host and waits for a response. If there is no response, you can assume that the device or its TCP/IP stack is not functioning properly.If there is a response, information about the packets’ return, such as the time it took the packets to reach the host, helps in discovering network performance problems. WHAT YOU REALLY NEED TO KNOW ◆ PING is a TCP/IP utility that uses the ICMP protocol to send at least one packet to a specified address and waits for a response. ◆ PING is a powerful troubleshooting tool. It is primarily used to help determine whether a node on a TCP/IP-based network is connected and responding. ◆ PING assigns a sequence number and time stamp to the UDP packets it sends. Thus, if the response from the device is positive, PING can also detect how long the packets took to return and whether any were damaged in transmission. This can be helpful in troubleshooting network performance problems. ◆ PING is often the first troubleshooting tool used when a client cannot communi- cate with a server or vice versa. ◆ The syntax of a simple PING command is ping X, where X is the IP address or host name of the device. If the host responds, the output contains the following message: reply from X: bytes=32 time=100 ms TTL=252, where X is the IP address or host name. The other numbers may vary. ◆ One of the first PING commands to try is ping 127.0.0.1. This IP address is reserved for the loopback address. Use this command to attempt to contact your own device’s TCP/IP stack. If this command results in a negative response, chances are your TCP/IP protocol is corrupted or improperly installed. ◆ If the loopback PING test results in a positive response, the next devices to ping include another local host, the default IP gateway, the DNS server, or other critical devices on the network. Pinging different devices can uncover a network bottleneck. OBJECTIVES ON THE JOB PING is perhaps the most useful and frequently used utility in the network technician’s trouble- shooting repertoire. In a situation in which a client cannot access a server, PING can help determine where the problem is occurring. In most cases, sufficient information about a downed node or bottleneck can be obtained from the simple PING command. However, in some cases, using one of the many PING parameters provides a necessary troubleshooting clue. 210 NETWORK+ COURSEPREP 34384_CPEG_04 2/23/2005 13:49:25 Page 211 PRACTICE TEST QUESTIONS 1. What TCP/IP protocol does PING use to request responses from devices? a. SNMP b. SMTP c. ICMP d. RARP 2. Which of the following is the loopback address in the IP version 4 addressing scheme? a. 100.100.100.100 b. 01.01.01.01 c. 122.0.0.7 d. 127.0.0.1 3. What does TTL stand for? a. Time to Live b. Time to Link c. Transfer Time Load d. Transfer Time Lost 4. Which of the following can a PING test indicate? (Choose all that apply.) a. what type of device is being contacted b. whether a packet has been corrupted in transit c. how many routers a packet has to traverse on its way to a host d. how long it takes for a packet to reach a host 5. In a response to a PING command, which of the following might point to a network congestion problem? a. widely fluctuating TTL values b. excessive corrupted packets c. a host name listed as the responding node, rather than the IP address you typed d. a different host name than that listed in the original PING command 6. Suppose that a client on a private LAN is connected to the Internet but cannot reach the www.microsoft.com Web page. However, the client’s loopback PING test is positive, and the client can reach www.netscape.com. What should you ping next? a. the LAN’s gateway router b. the nearest core Internet gateway c. the ISP’s DNS server d. www.microsoft.com 7. On which Transport layer protocol does PING rely? a. TCP b. UDP c. ARP d. FTP NETWORK+ COURSEPREP 211 34384_CPEG_04 2/17/2005 17:3:45 Page 212 OBJECTIVES 4.1 Given a troubleshooting scenario, select the appropriate network utility from the following (continued): ARP AND NSLOOKUP /DIG UNDERSTANDING THE OBJECTIVE ARP (Address Resolution Protocol) can be used as a diagnostic utility to provide information about a computer’s ARP table. Nslookup and dig (domain information groper) provide information about a network’s DNS database. WHAT YOU REALLY NEED TO KNOW ◆ The ARP utility provides a way of manipulating and obtaining information from a device’s ARP table. It can be a valuable troubleshooting tool for discovering the identity of a machine whose IP address you know, or for solving the problem of two machines trying to use the same IP address. ◆ On a Windows system, typing the ARP command displays the proper syntax and list of switches available for this command. To return useful data, the ARP command requires at least one switch. For example, arp –a provides the entire ARP table for your host.