IPCONFIG
In a world where it seems every computer is connected to a network, you’ll do a lot of network connection troubleshooting. The IPCONFIG command is one of the first ones you should use when troubleshooting why someone can’t get on the network. In fact, it’s often the first one I do use. The IPCONFIG command checks your computer’s IP configuration.
Figure 1.3 shows a sample output.
Table 1.4 lists useful switches for IPCONFIG.
FIGURE 1.3 IPCONFIG display
TABLE 1.4 IPCONFIG Switches
Switch Purpose
/ALL Shows full configuration information
/RELEASE Releases the IP address, if you are getting addresses from a Dynamic Host Configuration Protocol (DHCP) server
/RENEW Obtains a new IP address from a DHCP server
/FLUSHDNS Flushes the domain name server (DNS) name resolver cache
Running IPCONFIG can tell you a lot. For example, if the network cable is disconnected, it will tell you. Also, if your IP address is 0.0.0.0, you’re not going to connect to any network resources.
If you get an IP address from a DHCP server but are having connectivity problems, a common troubleshooting method is to release the IP address with IPCONFIG /RELEASE, and get a new one with IPCONFIG /RENEW.
-
More often than not, when you release and renew an IP address, you’ll get the same one you had before. This in itself isn’t a problem. The idea is that you basically “reset” your network card to try to get it working again.
PING
Another useful connectivity troubleshooting tool is PING, which stands for packet Internet groper. The PING command sends out four 32-byte packets to a destination and waits for a reply. Figure 1.1 shows a PING command.
FIGURE 1.1 Pinging www.yahoo.com
If you cannot make a connection to the remote host, you will get back the following:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
TABLE 1.2 PING Switches
Switch Purpose
-t Ping the specified host until stopped.To see statistics and continue - type Control-Br To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
Keep in mind that some Internet sites block pings as a precautionary security measure, so make sure to use a site that you know accepts them, if you’re using PING as a troubleshooting tool.
Along with IPCONFIG and PING, another handy connectivity troubleshooting
Command is TRACERT, or trace route. It traces the route between your computer and the destination computer, and can help determine where the breakdown is if you’re having connectivity problems.
Tracert
Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help.
tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName]
Table 1.6 lists the switches available for Tracert.
TABLE 1.6 Tracert Switches
Switch Purpose
-d
Prevents tracert from attempting to resolve the IP addresses of intermediate routers to their names. This can speed up the display of tracert results.
-h MaximumHops
Specifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops.
-j HostList
Specifies that Echo Request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces.
-w Timeout
Specifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo Reply message corresponding to a given Echo Request message to be received. If not received within the time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds).
TargetName
Specifies the destination, identified either by IP address or host name.
-?
Displays help at the command prompt.
Remarks
-
This diagnostic tool determines the path taken to a destination by sending ICMP Echo Request messages with varying Time to Live (TTL) values to the destination. Each router along the path is required to decrement the TTL in an IP packet by at least 1 before forwarding it. Effectively, the TTL is a maximum link counter. When the TTL on a packet reaches 0, the router is expected to return an ICMP Time Exceeded message to the source computer. Tracert determines the path by sending the first Echo Request message with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum number of hops is reached. The maximum number of hops is 30 by default and can be specified using the -h parameter. The path is determined by examining the ICMP Time Exceeded messages returned by intermediate routers and the Echo Reply message returned by the destination. However, some routers do not return Time Exceeded messages for packets with expired TTL values and are invisible to the tracert command. In this case, a row of asterisks (*) is displayed for that hop.
-
To trace a path and provide network latency and packet loss for each router and link in the path, use the pathping command.
-
This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network Connections.
Examples
To trace the path to the host named corp7.microsoft.com, type:
tracert corp7.microsoft.com
To trace the path to the host named corp7.microsoft.com and prevent the resolution of each IP address to its name, type:
tracert -d corp7.microsoft.com
To trace the path to the host named corp7.microsoft.com and use the loose source route 10.12.0.1-10.29.3.1-10.1.44.1, type:
tracert -j 10.12.0.1 10.29.3.1 10.1.44.1 corp7.microsoft.com
System File Checker - SFC
The System File Checker (SFC) is a command line–based utility that checks and verifies the versions of system files on your computer. If system files are corrupt, the SFC will replace the corrupt files with correct versions.
The syntax for the System File Checker is as follows:
SFC [switch]
Table 1.5 lists the switches available for SFC.
TABLE 1.5 SFC Switches
Switch Purpose
/CACHESIZE=X Sets the Windows File Protection cache size, in megabytes
/PURGECACHE Purges the Windows File Protection cache and scans all protected system files immediately
/REVERT Reverts SFC to its default operation
/SCANNOW Immediately scans all protected system files
To run the SFC, you must be logged in as an administrator or have administrative privileges.
If the System File Checker discovers a corrupt system file, it will automatically overwrite the file by using a copy held in the %systemroot%\system32\dllcache directory.
If you believe that the dllcache directory is corrupt, you can use SFC /SCANNOW, SFC /SCANONCE, or SFC /SCANBOOT, or SFC /PURGECACHE to repair its contents.
Nslookup
Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Before using this tool, you should be familiar with how DNS works. The Nslookup command-line tool is available only if you have installed the TCP/IP protocol.
Syntax
nslookup [-SubCommand ...] [{ComputerToFind| [-Server]}]
Parameters
-SubCommand ...
Specifies one or more nslookup subcommands as a command-line option. For a list of subcommands, see Related Topics.
ComputerToFind
Looks up information for ComputerToFind using the current default DNS name server, if no other server is specified. To look up a computer not in the current DNS domain, append a period to the name.
-Server
Specifies to use this server as the DNS name server. If you omit -Server, the default DNS name server is used.
{help|?}
Displays a short summary of nslookup subcommands.
Remarks
· If ComputerToFind is an IP address and the query is for an A or PTR resource record type, the name of the computer is returned. If ComputerToFind is a name and does not have a trailing period, the default DNS domain name is appended to the name. This behavior depends on the state of the following set subcommands: domain, srchlist, defname, and search.
· If you type a hyphen (-) instead of ComputerToFind, the command prompt changes to nslookup interactive mode.
· The command-line length must be less than 256 characters.
· Nslookup has two modes: interactive and noninteractive.
If you need to look up only a single piece of data, use noninteractive mode. For the first parameter, type the name or IP address of the computer that you want to look up. For the second parameter, type the name or IP address of a DNS name server. If you omit the second argument, nslookup uses the default DNS name server.
If you need to look up more than one piece of data, you can use interactive mode. Type a hyphen (-) for the first parameter and the name or IP address of a DNS name server for the second parameter. Or, omit both parameters and nslookup uses the default DNS name server. Following are some tips about working in interactive mode:
o To interrupt interactive commands at any time, press CTRL+B.
o To exit, type exit.
o To treat a built-in command as a computer name, precede it with the escape character (\).
o An unrecognized command is interpreted as a computer name.
· If the lookup request fails, nslookup prints an error message. The following table lists possible error messages.
|
Error message |
Description |
|
Timed out |
The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand. |
|
No response from server |
No DNS name server is running on the server computer. |
|
No records |
The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command. |
|
Nonexistent domain |
The computer or DNS domain name does not exist. |
|
Connection refused
-or-
Network is unreachable |
The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests. |
|
Server failure |
The DNS name server found an internal inconsistency in its database and could not return a valid answer. |
|
Refused |
The DNS name server refused to service the request. |
|
Format error |
The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup. |
· For more information about the nslookup command and DNS, see the following resources:
o Microsoft Windows Resource Kits Web site(http://www.microsoft.com/)
o Lee, T., Davies, J. 2000. Microsoft Windows 2000 TCP/IP Protocols and Services Technical Reference. Redmond, Washington: Microsoft Press.
o Albitz, P., Loukides, M. and C. Liu. 1998. DNS and BIND, Third Edition. Sebastopol, California: O'Reilly and Associates, Inc.
Examples
Each command-line option consists of a hyphen (-) followed immediately by the command name and, in some cases, an equal sign (=) and then a value. For example, to change the default query type to host (computer) information and the initial time-out to 10 seconds, type:
nslookup -querytype=hinfo -timeout=10
