Chapter Outline
Chapter 19: Troubleshooting Network Problems Using TCP/IP Utilities
1. On the Test a. 4.1: Given a troubleshooting scenario, select the appropriate TCP/IP utility from among the following:
Tracert; PING; ARP; Netstat; Nbtstat; IPCONFIG/IFCONFIG; Winipcfg; Nslookup. b. 4.7: Given output from a domestic utility (e.g., tracert, PING, OPCONFIG, etc.), identify the utility and interpret the output.
2. Trace Route (Tracert) a.
Traceroute (tracert) is a command-line diagnostic utility that is used to determine the route a packet uses to get to a destination. b.
Tracert determines the route by sending Internet Control Message Protocol (ICMP) packets to the destination that you specify, either by IP address or DNS name.
3. Using Tracert for Troubleshooting a.
Use tracert to determine where packet traffic is being stopped. b.
Tracert can be used to show routers with configuration problems or that are offline. c.
It can also indicate that an incorrect IP address is being used or that a specific network does not exist. d.
It can also pinpoint bottlenecks in the network.
4. PING a.
The PING utility is used to see if the TCP/IP protocol is functioning correctly on a host computer and to check connectivity between devices. b.
Like tracert, PING uses the Internet Control Message Protocol (ICMP) echo function to send a packet through the network to another host. If there is a good connection between the hosts, a good return packet will be received. c.
PING can also report the number of router hops between the two computers and the amount of time it takes for a packet to make the complete trip. d.
You can PING a host by DNS name or IP address. An example PING session is depicted in Figure 19.3.
5. Using PING for Troubleshooting a.
PING can be used to test a local host or a connection to another host. b.
Always begin by PINGing the local computer, that is, the computer you are currently using. You can
PING the actual machine IP address, or PING the machine using the local loopback address of
127.0.0.1. c.
Once you determine that the local machine’s IP address is functioning correctly, PING your default gateway. This will determine whether or not you have connectivity across your side of the network. d.
Once you can successfully PING the default gateway, PING a host on the far side of the router. For example, you may choose to PING a host on another network segment within your own company or a popular Web site e.
PING can also be used to test name resolution services
1

6. Address Resolution Protocol (ARP)/Reverse Address Resolution Protocol (RARP) a.
Address Resolution Protocol (ARP) is used to resolve an IP address to the MAC or physical address of a machine. b.
Reverse Address Resolution Protocol (RARP) does just the opposite, resolving a MAC address to an IP address.
7. Using ARP for Troubleshooting
ARP is very useful in situations in which more than one host machine has the same IP address.
8. Netstat a.
Netstat is used to display protocol statistics and current TCP/IP network connections. b.
Netstat can also be used to view all of the TCP/IP connections in use by a host, whether they are inbound or outbound.
9. Using Netstat for Troubleshooting a.
Netstat can be extremely useful when troubleshooting network problems that you believe are protocol related. For example, if users report that they cannot transfer files from the corporate FTP server, at the server, type netstat –a . The results screen will disclose whether the port for the FTP service is active. If it is not, you may need to restart either the FTP service or the server. b.
You may also use the netstat –r command to show the routing table that is maintained on the local machine (see Figure 19.9). c.
Careful analysis of the routing table will disclose how network traffic is being routed when it leaves the local machine. This data could then be used to pinpoint network configuration errors.
10. Nbtstat a.
Nbtstat is used to display protocol statistics and current TCP/IP connections using NBT (NetBIOS over
TCP/IP). b.
It will also display current information stored in the NetBIOS cache. Since almost all Microsoft networks are NetBIOS based, Nbtstat can be used in a variety of troubleshooting situations.
11. Using Nbtstat for Troubleshooting
With the -r switch, Nbtstat can be used to determine if a Windows Internet Name Service (WINS) server is functioning correctly.
12. IP Configuration (IPCONFIG)
The IP Configuration (IPCONFIG) utility is used to display current IP configuration parameters for a host computer running certain types of Windows operating systems, such as Windows 98, Windows NT,
Windows 2000, and Windows XP
13. Using IPCONFIG for Troubleshooting
Since the IPCONFIG utility shows all IP addressing information for a particular host, it is a great way to make sure that a host is configured correctly.
2

14. WINIPCFG a.
WINIPCFG returns a dialog box containing IP configuration information. b.
You can then press buttons to release or renew DHCP-assigned IP addressing information. c.
WINIPCFG is the IP configuration utility found on computers running the Windows 95 and 98 operating systems.
15. IFCONFIG a.
The IFCONFIG utility is used to configure kernel-resident network interfaces in a UNIX environment. b.
Running IFCONFIG without any switches will display the settings for all currently active network interfaces.
16. Nslookup
Nslookup is a program that allows you directly to query a DNS server by host name or IP address.
17. Nslookup Modes of Operation a.
Interactive mode i.
Interactive mode allows the user to query name servers for information about various hosts and domains. ii.
Additionally, interactive mode allows you to specify additional parameters when using Nslookup. iii.
Interactive mode is entered automatically when no arguments are given. iv.
You will know you are using interactive mode by looking at the command prompt. b.
Noninteractive or command-line mode i.
Used to return just the name or other requested information for a host or domain. ii.
Noninteractive mode is used to supply the name or Internet address of the host as an argument.
3