|
Overview
Many network troubleshooting tools are available for Windows and Linux.
Most of the following tools included in both products.
The list is organized for bottom up troubleshooting.
ipconfig
ipconfig is a command-line utility that prints out the
TCP/IP-related configuration of a host. When used with the -all
switch, it produces a detailed configuration report for all interfaces,
including any configured serial ports (RAS). Output can be redirected to a
file and pasted into other documents:
>ipconfig -all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : tsambar-pc
Primary DNS Suffix . . . . . . . : resumix.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : resumix.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : resumix.com
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)
Physical Address. . . . . . . . . : 00-10-5A-E8-09-EC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 199.171.160.236
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 199.171.160.1
DHCP Server . . . . . . . . . . . : 199.171.160.43
DNS Servers . . . . . . . . . . . : 199.171.160.3
199.171.160.4
206.52.125.102
Primary WINS Server . . . . . . . : 199.171.160.43
Secondary WINS Server . . . . . . : 206.52.125.102
Lease Obtained. . . . . . . . . . : Friday, April 14, 2000 9:17:25 AM
Lease Expires . . . . . . . . . . : Friday, April 14, 2000 10:17:25 AM
ping
ping is a tool that helps to verify IP-level reachability. The
ping command can be used to send an ICMP echo request to a target
name or IP address. First, ping the IP address of the target host to see
if it responds because this is the simplest test. If that succeeds, try
pinging the name. ping uses sockets-style name resolution
to resolve the name to an address; therefore, if pinging by address
succeeds but pinging by name fails, the problem lies in name resolution,
not network connectivity.
Type ping -? to see what command-line options are available.
ping allows you to specify the size of packets to use, how many to
send, whether to record the route used, what TTL value to use, and whether
to set the don't fragment flag. See the PMTU discovery section of
this document for details on using ping to manually determine the PMTU
between two computers.
The following example illustrates how to send two pings, each 1450
bytes in size, to address 10.99.99.2:
>ping -n 2 -l 1450 10.99.99.2
Pinging 10.99.99.2 with 1450 bytes of data:
Reply from 10.99.99.2: bytes=1450 time<10ms TTL=32
Reply from 10.99.99.2: bytes=1450 time<10ms TTL=32
Ping statistics for 10.99.99.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
By default, ping waits one second for each response to be
returned before timing out. If the remote system being pinged is across a
high-delay link, such as a satellite link, responses could take longer to
be returned. The -w (wait) switch can be used to specify a longer
time-out. Computers using IPSec may require several seconds to set up a
security association before they respond to a ping.
arp
The arp command is useful for viewing the ARP cache. If two
hosts on the same subnet cannot ping each other successfully, try running
the arp -a command on each computer to see if the computers have
the correct MAC addresses listed for each other. Use ipconfig to
determine a host's media access control address. If another host with a
duplicate IP address exists on the network, the ARP cache may have had the
media access control address for the other computer placed in it. Use
arp -d to delete an entry that may be incorrect. Add entries by
using arp -s.
tracert
tracert is a route-tracing utility. tracert uses the IP
TTL field and ICMP error messages to determine the route from one host to
another through a network. Sample output from the tracert command
is shown in the ICMP section of this document.
route
route is used to view or modify the route table.
route print displays a list of current routes known by IP for the host.
Sample output is shown in the IP section of this document. Note that in
Windows 2000 the current active default gateway is shown at the end of the
list of routes. route add adds routes to the table.
route delete removes routes from the table.
Routes added to the table are not made persistent unless the -p
switch is specified. Nonpersistent routes last only until the computer is
rebooted.
For two hosts to exchange IP datagrams, they must both have a route to
each other, or they must use a default gateway that knows of a route.
Normally, routers exchange information with each other by using a protocol
such as Routing Information Protocol (RIP) or Open Shortest Path First
(OSPF).
netstat
netstat displays protocol statistics and current TCP/IP connections.
netstat -a displays all connections, and netstat -r displays
the route table and any active connections. The -n switch tells
netstat not to convert addresses and port numbers to names, which
speeds up execution. The -e switch displays Ethernet statistics and
may be combined with the -s switch, which shows protocol statistics.
Sample output is shown here:
>netstat -e
Interface statistics
Received Sent
Bytes 940187926 231716679
Unicast packets 1287420 1253757
Non-unicast packets 2461744 17411
Discards 0 0
Errors 0 0
Unknown protocols 1690488
>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1046 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1050 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1381 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1421 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1425 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1581 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
TCP 199.171.160.236:139 0.0.0.0:0 LISTENING
TCP 199.171.160.236:1233 0.0.0.0:0 LISTENING
TCP 199.171.160.236:1421 199.171.160.231:1051 ESTABLISHED
TCP 199.171.160.236:1425 199.171.160.231:1066 ESTABLISHED
TCP 199.171.160.236:1515 0.0.0.0:0 LISTENING
TCP 199.171.160.236:1581 199.171.160.82:35062 ESTABLISHED
TCP 199.171.160.236:2343 0.0.0.0:0 LISTENING
TCP 199.171.160.236:3752 0.0.0.0:0 LISTENING
TCP 199.171.160.236:4702 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1422 *:*
UDP 0.0.0.0:1423 *:*
UDP 0.0.0.0:1429 *:*
UDP 0.0.0.0:1430 *:*
UDP 0.0.0.0:1580 *:*
UDP 0.0.0.0:1583 *:*
UDP 0.0.0.0:1761 *:*
UDP 0.0.0.0:1762 *:*
UDP 0.0.0.0:3456 *:*
UDP 127.0.0.1:1435 *:*
UDP 127.0.0.1:1776 *:*
UDP 199.171.160.236:137 *:*
UDP 199.171.160.236:138 *:*
>netstat -s
IP Statistics
Packets Received = 2678493
Received Header Errors = 0
Received Address Errors = 348
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 2678145
Output Requests = 1247644
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMP Statistics
Received Sent
Messages 689 1369
Errors 0 0
Destination Unreachable 1 121
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 191 1057
Echo Replies 497 191
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
TCP Statistics
Active Opens = 42138
Passive Opens = 9519
Failed Connection Attempts = 789
Reset Connections = 3962
Current Connections = 5
Segments Received = 1082406
Segments Sent = 1029196
Segments Retransmitted = 1503
UDP Statistics
Datagrams Received = 1423384
No Ports = 172164
Receive Errors = 0
Datagrams Sent = 214324
nslookup
nslookup is a useful tool for troubleshooting DNS problems,
such as host name resolution (Note: Not available on Windows 95/98).
When you start nslookup, it shows the host name and IP address
of the DNS server that is configured for the local system, and then
displays a command prompt. If you type a question mark (?),
nslookup shows the different commands that are available.
To look up the IP address of a host, using the DNS, type the host name
and press Enter. nslookup defaults to the DNS server that is
configured for the computer that it is running on, but you can focus it on
a different DNS server by typing server name (name is
the host name of the server that you want to use for future lookups).
When you use nslookup, you should be aware of the domain name
devolution method. If you type in just a host name and press Enter,
nslookup appends the domain suffix of the computer (such as
eng.resumix.com) to the host name before it queries the DNS. If the
name is not found, the domain suffix is devolved by one label (in this
case, eng is removed, and the suffix becomes resumix.com). Then the
query is repeated. If a fully qualified domain name is typed in (as
indicated by a trailing dot), the DNS server is only queried for that name
and no devolution is performed. To look up a host name that is completely
outside of your domain, you must type in a fully qualified name.
An especially useful troubleshooting feature is debug mode, which you
can invoke by typing set debug, or for even greater detail,
set d2. In debug mode, nslookup lists the steps being taken to
complete its commands, as shown in this example:
>nslookup
Default Server: internal-dns.resumix.com
Address: 199.171.160.3
> set d2
> subzero
Server: internal-dns.resumix.com
Address: 199.171.160.3
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
subzero.resumix.com, type = A, class = IN
------------
------------
Got answer (107 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 1, additional = 1
QUESTIONS:
subzero.resumix.com, type = A, class = IN
ANSWERS:
-> subzero.resumix.com
type = A, class = IN, dlen = 4
internet address = 199.171.160.42
ttl = 86400 (1 day)
AUTHORITY RECORDS:
-> resumix.com
type = NS, class = IN, dlen = 15
nameserver = internal-dns.resumix.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
-> internal-dns.resumix.com
type = A, class = IN, dlen = 4
internet address = 199.171.160.3
ttl = 86400 (1 day)
------------
Name: subzero.resumix.com
Address: 199.171.160.42
In this example, set d2 was issued to set nslookup to
debug mode, then address look-up was used for the host name
subzero. The first two lines of output show the host name and IP
address of the DNS server to which the lookup was sent. As the next
paragraph shows, the domain suffix of the local machine
(resumix.com) was appended to the name subzero, and
nslookup submitted this question to the DNS server. The next
paragraph indicates that nslookup received an answer from the DNS.
The question is repeated in the response, along with the answer records.
|