Net+ Chapter 1
Download
Report
Transcript Net+ Chapter 1
SYSTEM ADMINISTRATION
Chapter 19
Troubleshooting Network
Problems Using TCP/IP Utilities
Trace Route (Tracert)
• Trace Route (tracert) is a command-line diagnostic
utility that is used to determine the route a packet
uses to get to a destination.
• Tracert determines the route by sending Internet
Control Message Protocol (ICMP) packets to the
destination that you specify, either by IP address or
DNS name.
Using Tracert for Troubleshooting
• Use tracert to determine where packet traffic is
being stopped.
• Tracert can be used to show routers with
configuration problems or that are offline.
• It can also indicate that an incorrect IP address is
being used or that a specific network does not exist.
• It can also pinpoint bottlenecks in the network.
PING
• The PING utility is used to see if the TCP/IP protocol
is functioning correctly on a host computer and to
check connectivity between devices.
• Like tracert, PING uses the Internet Control
Message Protocol (ICMP) echo function to send a
packet through the network to another host. If there
is a good connection between the hosts, a good
return packet will be received.
• PING can also report the number of router hops
between the two computers and the amount of time
it takes for a packet to make the complete trip.
• You can PING a host by DNS name or IP address.
Using PING for Troubleshooting
• PING can be used to test a local host or a connection to
•
•
•
•
another host.
Always begin by PINGing the local computer, that is, the
computer you are currently using. You can PING the actual
machine IP address, or PING the machine using the local
loopback address of 127.0.0.1.
Once you determine that the local machine’s IP address is
functioning correctly, PING your default gateway. This will
determine whether or not you have connectivity across
your side of the network.
Once you can successfully PING the default gateway,
PING a host on the far side of the router. For example, you
may choose to PING a host on another network segment
within your own company or a popular Web site.
PING can also be used to test name resolution services
Address Resolution Protocol
(ARP)/Reverse Address
Resolution Protocol (RARP)
• Address Resolution Protocol (ARP) is used to
resolve an IP address to the MAC or physical
address of a machine.
• Reverse Address Resolution Protocol (RARP) does
just the opposite, resolving a MAC address to an IP
address.
(continued)
ARP/RARP
(continued)
• To understand how ARP works, follow this example.
Suppose Computer25, with an IP address of
200.200.200.25, wants to communicate with
Computer50, which is located on the same network, with
the IP address 200.200.200.50. It will follow these steps:
– The source computer (Computer25) begins by
checking its ARP cache to see if it already contains
the destination computer’s (Computer50) MAC
address.
– If it does not, Computer25 will send a broadcast
across the network. Included in this broadcast is the
destination computer’s IP address.
– All computers on the network will see the broadcast
and cross-reference the destination IP address with
entries in their ARP cache.
(continued)
ARP/RARP
(continued)
– If they do not have that address stored in their
cache, they will discard the message.
– If a computer receiving the broadcast finds the IP
address in its cache, that computer will add the IP
and MAC addresses of the sending computer
(Computer25) to its ARP cache and then send a
reply back to the sending computer. The reply will
contain the MAC address of Computer50.
– Computer25 will add the MAC address of
Computer50 to its own ARP cache. Once the
address is added, Computer25 can communicate
with Computer50.
Using ARP for Troubleshooting
• ARP is very useful in situations where more than
one host machine has the same IP address.
Netstat
• Netstat is used to display protocol statistics and
current TCP/IP network connections.
• Netstat can also be used to view all of the TCP/IP
connections in use by a host, whether they are
inbound or outbound.
Using Netstat for
Troubleshooting
• Netstat can be extremely useful when troubleshooting
network problems that you believe are protocol related.
For example, if users report that they cannot transfer
files from the corporate FTP server, at the server, type:
netstat –a. The results screen will disclose whether the
port for the FTP service is active. If it is not, you may
need to either restart the FTP service or the server.
• You may also use the netstat –r command to show the
routing table that is maintained on the local machine.
• Careful analysis of the routing table will disclose how
network traffic is being routed when it leaves the local
machine. This data could then be used to pinpoint
network configuration errors.
Nbtstat
• Nbtstat is used to display protocol statistics and
current TCP/IP connections using NBT (NetBIOS
over TCP/IP).
• It will also display current information stored in the
NetBIOS cache. Since almost all Microsoft networks
are NetBIOS based, nbtstat can be used in a variety
of troubleshooting situations.
Using Nbtstat for Troubleshooting
• With the “-r” switch, nbtstat can be used to
determine if a Windows Internet Name Service
(WINS) server is functioning correctly.
IP Configuration (IPCONFIG)
• The IP Configuration (IPCONFIG) utility is used to
display current IP configuration parameters for a
host computer running certain types of Windows
operating systems, such as Windows 98, Windows
NT, Windows 2000, and Windows XP.
Using IPCONFIG for
Troubleshooting
• Since the IPCONFIG utility shows all IP addressing
information for a particular host, it is a great way to
make sure that a host is configured correctly.
WINIPCFG
• WINIPCFG returns a graphical box containing IP
configuration information.
• You can then press buttons to release or renew
DHCP-assigned IP addressing information.
• WINIPCFG is the IP configuration utility found on
computers running the Windows 95 and 98
operating systems.
IFCONFIG
• The IFCONFIG utility is used to configure kernelresident network interfaces in a UNIX environment.
• Running IFCONFIG without any switches will display
the settings for all currently active network
interfaces.
Nslookup
• Nslookup is a program that allows you to directly
query a DNS server by host name or IP address.
Nslookup Modes of Operation
• Interactive mode allows the user to query name
servers for information about various hosts and
domains.
– Additionally, interactive mode allows you to
specify additional parameters when using
nslookup.
– Interactive mode is entered automatically when
no arguments are given.
– You will know you are using interactive mode by
looking at the command prompt.
(continued)
Nslookup Modes of Operation
(continued)
• Noninteractive or command-line mode
– Used to return just the name or other requested
information for a host or domain.
– When noninteractive mode is used, you supply
the name or Internet address of the host as an
argument.