Working complete PC with NIC
Connection to a network
Student Diskette, "New Boot A Ver 2.0+"
Student CD-ROM, "Room 6359"
The student will become familiar with the Windows 9x/2000 commandline networking utilities,
Learn how to use these utilities to test the system and the network environment.
Learn how to use these utilities to test the resources and services of the local system and the networking environment.
The student will understand the nature and function of the Windows commandline networking utilities and the related concepts including network components, protocols, services and clients and how to test these Windows networking components as well as the networking environment to which the local system is connected. The student will become familiar with all of the major commandline networking utilities and how to use them.
In order to perform the following procedures you must have a Windows 98 system in which the TCP/IP protocol suite has been loaded and is functioning properly. See Setting up a TCP/IP Peer-to-Peer Network for details. All tools listed here are standard components of the Microsoft TCP/IP protocol suite for Windows 9x/NT/2000 operating systems with the exception of Winipcfg.exe which is found only on Windows 9x family operating systems and not on Windows NT family (NT 4.0, 2000, XP) operating systems.
TCP/IP Troubleshooting Tools
WINIPCFG.EXE and IPCONFIG.EXE
To determine the local system's IP configuration without opening the Network Properties sheet (where accidental changes can wreck the network functionality of the system) open Start > Run and type in "winipcfg" (no quotes!) and press [Enter]. This will launch the program shown here which displays the system's IP configuration including the hardware adapter address also known as the MAC address, IP address, subnet mask, and default gateway. If any one of these is blank then the TCP/IP stack will probably malfunction. This is the easiest way to find these four pieces of information on a Windows 9x PC:
In a Windows NT family system there is no winipcfg.exe. So you will have to open a DOS box and type in this command to get this information:
Windows 98 IP Configuration
Host Name . . . . . . . . . : PC01
DNS Servers . . . . . . . . :
Node Type . . . . . . . . . : Broadcast
NetBIOS Scope ID. . . . . . :
IP Routing Enabled. . . . . : No
WINS Proxy Enabled. . . . . : No
NetBIOS Resolution Uses DNS : No
0 Ethernet adapter :
Description . . . . . . . . : 3COM 3C90X Ethernet Adapter
Physical Address. . . . . . : 00-03-FF-09-55-66
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 22.214.171.124
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 126.96.36.199
Primary WINS Server . . . . :
Secondary WINS Server . . . :
Lease Obtained. . . . . . . :
Lease Expires . . . . . . . :
On a Windows 2000 system the available switches are slightly different and as far as the Network+ is concerned the correct answer for determining the TCP/IP configuration and the MAC address of a Windows 98 machine is to use WINIPCFG. Here are the switches and options for using IPCONFIG on a Windows 2000 system:
Windows 2000 IP Configuration
|ipconfig||[/? | /all | /release [adapter] | /renew [adapter]|
|| /flushdns | /registerdns|
|| /showclassid adapter|
|| /setclassid adapter [classidtoset] ]|
|adapter||Full name or pattern with '*' and '?' to 'match',
* matches any character, ? matches one character.
|/?||Display this help message.|
|/all||Display full configuration information.|
|/release||Release the IP address for the specified adapter.|
|/renew||Renew the IP address for the specified adapter.|
|/flushdns||Purges the DNS Resolver cache.|
|/registerdns||Refreshes all DHCP leases and re-registers DNS names|
|/displaydns||Display the contents of the DNS Resolver Cache.|
|/showclassid||Displays all the dhcp class IDs allowed for adapter.|
|/setclassid||Modifies the dhcp class id.|
|> ipconfig||...||Show information.|
|> ipconfig /all||...||Show detailed information|
|> ipconfig /renew||...||renew all adapaters|
|> ipconfig /renew EL*||...||renew adapters named EL....|
|> ipconfig /release *ELINK?21*||...||release all matching adapters,
eg. ELINK-21, myELELINKi21adapter.
Ipconfig.exe can be used to manually force a request for a new IP address from a DHCP server with the "/renew_all" switch. This is useful when testing a DHCP server. On multihomed (more than one NIC) the adapter name can be specified so that only the specified adapter will attempt a DHCP renewal from the DHCP server. To determine the adapter name use IPCONFIG with no parameters:
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : kendall.mdcc.edu.
IP Address. . . . . . . . . . . . : 188.8.131.52
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 184.108.40.206
To renew this adapter by name would then be:
C:\>ipconfig /renew "Local Area Connection"
IPCONFIG can be used to collect DNS information and save it to a file like this:
C:\>ipconfig /displaydns >> dns.txt
Open the file dns.txt in notepad and the cached DNS entries for any host that the system has accessed recently will have entries listing the host name and the IP address. Here are some sample entries:
zf.akadns.net. ------------------------------------------------------ Record Name . . . . . : zf.akadns.net Record Type . . . . . : 1 Time To Live . . . . : 13326 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 220.127.116.11 localhost. ------------------------------------------------------ Record Name . . . . . : localhost Record Type . . . . . : 1 Time To Live . . . . : 31459653 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 127.0.0.1
By periodically taking these snapshots and appending them to the existing file (use the command above to do this) in the event that the system loses DNS services the name of the target can be found in the file and then the dot address can be used in the address bar of the browser. When Internet Explorer recognizes a dot address as the hostname of the address in the browser it will make the HTTP request directly to that host address without needing DNS resolution.
If the two systems are not communicating then you can try the first connectivity test: PING.EXE. Ping is another DOS executable that unpacks with the card drivers and the TCP/IP protocol drivers when they install. Ping uses the protocol ICMP to send an echo request to the target system. If name resolution has failed then using the friendly name will result in the error "Unknown Host name". Then try pinging the remote system by its IP address in standard "dot address" form. Here we are pinging the "other" system in the Windows 98 TCP/IP Peer-to-Peer Network tutorial:
Pinging 18.104.22.168 with 32 bytes of data:
Reply from 22.214.171.124: bytes=32 time=5ms TTL=128
Reply from 126.96.36.199: bytes=32 time<10ms TTL=128
Reply from 188.8.131.52: bytes=32 time<10ms TTL=128
Reply from 184.108.40.206: bytes=32 time<10ms TTL=128
Ping statistics for 220.127.116.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 5ms, Average = 1ms
To get the full help and syntax type PING with no parameters at the prompt:
|Usa||ge: p||ing||[-t] [-
|a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
nt] [-s count] [[-j host-list] | [-k host-list]]
|-t||Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
|-a||Resolve addresses to hostnames.|
|-n count||Number of echo requests to send.|
|-l size||Send buffer size.|
|-f||Set Don't Fragment flag in packet.|
|-i TTL||Time To Live.|
|-v TOS||Type Of Service.|
|-r count||Record route for count hops.|
|-s count||Timestamp for count hops.|
|-j host-list||Loose source route along host-list.|
|-k host-list||Strict source route along host-list.|
|-w timeout||Timeout in milliseconds to wait for each reply.|
You can test routers using PING by specifying the exact route that the PING should follow especially if the routers have more than one path to forward the packets through. To specify that you want to ping host 18.104.22.168 by going from the localhost to the router 22.214.171.124 then router 126.96.36.199 then router 188.8.131.52 enter the command like this:
C:\>ping -j 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124
This command will display information concerning NBT. In this example we are using the main system in which the work was done in the setting up a TCP/IP network tutorial. This system is displaying the local NetBIOS registered names list and the last entry indicates that it is the active Master Browser (see Controlling Master Browser Elections):
Node IpAddress: [126.96.36.199] Scope Id: 
NetBIOS Local Name Table
Name Type Status
PC01 <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
PC01 <03> UNIQUE Registered
PC01 <20> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
STUDENT <03> UNIQUE Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
The next tool is somewhat more sophisticated and displays various TCP/IP protocol statistics and configuration information: NETSTAT.EXE. Here we see it displaying all active TCP and UDP ports, followed by the usage that displays low level Ethernet statistics for the card followed by the usage that displays the current active routing table:
|Proto||Local Address||Foreign Address||State|
|Network Address||Netmask||Gateway Address||Interface||Metric|
The Ethernet statistics information can be used to detect if abnormal or non-TCP/IP packets are being delivered to this system. This could indicate a malfunctioning network device like a NIC, hub, switch or router, or an attempted attack on the system including a networking worm or virus (poorly written, of course).
The current active routing table can become a very significant usage when Configuring Windows 2000 to be a router.
The next tool is used to check the ARP protocol activity on the system: ARP.EXE. If the ARP cache is empty even though there are attempts to contact another system, then this subsystem may be malfunctioning. Without it working the system has no way of knowing what physical NIC to transmit a packet to based solely on a destination IP address:
Interface: 169.254.66.60 on Interface 0x3000003
|Internet Address||Physical Address||Type|
To make this address permanent for the session enter the command like this (you could also create a batch file to do this and other activities):
C:\WINDOWS>arp -s 169.254.105.254 00-10-5a-05-93-3e
Run "ARP -a" again and you will see that the entry type is now "static" which means it will not evaporate after a period of time in which accesses to that NIC are not made. This cuts down on ARP broadcasts on the LAN. Once the ARP table is known (all NIC's MAC addresses that all systems in the network will attempt to access) a batch file can be written that will set up a static ARP table at logon that will greatly improve "LAN on demand" performance since the system will not have to initiate ARP broadcasts to determine the physical MAC address of seldomly or sporadically used network resources.
This valuable tool will display all hosts that handle a packet from the originator to the destination address. It will basically display all routers along the way. Here is a sample tracert on the Windows 2000 Professional Router setup in the classroom:
C:\WINDOWS>tracert 188.8.131.52 Tracing route to PC01 [184.108.40.206] over a maximum of 30 hops: 1 1 ms <10 ms 1 ms ROUTER1 [220.127.116.11] 2 <10 ms <10 ms <10 ms ROUTER2 [18.104.22.168] 3 <10 ms <10 ms 1 ms PC01 [22.214.171.124] Trace complete. C:\WINDOWS>_
This tool will display all locally mapped routes that the TCP/IP stack will recognize and how they will be handled. This is a good indicator of whether a packet intended for a foreign network is going to be properly forwarded to the default gateway on the local segment. To display the local machine routing tables use "ROUTE PRINT" The command can also be used to delete an incorrect table entry or to add a correct table entry:
C:\>route /? Manipulates network routing tables. ROUTE [-f] [-p] [command [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface] -f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command. -p When used with the ADD command, makes a route persistent acro boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes. This option is not supported in Windows 95. command One of these: PRINT Prints a route ADD Adds a route DELETE Deletes a route CHANGE Modifies an existing route destination Specifies the host. MASK Specifies that the next parameter is the 'netmask' value. netmask Specifies a subnet mask value for this route entry. If not specified, it defaults to 255.255.255.255. gateway Specifies gateway. interface the interface number for the specified route. METRIC specifies the metric, ie. cost for the destination. All symbolic names used for destination are looked up in the network databas file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS. If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard is specified as a star '*'), or the gateway argument may be omitte If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*. Diagnostic Notes: Invalid MASK generates an error, that is when (DEST & MASK) != DEST. Example> route ADD 126.96.36.199 MASK 188.8.131.52 184.108.40.206 IF 1 The route addition failed: The specified mask parameter is inva (Destination & Mask) != Destination. Examples: > route PRINT > route ADD 220.127.116.11 MASK 255.0.0.0 18.104.22.168 METRIC 3 IF 2 destination^ ^mask ^gateway metric^ ^ Interface^ If IF is not given, it tries to find the best interface for a given gateway. > route PRINT > route PRINT 157* .... Only prints those matching 157* > route CHANGE 22.214.171.124 MASK 255.0.0.0 126.96.36.199 METRIC 2 IF 2 CHANGE is used to modify gateway and/or metric only. > route PRINT > route DELETE 188.8.131.52 > route PRINT C:\>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x10003 ...00 60 97 99 96 c2 ...... 3Com 3C905TX-based Ethernet Adapter (Generic ) - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 184.108.40.206 220.127.116.11 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 18.104.22.168 255.255.255.0 22.214.171.124 126.96.36.199 20 188.8.131.52 255.255.255.255 127.0.0.1 127.0.0.1 20 184.108.40.206 255.255.255.255 220.127.116.11 18.104.22.168 20 22.214.171.124 240.0.0.0 126.96.36.199 188.8.131.52 20 255.255.255.255 255.255.255.255 184.108.40.206 220.127.116.11 1 Default Gateway: 18.104.22.168 =========================================================================== Persistent Routes: None C:\>_
Copyrightę2000-2008 Brian Robinson ALL RIGHTS RESERVED