Network Command-line utilities

This section covers:

Viewing configuration by using ipconfig /all

When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computer that is experiencing the problem. You can use the ipconfig command to get host computer configuration information, including the IP address, subnet mask, and default gateway.


When you use the ipconfig command with the /all option, a detailed configuration report is produced for all interfaces, including any configured serial ports. With ipconfig /all, you can redirect command output to a file and paste the output into other documents. You can also use this output to confirm the TCP/IP configuration of each computer on the network or to further investigate of TCP/IP network problems.

For example, if a computer is configured with an IP address that is a duplicate of an existing IP address, the subnet mask appears as

The following example shows the output of the ipconfig /all command on a computer that is configured to use the DHCP server for automatic TCP/IP configuration, and WINS and DNS servers for name resolution.

Windows 2000 IP Configuration

        Node Type . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . : No
        WINS Proxy Enabled. . . . . : No

Ethernet adapter Local Area Connection:

        Host Name . . . . . . . . . :
        DNS Servers . . . . . . . . :
        Description . . . . . . . . : 3Com 3C90x Ethernet Adapter
        Physical Address. . . . . . : 00-60-08-3E-46-07
        DHCP Enabled. . . . . . . . : Yes
        Autoconfiguration Enabled . : Yes
        IP Address. . . . . . . . . :
        Subnet Mask . . . . . . . . :
        Default Gateway . . . . . . :
        DHCP Server . . . . . . . . :
        Primary WINS Server . . . . :
        Secondary WINS Server . . . :
        Lease Obtained. . . . . . . : Wednesday, September 02, 1998 10:32:13 AM
        Lease Expires . . . . . . . : Friday, September 18, 1998 10:32:13 AM

If no problems appear in the TCP/IP configuration, the next step is testing the ability to connect to other host computers on the TCP/IP network.

Refreshing configuration by using ipconfig /renew

When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computer that is experiencing the problem. If the computer is DHCP-enabled and is using a DHCP server to obtain configuration, you can initiate a refresh of the lease by using the ipconfig /renew command.

When you use ipconfig /renew, all network adapters on the computer that uses DHCP (except those that are manually configured) try to contact a DHCP server and renew their existing configuration or obtain a new configuration.

You can also use the ipconfig command with the /release option to immediately release the current DHCP configuration for a host.


Managing DNS and DHCP class IDs by using ipconfig

You can also use the ipconfig command to:

Testing connections by using ping

The ping command helps to verify IP-level connectivity. When troubleshooting, you can use ping to send an ICMP echo request to a target host name or IP address. Use ping whenever you need to verify that a host computer can connect to the TCP/IP network and network resources. You can also use ping to isolate network hardware problems and incompatible configurations.

It is usually best to verify that a route exists between the local computer and a network host by first using the ping command and the IP address of the network host to which you want to connect. Try pinging the IP address of the target host to see if it responds, as follows:

ping IP_address

You should perform the following steps when using ping:

  1. Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer.


  2. Ping the IP address of the local computer to verify that it was added to the network correctly.

    ping IP_address_of_local_host

  3. Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network.

    ping IP_address_of_default_gateway

  4. Ping the IP address of a remote host to verify that you can communicate through a router.

    ping IP_address_of_remote_host

The ping command uses Windows Socketsstyle name resolution to resolve a computer name to an IP address, so if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, not network connectivity.

If you cannot use ping successfully at any point, confirm that:

You can use different options with the ping command to specify the size of packets to use, how many packets to send, whether to record the route used, what Time-to-Live (TTL) value to use, and whether to set the "don't fragment" flag. You can type ping ? to see these options.

The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address

C:\>ping -n 2 -l 1450
Pinging with 1450 bytes of data:

Reply from bytes=1450 time<10ms TTL=32
Reply from bytes=1450 time<10ms TTL=32

Ping statistics for
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milli-seconds:
    Minimum = 0ms, Maximum =  10ms, Average =  2ms

By default, ping waits 1,000 ms (1 second) for each response to be returned before displaying the "Request Timed Out" message. If the remote system being pinged is across a high-delay link, such as a satellite link, responses may take longer to be returned. You can use the w (wait) option to specify a longer time-out.

Troubleshooting hardware addresses by using arp

The Address Resolution Protocol (ARP) allows a host to find the media access control address of a host on the same physical network, given the IP address of the host. To make ARP efficient, each computer caches IPtomedia access control address mappings to eliminate repetitive ARP broadcast requests.

You can use the arp command to view and modify the ARP table entries on the local computer. The arp command is useful for viewing the ARP cache and resolving address resolution problems.

Troubleshooting NetBIOS names by using nbtstat

NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. TCP/IP provides many options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, DNS server query, and Lmhosts and Hosts file lookup.

Nbtstat is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat command to remove or correct preloaded entries:

Displaying connection statistics by using netstat

You can use the netstat command to display protocol statistics and current TCP/IP connections. The netstat a command displays all connections, and netstat r displays the route table plus active connections. The netstat e command displays Ethernet statistics, and netstat s displays per-protocol statistics. If you use netstat n, addresses and port numbers are not converted to names. The following shows sample output for netstat:

C:\>netstat -e
Interface Statistics

                       Received      Sent
Bytes                  3995837940    47224622
Unicast packets        120099        131015
Non-unicast packets    7579544       3823
Discards               0             0
Errors                 0             0
Unknown protocols      363054211

C:\>netstat -a

Active Connections

 Proto Local Address      Foreign Address       State
 TCP  myhost:1572   ESTABLISHED
 TCP  myhost:1589   ESTABLISHED
 TCP  myhost:1606  ESTABLISHED
 TCP  myhost:1632  ESTABLISHED
 TCP  myhost:1659  ESTABLISHED
 TCP  myhost:1714  ESTABLISHED
 TCP  myhost:1719  ESTABLISHED
 TCP  myhost:1241  ESTABLISHED
 UDP  myhost:1025       *:*
 UDP  myhost:snmp       *:*
 UDP  myhost:nbname     *:*
 UDP  myhost:nbdatagram *:*
 UDP  myhost:nbname     *:*
 UDP  myhost:nbdatagram *:*
C:\>netstat -s
IP Statistics

 Packets Received             = 5378528
 Received Header Errors       = 738854
 Received Address Errors      = 23150
 Datagrams Forwarded          = 0
 Unknown Protocols Received   = 0
 Received Packets Discarded   = 0
 Received Packets Delivered   = 4616524
 Output Requests              = 132702
 Routing Discards             = 157
 Discarded Output Packets     = 0
 Output Packet No Route       = 0
 Reassembly Required          = 0
 Reassembly Successful             = 0
 Reassembly Failures               = 0
 Datagrams Successfully Fragmented = 0
 Datagrams Failing Fragmentation   = 0
 Fragments Created                 = 0

ICMP Statistics
                          Received  Sent
 Messages                 693       4
 Errors                   0         0
 Destination Unreachable  685       0
 Time Exceeded            0         0
 Parameter Problems       0         0
 Source Quenches          0         0
 Redirects                0         0
 Echoes                   4         0
 Echo Replies             0         4
 Timestamps               0         0
 Timestamp Replies        0         0
 Address Masks            0         0
 Address Mask Replies     0         0

TCP Statistics

 Active Opens                 = 597
 Passive Opens                = 135
 Failed Connection Attempts   = 107
 Reset Connections            = 91
 Current Connections          = 8
 Segments Received            = 106770
 Segments Sent                = 118431
 Segments Retransmitted       = 461
UDP Statistics

 Datagrams Received   = 4157136
 No Ports             = 351928
 Receive Errors       = 2
 Datagrams Sent       = 13809

Tracing network connections by using tracert

Tracert (Trace Route) is a route-tracing utility that is used to determine the path that an IP datagram takes to reach a destination. The tracert command uses the IP Time-to-Live (TTL) field and ICMP error messages to determine the route from one host to another through a network.

How tracert works

The Tracert diagnostic utility determines the route taken to a destination by sending Internet Control Message Protocol (ICMP) echo packets with varying IP Time-to-Live (TTL) values to the destination. Each router along the path is required to decrement the TTL on a packet by at least 1 before forwarding it. When the TTL on a packet reaches 0, the router should send an "ICMP Time Exceeded" message back to the source computer.

Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the "ICMP Time Exceeded" messages sent back by intermediate routers. Some routers silently drop packets with expired TTLs and are invisible to the Tracert utility.

The tracert command prints out an ordered list of the near-side interface of the routers in the path that returned the "ICMP Time Exceeded" message. If the d option is used, the Tracert utility does not perform a DNS lookup on each IP address.

In the following example, the packet must travel through routers (,, and to get to host The default gateway of the host is and the IP address of the router on the network is

Tracing route to over a maximum of 30 hops:
  1     6 ms     2 ms     2 ms
  2     4 ms     3 ms     4 ms
  3    78 ms    78 ms    78 ms
  4    78 ms    78 ms    78 ms
  5   227 ms   163 ms    83 ms
Trace complete.

Troubleshooting with tracert

You can use the tracert command to determine where a packet stopped on the network. In the following example, the default gateway has determined that there is not a valid path for the host on There is probably a router configuration problem or the network does not exist (a bad IP address).

Tracing route to []
over a maximum of 30 hops:
  1     6 ms     2 ms     2 ms
  2     4 ms     3 ms     4 ms []
  3 [] reports: Destination net unreachable.
Trace complete.

The Tracert utility is useful for troubleshooting large networks where several paths can be taken to arrive at the same point.

Tracert command-line options

The tracert command supports several options, as shown in the following table.

tracert [d] [h maximum_hops] [j host-list] [w timeout] target_name

Option Description
d Specifies that IP addresses are not resolved to host names.
h maximum_hops Specifies the number of hops to allow in tracing a route to the host named in target_name.
j host-list Specifies the list of router interfaces in the path taken by the Tracert utility packets.
w timeout Waits the number of milliseconds specified by timeout for each reply.
target_name Name or IP address of the target host.

Testing routers by using pathping

The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.

Option Name Function
n Hostnames Does not resolve addresses to host names.
h Maximum hops Maximum number of hops to search for target.
g Host-list Loose source route along host list.
p Period Number of milliseconds to wait between pings.
q Num_queries Number of queries per hop.
w Time-out Waits this many milliseconds for each reply.
-T Layer 2 tag Attaches a layer-2 priority tag (for example, for IEEE 802.1p) to the packets and sends it to each of the network devices in the path. This helps in identifying the network devices that do not have layer-2 priority configured properly. The -T switch is used to test for Quality of Service (QoS) connectivity.
-R RSVP test Checks to determine whether each router in the path supports the Resource Reservation Protocol (RSVP), which allows the host computer to reserve a certain amount of bandwidth for a data stream. The -R switch is used to test for Quality of Service (QoS) connectivity.

The default number of hops is 30, and the default wait time before a time-out is 3 seconds. The default period is 250 milliseconds, and the default number of queries to each router along the path is 100.

The following is a typical pathping report. The compiled statistics that follow the hop list indicate packet loss at each individual router.


Tracing route to []
over a maximum of 30 hops:
  0 []
  2 []
  3 []
  4 []
  5 []

Computing statistics for 125 seconds...
         Source to Here  This Node/Link
Hop  RTT Lost/Sent = Pct Lost/Sent = Pct  Address
0                                []
                            0/ 100 =  0%   |
1   3ms     0/ 100 =  0%    0/ 100 =  0%
                            0/ 100 =  0%   |
2   4ms     0/ 100 =  0%    0/ 100 =  0% []
                           13/ 100 = 13%   |
3 140ms     0/ 100 =  0%    1/ 100 =  1% []
                            0/ 100 =  0%   |
4 126ms     0/ 100 =  0%    3/ 100 =  3% []
                            0/ 100 =  0%   |
5 155ms     0/ 100 =  0%    0/ 100 =  0% []
Trace complete.

When pathping is run, you first see the results for the route as it is tested for problems. This is the same path that is shown by the tracert command. The pathping command then displays a busy message for the next 125 seconds (this time varies by the hop count). During this time, pathping gathers information from all the routers previously listed and from the links between them. At the end of this period, it displays the test results.

The two rightmost columnsThis Node/Link Lost/Sent=Pct and Addresscontain the most useful information. The link between (hop 2), and (hop 3) is dropping 13 percent of the packets. All other links are working normally. The routers at hops 3 and 4 also drop packets addressed to them (as shown in the This Node/Link column), but this loss does not affect their forwarding path.

The loss rates displayed for the links (marked as a | in the rightmost column) indicate losses of packets being forwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by their IP addresses in the rightmost column) indicate that those routers' CPUs might be overloaded. These congested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software routers