This section covers:
When you troubleshoot a TCP/IP networking problem, begin by checking the
When you use the ipconfig command with the /all option, a
detailed configuration report is produced for all interfaces, including any
configured serial ports. With ipconfig /all, you can redirect command
output to a file and paste the output into other documents. You can also use
this output to confirm the
For example, if a computer is configured with an IP address that is a duplicate of an existing IP address, the subnet mask appears as 0.0.0.0.
The following example shows the output of the ipconfig /all command on
a computer that is configured to use the DHCP server for automatic
Windows 2000 IP Configuration Node Type . . . . . . . . . : Hybrid IP Routing Enabled. . . . . : No WINS Proxy Enabled. . . . . : No Ethernet adapter Local Area Connection: Host Name . . . . . . . . . : host.tools4free.net DNS Servers . . . . . . . . : 10.1.0.200 Description . . . . . . . . : 3Com 3C90x Ethernet Adapter Physical Address. . . . . . : 00-60-08-3E-46-07 DHCP Enabled. . . . . . . . : Yes Autoconfiguration Enabled . : Yes IP Address. . . . . . . . . : 192.168.0.112 Subnet Mask . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . : 192.168.0.2 DHCP Server . . . . . . . . : 192.168.0.1 Primary WINS Server . . . . : 192.168.0.1 Secondary WINS Server . . . : 192.168.0.3 Lease Obtained. . . . . . . : Wednesday, September 02, 1998 10:32:13 AM Lease Expires . . . . . . . : Friday, September 18, 1998 10:32:13 AM
If no problems appear in the TCP/IP configuration, the next step is testing
the ability to connect to other host computers on the
When you troubleshoot a
When you use ipconfig /renew, all network adapters on the computer that uses DHCP (except those that are manually configured) try to contact a DHCP server and renew their existing configuration or obtain a new configuration.
You can also use the ipconfig command with the /release option to immediately release the current DHCP configuration for a host.
You can also use the ipconfig command to:
The ping command helps to verify IP-level connectivity. When
troubleshooting, you can use ping to send an ICMP echo request to a
target host name or IP address. Use ping whenever you need to verify that
a host computer can connect to the
It is usually best to verify that a route exists between the local computer and a network host by first using the ping command and the IP address of the network host to which you want to connect. Try pinging the IP address of the target host to see if it responds, as follows:
You should perform the following steps when using ping:
The ping command uses Windows Sockets–style name resolution to resolve a computer name to an IP address, so if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, not network connectivity.
If you cannot use ping successfully at any point, confirm that:
You can use different options with the ping command to specify the
size of packets to use, how many packets to send, whether to record the route
used, what Time-to-Live (TTL) value to use, and whether to set the "don't
fragment" flag. You can type ping
The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address 192.168.0.1:
C:\>ping -n 2 -l 1450 192.168.0.1 Pinging 192.168.0.1 with 1450 bytes of data: Reply from 192.168.0.1: bytes=1450 time<10ms TTL=32 Reply from 192.168.0.1: bytes=1450 time<10ms TTL=32 Ping statistics for 192.168.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate roundtrip times in milli-seconds: Minimum = 0ms, Maximum = 10ms, Average = 2ms
By default, ping waits 1,000 ms (1 second) for each response to be
returned before displaying the "Request Timed Out" message. If the remote system
being pinged is across a high-delay link, such as a satellite link, responses
may take longer to be returned. You can use the
The Address Resolution Protocol (ARP) allows a host to find the media access control address of a host on the same physical network, given the IP address of the host. To make ARP efficient, each computer caches IP–to–media access control address mappings to eliminate repetitive ARP broadcast requests.
You can use the arp command to view and modify the ARP table entries on the local computer. The arp command is useful for viewing the ARP cache and resolving address resolution problems.
NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.
Nbtstat is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat command to remove or correct preloaded entries:
NetBIOS connection table Local name State In/out Remote Host Input Output ------------------------------------------------------------------ CORP1 <00> Connected Out CORPSUP1<20> 6MB 5MB CORP1 <00> Connected Out CORPPRINT<20> 108KB 116KB CORP1 <00> Connected Out CORPSRC1<20> 299KB 19KB CORP1 <00> Connected Out CORPEMAIL1<20> 324KB 19KB CORP1 <03> Listening
You can use the netstat command to display protocol statistics and
C:\>netstat -e Interface Statistics Received Sent Bytes 3995837940 47224622 Unicast packets 120099 131015 Non-unicast packets 7579544 3823 Discards 0 0 Errors 0 0 Unknown protocols 363054211 C:\>netstat -a Active Connections Proto Local Address Foreign Address State TCP myhost:1572 192.168.0.2:nbsession ESTABLISHED TCP myhost:1589 192.168.0.2:nbsession ESTABLISHED TCP myhost:1606 192.168.0.10:nbsession ESTABLISHED TCP myhost:1632 192.168.0.11:nbsession ESTABLISHED TCP myhost:1659 192.168.0.12:nbsession ESTABLISHED TCP myhost:1714 192.168.0.13:nbsession ESTABLISHED TCP myhost:1719 192.168.0.14:nbsession ESTABLISHED TCP myhost:1241 192.168.0.15:nbsession ESTABLISHED UDP myhost:1025 *:* UDP myhost:snmp *:* UDP myhost:nbname *:* UDP myhost:nbdatagram *:* UDP myhost:nbname *:* UDP myhost:nbdatagram *:*
C:\>netstat -s IP Statistics Packets Received = 5378528 Received Header Errors = 738854 Received Address Errors = 23150 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 4616524 Output Requests = 132702 Routing Discards = 157 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMP Statistics Received Sent Messages 693 4 Errors 0 0 Destination Unreachable 685 0 Time Exceeded 0 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echoes 4 0 Echo Replies 0 4 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics Active Opens = 597 Passive Opens = 135 Failed Connection Attempts = 107 Reset Connections = 91 Current Connections = 8 Segments Received = 106770 Segments Sent = 118431 Segments Retransmitted = 461 UDP Statistics Datagrams Received = 4157136 No Ports = 351928 Receive Errors = 2 Datagrams Sent = 13809
Tracert (Trace Route) is a route-tracing utility that is used to determine the path that an IP datagram takes to reach a destination. The tracert command uses the IP Time-to-Live (TTL) field and ICMP error messages to determine the route from one host to another through a network.
The Tracert diagnostic utility determines the route taken to a destination by sending Internet Control Message Protocol (ICMP) echo packets with varying IP Time-to-Live (TTL) values to the destination. Each router along the path is required to decrement the TTL on a packet by at least 1 before forwarding it. When the TTL on a packet reaches 0, the router should send an "ICMP Time Exceeded" message back to the source computer.
Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the "ICMP Time Exceeded" messages sent back by intermediate routers. Some routers silently drop packets with expired TTLs and are invisible to the Tracert utility.
The tracert command prints out an ordered list of the near-side
interface of the routers in the path that returned the "ICMP Time Exceeded"
message. If the
In the following example, the packet must travel through routers (192.168.0.2, 22.214.171.124, 126.96.36.199 and 188.8.131.52) to get to host 184.108.40.206. The default gateway of the host is 192.168.0.2 and the IP address of the router on the 192.168.0.0 network is 192.168.0.2.
C:\>tracert 220.127.116.11 Tracing route to 18.104.22.168 over a maximum of 30 hops: 1 6 ms 2 ms 2 ms 192.168.0.2 2 4 ms 3 ms 4 ms 22.214.171.124 3 78 ms 78 ms 78 ms 126.96.36.199 4 78 ms 78 ms 78 ms 188.8.131.52 5 227 ms 163 ms 83 ms 184.108.40.206 Trace complete.
You can use the tracert command to determine where a packet stopped on the network. In the following example, the default gateway has determined that there is not a valid path for the host on 192.168.10.99. There is probably a router configuration problem or the 192.168.10.0 network does not exist (a bad IP address).
C:\>tracert www.tools4free.net Tracing route to www.tools4free.net [220.127.116.11] over a maximum of 30 hops: 1 6 ms 2 ms 2 ms 192.168.0.2 2 4 ms 3 ms 4 ms gw.tools4free.net [18.104.22.168] 3 tpu-gw1.tools4free.net [22.214.171.124] reports: Destination net unreachable. Trace complete.
The Tracert utility is useful for troubleshooting large networks where several paths can be taken to arrive at the same point.
The tracert command supports several options, as shown in the following table.
|–d||Specifies that IP addresses are not resolved to host names.|
|–h maximum_hops||Specifies the number of hops to allow in tracing a route to the host named in target_name.|
|–j host-list||Specifies the list of router interfaces in the path taken by the Tracert utility packets.|
|–w timeout||Waits the number of milliseconds specified by timeout for each reply.|
|target_name||Name or IP address of the target host.|
The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.
|–n||Hostnames||Does not resolve addresses to host names.|
|–h||Maximum hops||Maximum number of hops to search for target.|
|–g||Host-list||Loose source route along host list.|
|–p||Period||Number of milliseconds to wait between pings.|
|–q||Num_queries||Number of queries per hop.|
|–w||Time-out||Waits this many milliseconds for each reply.|
|-T||Layer 2 tag||Attaches a layer-2 priority tag (for example, for IEEE 802.1p) to the packets and sends it to each of the network devices in the path. This helps in identifying the network devices that do not have layer-2 priority configured properly. The -T switch is used to test for Quality of Service (QoS) connectivity.|
|-R||RSVP test||Checks to determine whether each router in the path supports the Resource Reservation Protocol (RSVP), which allows the host computer to reserve a certain amount of bandwidth for a data stream. The -R switch is used to test for Quality of Service (QoS) connectivity.|
The default number of hops is 30, and the default wait time before a time-out is 3 seconds. The default period is 250 milliseconds, and the default number of queries to each router along the path is 100.
The following is a typical pathping report. The compiled statistics that follow the hop list indicate packet loss at each individual router.
D:\>pathping www.tools4free.net Tracing route to www.tools4free.net [126.96.36.199] over a maximum of 30 hops: 0 hoge.tools4free.net [192.168.0.24] 1 192.168.0.2 2 gw-dit.tools4free.net [188.8.131.52] 3 tpu-gw1.tools4free.net [184.108.40.206] 4 e0-0.tpu-br2.tools4free.net [220.127.116.11] 5 w3ext.tools4free.net [18.104.22.168] Computing statistics for 125 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 hoge.tools4free.net [192.168.0.24] 0/ 100 = 0% | 1 3ms 0/ 100 = 0% 0/ 100 = 0% 192.168.0.2 0/ 100 = 0% | 2 4ms 0/ 100 = 0% 0/ 100 = 0% gw-dit.tools4free.net [22.214.171.124] 13/ 100 = 13% | 3 140ms 0/ 100 = 0% 1/ 100 = 1% tpu-gw1.tools4free.net [126.96.36.199] 0/ 100 = 0% | 4 126ms 0/ 100 = 0% 3/ 100 = 3% e0-0.tpu-br2.tools4free.net [188.8.131.52] 0/ 100 = 0% | 5 155ms 0/ 100 = 0% 0/ 100 = 0% aw3ext.tools4free.net [184.108.40.206] Trace complete.
When pathping is run, you first see the results for the route as it is tested for problems. This is the same path that is shown by the tracert command. The pathping command then displays a busy message for the next 125 seconds (this time varies by the hop count). During this time, pathping gathers information from all the routers previously listed and from the links between them. At the end of this period, it displays the test results.
The two rightmost columns—This Node/Link Lost/Sent=Pct and Address—contain the most useful information. The link between gw-dit.tools4free.net (hop 2), and tpu-gw1.tools4free.net (hop 3) is dropping 13 percent of the packets. All other links are working normally. The routers at hops 3 and 4 also drop packets addressed to them (as shown in the This Node/Link column), but this loss does not affect their forwarding path.
The loss rates displayed for the links (marked as a | in the rightmost column) indicate losses of packets being forwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by their IP addresses in the rightmost column) indicate that those routers' CPUs might be overloaded. These congested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software routers