Although ping is the most commonly used network troubleshooting command, other useful commands are available on Windows devices.
The ping command can verify end-to-end connectivity. However, if a problem exists and the device cannot ping the destination, the ping command does not indicate where the connection was really dropped. To find this dropped connection, you must use another command known as traceroute or tracert. Microsoft Windows uses the tracert command, whereas other operating systems commonly use the traceroute command.
The tracert utility provides connectivity information about the path a packet takes to reach the destination and about every router (hop) along the way. It also indicates how long a packet takes to get from the source to each hop and back (round-trip time). The tracert utility can help identify where a packet may have been lost or delayed due to bottlenecks or slowdowns in the network.
In Example 20-6, the user traces the path to Cisco. The path is unique to this user. Your path will have a different listing of hops and may be shorter or longer (number of hops).
Example 20-6 Tracing a Route to Cisco
C:\>
tracert www.cisco.com
Tracing route to e2867.dsca.someispedge.net [104.95.63.78]
over a maximum of 30 hops:
1 1 ms 1 ms <1 ms 10.10.10.1
2 * * * Request timed out.
3 8 ms 8 ms 8 ms 24-155-250-94.dyn.yourisp.net [172.30.250.94]
4 22 ms 23 ms 23 ms 24-155-121-218.static.yourisp.net
[172.30.121.218]
5 23 ms 24 ms 25 ms dls-b22-link.anotherisp.net [64.0.70.170]
6 25 ms 24 ms 25 ms dls-b23-link.anotherisp.net [192.168.137.106]
7 24 ms 23 ms 21 ms someisp-ic-341035-dls-b1.c.anotherisp.net
[192.168.169.47]
8 25 ms 24 ms 23 ms ae3.databank-dfw5.netarch.someisp.com
[10.250.230.195]
9 25 ms 24 ms 24 ms a104-95-63-78.deploy.static.someisptechnologies.
com [104.95.63.78]
Trace complete.
C:\>
Note
In the output of Example 20-6, notice that the second hop failed. The reason is most likely due to a firewall configuration on that device that does not permit responding packets from the tracert command. However, the device does forward the packets to the next hop.
The basic tracert command allows only up to 30 hops between a source and destination device before it assumes that the destination is unreachable. This number can be adjusted by using the -h parameter. Other modifiers, displayed as options in Example 20-7, are also available.
Example 20-7 The Options for the tracert Command
C:\>
tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout]
[-R] [-S srcaddr] [-4] [-6] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list (IPv4-only).
-w timeout Wait timeout milliseconds for each reply.
-R Trace round-trip path (IPv6-only).
-S srcaddr Source address to use (IPv6-only).
-4 Force using IPv4.
-6 Force using IPv6.
C:\>
The netstat Command (20.3.9)
Sometimes you need to know which active TCP connections are open and running on a networked host. The netstat command is an important network utility that you can use to verify those connections. As shown in Example 20-8, the netstat command lists the protocol in use, the local address and port number, the foreign address and port number, and the state of the connection.
Example 20-8 The netstat Command
C:\>
netstat
Active Connections
Proto Local Address Foreign Address State
TCP 10.10.10.130:58520 dfw28s01-in-f14:https ESTABLISHED
TCP 10.10.10.130:58522 dfw25s25-in-f14:https ESTABLISHED
TCP 10.10.10.130:58523 dfw25s25-in-f14:https ESTABLISHED
TCP 10.10.10.130:58525 ec2-3-13-132-189:https ESTABLISHED
TCP 10.10.10.130:58579 203.104.160.12:https ESTABLISHED
TCP 10.10.10.130:58580 104.16.249.249:https ESTABLISHED
TCP 10.10.10.130:58624 52.242.211.89:https ESTABLISHED
TCP 10.10.10.130:58628 24-155-92-110:https ESTABLISHED
TCP 10.10.10.130:58651 ec2-18-211-133-65:https ESTABLISHED
TCP 10.10.10.130:58686 do-33:https ESTABLISHED
TCP 10.10.10.130:58720 172.253.119.189:https ESTABLISHED
TCP 10.10.10.130:58751 ec2-35-170-0-145:https ESTABLISHED
TCP 10.10.10.130:58753 ec2-44-224-80-214:https ESTABLISHED
TCP 10.10.10.130:58755 a23-65-237-228:https ESTABLISHED
C:\>
Unexplained TCP connections can pose a major security threat because they can indicate that something or someone is connected to the local host. Additionally, unnecessary TCP connections can consume valuable system resources, thus slowing down the performance of the host. netstat should be used to examine the open connections on a host when performance appears to be compromised.
Many useful options are available for the netstat command. You can view these options by typing netstat /? at the command prompt, as shown in Example 20-9.
Example 20-9 Options for the netstat Command
C:\>
netstat /?
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [-x] [-y]
[interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-q Displays all connections, listening ports, and bound
nonlistening TCP ports. Bound nonlistening ports may or may not
be associated with an active connection.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
-x Displays NetworkDirect connections, listeners, and shared
endpoints.
-y Displays the TCP connection template for all connections.
Cannot be combined with the other options.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
C:\>
The nslookup Command (20.3.10)
When a network device is being configured, one or more DNS server addresses are provided that the DNS client can use for name resolution. Usually, the ISP provides the addresses to use for the DNS servers. When a user application requests to connect to a remote device by name, the requesting DNS client queries the name server to resolve the name to a numeric address.
Computer operating systems also have a utility called nslookup that enables you to manually query the name servers to resolve a given host name. This utility can also be used to troubleshoot name resolution issues and to verify the current status of the name servers.
In Example 20-10, when the nslookup command is issued, the default DNS server configured for your host is displayed. The name of a host or domain can be entered at the nslookup prompt. The nslookup utility has many options available for extensive testing and verification of the DNS process.
Example 20-10 Looking Up Cisco Information with the nslookup Command
C:\Users>
nslookup
Default Server: dns-sj.cisco.com
Address: 171.70.168.183
>
www.cisco.com
Server: dns-sj.cisco.com
Address: 171.70.168.183
Name: origin-www.cisco.com
Addresses: 2001:420:1101:1::a
173.37.145.84
Aliases: www.cisco.com
>
cisco.netacad.net
Server: dns-sj.cisco.com
Address: 171.70.168.183
Name: cisco.netacad.net
Address: 72.163.6.223
>
Syntax Checker—The nslookup Command (20.3.11)
Practice entering the nslookup command in both Windows and Linux.
Refer to the online course to complete this activity.
Lab—Troubleshoot Using Network Utilities (20.3.12)
In this lab, you will complete the following objectives:
- Interpret the output of commonly used network command-line utilities.
- Determine which network utility can provide the necessary information to perform troubleshooting activities in a bottom-up troubleshooting strategy.
Leave a Reply