Command Line Utilities - DNS,DHCP,TCP/IP

8/8/2019 Command Line Utilities - DNS,DHCP,TCP/IP

1/10

Command-line utilitiesThis section covers:

Viewing configuration by using ipconfig /all

Viewing configuration by using the Status feature

Refreshing configuration by using ipconfig /renew

Managing DNS and DHCP class IDs by using ipconfig

Testing connections by using ping

Troubleshooting hardware addresses by using arp

Troubleshooting NetBIOS names by using nbstat

Displaying connection statistics by using netstat

Tracing network connections by using tracert

Testing routers by using pathping

Viewing configuration by using ipconfig /all

When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computerthat is experiencing the problem. You can use the ipconfig command to get host computer configurationinformation, including the IP address, subnet mask, and default gateway.

Note

For clients running Windows 95, Windows 98, and Windows Millennium Edition, use the winipcfg

command instead ofipconfig.

When you use the ipconfig command with the /all option, a detailed configuration report is produced for allinterfaces, including any configured serial ports. With ipconfig /all, you can redirect command output to a file andpaste the output into other documents. You can also use this output to confirm the TCP/IP configuration of eachcomputer on the network or to further investigate TCP/IP network problems.

For example, if a computer is configured with an IP address that is a duplicate of an existing IP address, the subnetmask appears as 0.0.0.0.

The following example shows the output of the ipconfig /all command on a computer that running Windows XPProfessional and is configured to use the DHCP server for automatic TCP/IP configuration, and WINS and DNS

servers for name resolution.

Copy Code

IP Configuration

Node Type . . . . . . . . . : HybridIP Routing Enabled. . . . . : NoWINS proxy Enabled. . . . . : No

Ethernet adapter Local Area Connection:

Host Name . . . . . . . . . : client1.microsoft.com
http://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_allhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_allhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_statushttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_renewhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_renewhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_otherhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_test_using_pinghttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_arphttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_nbstathttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_nbstathttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_netstathttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_tracerthttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_pathpinghttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_statushttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_renewhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_otherhttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_test_using_pinghttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_arphttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_nbstathttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_netstathttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_tracerthttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_using_pathpinghttp://technet.microsoft.com/en-us/library/cc757819(WS.10).aspx#BKMK_tcpip_tro_ipconfig_all


2/10

DNS Servers . . . . . . . . : 10.1.0.200Description . . . . . . . . : 3Com 3C90x Ethernet AdapterPhysical Address. . . . . . : 00-60-08-3E-46-07DHCP Enabled. . . . . . . . : YesAutoconfiguration Enabled . : YesIP Address. . . . . . . . . : 192.168.0.112Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 192.168.0.1DHCP Server . . . . . . . . : 10.1.0.50Primary WINS Server . . . . : 10.1.0.101Secondary WINS Server . . . : 10.1.0.102Lease Obtained. . . . . . . : Wednesday, September 02, 1998 10:32:13

AMLease Expires . . . . . . . : Friday, September 18, 1998 10:32:13 AM

If no problems appear in the TCP/IP configuration, the next step is testing the ability to connect to other host

computers on the TCP/IP network.

Viewing configuration by using the Status feature

An alternate method of viewing configuration is available through the Status feature of a network connection. Formore information, see View the status of a local area connection.

Refreshing configuration by using ipconfig /renew

When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computerthat is experiencing the problem. If the computer is DHCP-enabled and is using a DHCP server to obtainconfiguration, you can initiate a refresh of the lease by using the ipconfig /renew command.

When you use ipconfig /renew, all network adapters on the computer that uses DHCP (except those that are

manually configured) try to contact a DHCP server and renew their existing configuration or obtain a newconfiguration.

You can also use the ipconfig command with the /release option to immediately release the current DHCPconfiguration for a host.

Note

For Windows 95, Windows 98, and Windows Millennium Edition DHCP-enabled clients, use the release

and renew options of the winipcfg command instead ofipconfig /release and ipconfig /renew to

perform manual release or renewal of the IP configuration lease for a client.

Repair feature

As an alternative to ipconfig you can use Repair to renew LAN or high-speed Internet connection IP settings.Repair performs a series of commands that repair a connection. The commands that are invoked by Repair arelisted below with their command-line equivalents:

Repair Command-line equivalent

Checks whether DHCP is enabled and, if enabled, issues a broadcast renewto refresh the IP address

No command line equivalentavailable

Flushes the ARP cache arp -d *

Flush the NetBIOS cache nbtstat -R

Flushes the DNS cache ipconfig /flushdns

Re-registers with WINS nbtstat -RR
http://technet.microsoft.com/en-us/library/cc775699(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc775699(WS.10).aspx


3/10

Re-registers with DNS ipconfig /registerdns

Important

Repair uses a broadcast renew and will cause a computer to accept any lease from any DHCP server that

is on the network. In contrast, a unicast renew (ipconfig /renew) will only renew the existing lease from

the last DHCP server from which the client got a lease.

For more information, see Repair a LAN or high-speed Internet connection.

Managing DNS and DHCP class IDs by using ipconfig

You can also use the ipconfig command to:

Display or reset the DNS cache.

For more information, see Flush and reset a client resolver cache using the ipconfig command.

Refresh registered DNS names.

For more information, see Renew DNS client registration using the ipconfig command.

Display the DHCP class IDs for an adapter.

For more information, see Show DHCP class ID information at a client computer.

Set the DHCP class IDs for an adapter.

For more information, see Set DHCP class ID information at a client computer.

Testing connections by using ping

The ping command helps to verify IP-level connectivity. When troubleshooting, you can use ping to send an ICMPecho request to a target host name or IP address. Use ping whenever you need to verify that a host computer canconnect to the TCP/IP network and network resources. You can also use ping to isolate network hardwareproblems and incompatible configurations.

It is usually best to verify that a route exists between the local computer and a network host by first using theping command and the IP address of the network host to which you want to connect. Try pinging the IP address ofthe target host to see if it responds, as follows:

pingIP_address

You should perform the following steps when using ping:

1. Ping the loopback address to verify that TCP/IP is configured correctly on the local computer.

ping 127.0.0.1

2. Ping the IP address of the local computer to verify that it was added to the network correctly.

pingIP_address_of_local_host
http://technet.microsoft.com/en-us/library/cc757509(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc781949(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc780467(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc758890(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc783756(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc757509(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc781949(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc780467(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc758890(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc783756(WS.10).aspx


4/10

3. Ping the IP address of the default gateway to verify that the default gateway is functioning and that you

can communicate with a local host on the local network.

pingIP_address_of_default_gateway

4. Ping the IP address of a remote host to verify that you can communicate through a router.

pingIP_address_of_remote_host

The ping command uses Windows Sockets-style name resolution to resolve a computer name to an IP address, so

if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, notnetwork connectivity. For more information, see Troubleshooting hardware addresses by using arp.

If you cannot use ping successfully at any point, confirm that:

The computer was restarted after TCP/IP was configured.

The IP address of the local computer is valid and appears correctly on the General tab of the Internet

protocol (TCP/IP) properties dialog box.

IP routing is enabled and the link between routers is operational.

You can use different options with the ping command to specify the size of packets to use, how many packets to

send, whether to record the route used, what Time-to-Live (TTL) value to use, and whether to set the "don'tfragment" flag. You can type ping -? to see these options.

The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address 131.107.8.1:

Copy Code

C:\>ping -n 2 -l 1450 131.107.8.1Pinging 131.107.8.1 with 1450 bytes of data:

Reply from 131.107.8.1: bytes=1450 time


5/10

Troubleshooting NetBIOS names by using nbtstat

NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. TCP/IP provides many options for NetBIOSname resolution, including local cache lookup, WINS server query, broadcast, DNS server query, and Lmhosts andHosts file lookup.

Nbtstat is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat commandto remove or correct preloaded entries:

nbtstat -n displays the names that were registered locally on the system by programs such as the server

and redirector.

nbtstat -c shows the NetBIOS name cache, which contains name-to-address mappings for other

computers.

nbtstat -Rpurges the name cache and reloads it from the Lmhosts file.

nbtstat -RRreleases NetBIOS names registered with a WINS server and then renews their registration.

nbtstat -aname performs a NetBIOS adapter status command against the computer specified by name.

The adapter status command returns the local NetBIOS name table for that computer plus the media

access control address of the adapter.

nbtstat -S lists the current NetBIOS sessions and their status, including statistics, as shown in the

following example:

Copy Code

NetBIOS connection table

Local name State In/out Remote Host Input Output

------------------------------------------------------------------

CORP1 Connected Out CORPSUP1 6MB 5MB

CORP1 Connected Out CORPPRINT 108KB 116KB

CORP1 Connected Out CORPSRC1 299KB 19KB

CORP1 Connected Out CORPEMAIL1 324KB 19KB

CORP1 Listening

Displaying connection statistics by using netstat

You can use the netstat command to display protocol statistics and current TCP/IP connections. The netstat -acommand displays all connections, and netstat -r displays the route table plus active connections. The netstat -ocommand displays process IDs so you can view the owner of the port for each connection. The netstat -ecommand displays Ethernet statistics, and netstat -s displays per-protocol statistics. If you use netstat -n,addresses and port numbers are not converted to names. The following shows sample output for netstat:

Copy Code


6/10

C:\>netstat -eInterface Statistics

Received SentBytes 3995837940 47224622Unicast packets 120099 131015Non-unicast packets 7579544 3823Discards 0 0Errors 0 0Unknown protocols 363054211

C:\>netstat -n -o

Active Connectionsproto Local Address Foreign Address State PIDTCP 172.31.71.152:1136 157.54.2.84:389 CLOSE_WAIT 180TCP 172.31.71.152:2730 172.31.71.99:139 ESTABLISHED 4TCP 172.31.71.152:3110 157.54.2.84:389 CLOSE_WAIT 364TCP 172.31.71.152:3796 172.30.236.233:1479 ESTABLISHED 1128TCP 172.31.71.152:3800 172.30.236.233:1740 ESTABLISHED 1128TCP 172.31.71.152:3815 172.30.236.233:1479 ESTABLISHED 908TCP 172.31.71.152:3819 172.30.236.233:1740 ESTABLISHED 908TCP 172.31.71.152:4034 172.31.16.197:139 TIME_WAIT 0

TCP 172.31.71.152:4037 157.54.4.183:445 TIME_WAIT 0TCP 172.31.71.152:4043 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4044 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4045 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4046 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4047 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4048 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4049 157.60.218.11:119 TIME_WAIT 0TCP 172.31.71.152:4050 157.60.218.11:119 TIME_WAIT 0

C:\>netstat -a

Active Connections

proto Local Address Foreign Address StateTCP CORP1:1572 172.16.48.10:nbsession ESTABLISHEDTCP CORP1:1589 172.16.48.10:nbsession ESTABLISHEDTCP CORP1:1606 172.16.105.245:nbsession ESTABLISHEDTCP CORP1:1632 172.16.48.213:nbsession ESTABLISHEDTCP CORP1:1659 172.16.48.169:nbsession ESTABLISHEDTCP CORP1:1714 172.16.48.203:nbsession ESTABLISHEDTCP CORP1:1719 172.16.48.36:nbsession ESTABLISHEDTCP CORP1:1241 172.16.48.101:nbsession ESTABLISHEDUDP CORP1:1025 *:*UDP CORP1:snmp *:*UDP CORP1:nbname *:*UDP CORP1:nbdatagram *:*

UDP CORP1:nbname *:*UDP CORP1:nbdatagram *:*

C:\>netstat -sIP Statistics

Packets Received = 5378528Received Header Errors = 738854Received Address Errors = 23150Datagrams Forwarded = 0Unknown protocols Received = 0Received Packets Discarded = 0Received Packets Delivered = 4616524


7/10

Output Requests = 132702Routing Discards = 157Discarded Output Packets = 0Output Packet No Route = 0Reassembly Required = 0Reassembly Successful = 0Reassembly Failures = 0Datagrams Successfully Fragmented = 0Datagrams Failing Fragmentation = 0Fragments Created = 0

ICMP StatisticsReceived Sent

Messages 693 4Errors 0 0Destination Unreachable 685 0Time Exceeded 0 0Parameter problems 0 0Source Quenches 0 0Redirects 0 0Echoes 4 0Echo Replies 0 4Timestamps 0 0Timestamp Replies 0 0

Address Masks 0 0Address Mask Replies 0 0

TCP Statistics

Active Opens = 597Passive Opens = 135Failed Connection Attempts = 107Reset Connections = 91Current Connections = 8Segments Received = 106770Segments Sent = 118431Segments Retransmitted = 461UDP Statistics

Datagrams Received = 4157136No Ports = 351928Receive Errors = 2Datagrams Sent = 13809

Tracing network connections by using tracert

Tracert (Trace Route) is a route-tracing utility that is used to determine the path that an IP datagram takes toreach a destination. The tracert command uses the IP Time-to-Live (TTL) field and ICMP error messages todetermine the route from one host to another through a network.

How tracert works

The Tracert diagnostic utility determines the route taken to a destination by sending Internet Control Messageprotocol (ICMP) echo packets with varying IP Time-to-Live (TTL) values to the destination. Each router along thepath is required to decrement the TTL on a packet by at least 1 before forwarding it. When the TTL on a packetreaches 0, the router should send an "ICMP Time Exceeded" message back to the source computer.


8/10

Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 oneach subsequent transmission until the target responds or the maximum TTL is reached. The route is determinedby examining the "ICMP Time Exceeded" messages sent back by intermediate routers. Some routers silently droppackets with expired TTLs and are invisible to the Tracert utility.

The tracert command prints out an ordered list of the near-side interface of the routers in the path that returnedthe "ICMP Time Exceeded" message. If the -d option is used, the Tracert utility does not perform a DNS lookup oneach IP address.

In the following example, the packet must travel through two routers (10.0.0.1 and 192.168.0.1) to get to host

172.16.0.99. The default gateway of the host is 10.0.0.1 and the IP address of the router on the 192.168.0.0network is 192.168.0.1.

Copy Code

C:\>tracert 172.16.0.99 -dTracing route to 172.16.0.99 over a maximum of 30 hops1 2 ms 3 ms 2 ms 10.0.0.12 75 ms 83 ms 88 ms 192.168.0.13 73 ms 79 ms 93 ms 172.16.0.99Trace complete.

Troubleshooting with tracert

You can use the tracert command to determine where a packet stopped on the network. In the following example,the default gateway has determined that there is not a valid path for the host on 192.168.10.99. There is probablya router configuration problem or the 192.168.10.0 network does not exist (a bad IP address).

Copy Code

C:\>tracert 192.168.10.99Tracing route to 192.168.10.99 over a maximum of 30 hops1 10.0.0.1 reports: Destination net unreachable.Trace complete.The Tracert utility is useful for troubleshooting large networks where several paths can be taken to arrive at thesame point.

Tracert command-line options

The tracert command supports several options, as shown in the following table.

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Option Description

-d Specifies that IP addresses are not resolved to host names.

-hmaximum_hops Specifies the number of hops to allow in tracing a route to the host named in target_name.

-jhost-list Specifies the list of router interfaces in the path taken by the Tracert utility packets.

-wtimeout Waits the number of milliseconds specified by timeout for each reply.

target_name Name or IP address of the target host.

For more information, see Trace a path by using the tracert command.
http://technet.microsoft.com/en-us/library/cc782791(WS.10).aspxhttp://technet.microsoft.com/en-us/library/cc782791(WS.10).aspx


9/10

Testing routers by using pathping

The pathping command is a route tracing tool that combines features of the ping and tracert commands withadditional information that neither of those tools provides. The pathping command sends packets to each routeron the way to a final destination over a period of time, and then computes results based on the packets returnedfrom each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to

determine which routers or links might be causing network problems. A number of options are available, as shownin the following table.

Option Name Function

-n Hostnames Does not resolve addresses to host names.

-h Maximum hops Maximum number of hops to search for target.

-g Host-list Loose source route along host list.

-p Period Number of milliseconds to wait between pings.

-q Num_queries Number of queries per hop.

-w Time-out Waits this many milliseconds for each reply.

-i address Use the specified source address.

-4 IPv4 Force pathping to use IPv4.

-6 IPv6 Force pathping to use IPv6.

The default number of hops is 30, and the default wait time before a time-out is 3 seconds. The default period is

250 milliseconds, and the default number of queries to each router along the path is 100.

The following is a typical pathping report. The compiled statistics that follow the hop list indicate packet loss ateach individual router.

Copy Code

D:\>pathping -n server1

Tracing route to server1 [10.54.1.196]

over a maximum of 30 hops:0 172.16.87.351 172.16.87.2182 192.168.52.13 192.168.80.14 10.54.247.145 10.54.1.196

Computing statistics for 125 seconds...Source to Here This Node/Link

Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address0 172.16.87.35

0/ 100 = 0% |1 41ms 0/ 100 = 0% 0/ 100 = 0% 172.16.87.218

13/ 100 = 13% |2 22ms 16/ 100 = 16% 3/ 100 = 3% 192.168.52.1

0/ 100 = 0% |3 24ms 13/ 100 = 13% 0/ 100 = 0% 192.168.80.1

0/ 100 = 0% |4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14

0/ 100 = 0% |5 24ms 13/ 100 = 13% 0/ 100 = 0% 10.54.1.196

Trace complete.When pathping is run, you first see the results for the route as it is tested for problems. This is the same path that

is shown by the tracert command. The pathping command then displays a busy message for the next


10/10

125 seconds (this time varies by the hop count). During this time, pathping gathers information from all therouters previously listed and from the links between them. At the end of this period, it displays the test results.

The two rightmost columns--This Node/Link Lost/Sent=Pct and Address--contain the most useful information.

The link between 172.16.87.218 (hop 1), and 192.168.52.1 (hop 2) is dropping 13 percent of the packets. All otherlinks are working normally. The routers at hops 2 and 4 also drop packets addressed to them (as shown in the ThisNode/Link column), but this loss does not affect their forwarding path.

The loss rates displayed for the links (marked as a | in the rightmost column) indicate losses of packets beingforwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by

their IP addresses in the rightmost column) indicate that those routers' CPUs might be overloaded. Thesecongested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software

routers.

Command Line Utilities - DNS,DHCP,TCP/IP

Documents

Transcript of Command Line Utilities - DNS,DHCP,TCP/IP