The
topic is not Lay Phyu’s Diary song but it is just Commands Diary for Network
Troubleshooting. I want the topic to be interested, so I gave like that. The
people who studying in computer networking should know the usage of
Network commands. I collected and learned this commands for teaching
subjects and I would like to share you. You can learn more commands for Linux
in the other pages. I intend to learn related networking commands in one place.
Problem Description
I need a list of common Windows
commands to help me troubleshoot in the network.
Resolution
The Windows troubleshooting commands
discussed in this document fall into three categories:[1]
- Determine which groups a user belongs
- Helpful commands entered from the Start > Run dialog box
- Command-line tools for troubleshooting network connectivity
Determine which groups a user
belongs
To generate a list of groups that a
user belongs, open a command prompt and enter the following commands:
net user <username>
/domain
Replace <username> with
an actual user name. For example:
net user jdoe /domain
Helpful commands entered from the
Start > Run dialog box
Select Start > Run to
execute any of the following commands.
mstsc
|
Opens the Remote Desktop
(RDP) tool
|
winmsd
|
Opens the System Information
dialog box
|
inetcpl.cpil
|
Opens the Internet Explorer
Properties dialog box
|
odbccp32.cpl
|
Opens the ODBC Data Source
Administrator
|
mmc
|
Opens the Microsoft
Management Console (MMC)
|
services.msc
|
Opens the Windows Services
dialog box
|
eventvwr.msc
|
Opens the Windows Event
Viewer
|
dsa.msc
|
Opens the Active Directory
User and Computers management console
|
dssite.msc
|
Opens the Active Directory
Sites and Services management console
|
adminpak.msi
|
Launches the Administration
Tools Pack installer
|
dxdiag
|
Opens the DirectX Diagnostic
Tool
|
\\< Name or IP>\C$
|
Opens a UNC to the C: share
|
cmd
|
Opens the Windows Command
Prompt using the 32-bit cmd shell
|
Command-line tools for
troubleshooting network connectivity
This list contains some common
commands for troubleshooting network connectivity. Select Start > Run
and then type cmd to access the appropriate command prompt. Activating a
command window via Start > Programs > Accessories does not allow
all of the following tools to run correctly.
arp -a
|
Shows gateway MAC address.
|
getmac
|
DOS command used to show both
local and remote MAC addresses. When run with no parameters (ie. getmac) it displays MAC addresses for the local system. When run with the /s parameter (eg. getmac /s \\foo) it displays MAC addresses for the remote computer. When the /v parameter is used, it also displays the associated connection name and network adapter name.
|
gpresult
|
Starts the Operating System
Group Policy Result tool
|
ipconfig /all
|
Displays the full TCP/IP configuration
for all adapters;
ipconfig is a Console Command which can be
issued to the Command Line Interpreter (or command prompt) to display the
network settings currently assigned to any or all network adapters in the machine. This command can be utilized to verify a network connection as well as to
verify your network settings. |
ipconfig /flushdns
|
Flushes the DNS resolver
cache. Helpful when troubleshooting DNS name resolution problems
|
nbtstat -a
<MachineName>
|
Obtains info from WINS or
LMHOST (discovers who is logged on)
|
nbtstst -A <IP>
|
Gets info from WINS or
LMHOST (discovers who is logged on)
|
nbtstat -R
|
Purges and reloads the
remote cache name table
|
nbtstat -n
|
Lists local NetBIOS names.
|
nbtstat -r
|
Useful for detecting errors
when browsing WINS or NetBIOS
|
netstat -ab
|
The b switch links
each used port with its application
|
netstat -an
|
Shows open ports
|
netstat -an 1 | find
"15868"
|
Locates only lines with the
number 15868 and redisplays every one second
|
netstat -an | find
"LISTENING"
|
Shows open ports with
LISTENING status
|
net use
|
Retrieves a list of network
connections
|
net use file://1.2.3.4/
|
Sees if the machine can poll
IP 1.2.3.4
|
net user
|
Shows user account for the
computer
|
net user /domain
|
Displays user accounts for
the domain
|
net user /domain
<UserName>
|
Shows account details for
specific user
|
net group /domain
|
Shows group accounts for the
domain
|
net view
|
Displays domains in the
network
|
net view /domain
|
Specifies computers
available in a specific domain
|
net view /domain:
<DomainName> | more
|
Shows user accounts from
specific domain
|
net view /cache
|
Shows workstation names
|
nslookup
|
Looks up IP/hostnames and
displays information helpful in diagnosing DNS issues;
Displays information that you can
use to diagnose Domain Name System (DNS) infrastructure. Before using this tool, you should
be familiar with how DNS works. The nslookup command-line tool is available only if you have installed the TCP/IP protocol.
|
ping -a <IP>
|
Resolves IP to Hostname
|
ping -t <IP>
|
Pings host until stopped
|
set U
|
Shows which user is logged
on
|
set L
|
Shows the logon server
|
telnet
<IP><port>
|
Confirms whether the port is
open;
Telnet is software that allows
users to remotely access another computer such as a server, network device, or other computer. With telnet users can connect to a device or computer, manage a network device, setup a device, transfer files, etc.
|
Notes & Warnings
NOTE
|
Some commands may output more data
then the default command window can show. To view the complete data, use the
pipe command ( > or | ) to direct the output to a file. For example, type net
user \domain > GroupOutPut.txt to create a text file called GroupOutPut.txt
that contains the output data.
|
The usage
of ICMP (Packet Internet Grouping message) ping command [2]:For Windows
Vista, 7, and 8 syntax
ping [-t] [-a] [-n count] [-l size]
[-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w
timeout] [-R] [-S srcaddr] [-4] [-6 target_name
Options:
-t
|
Pings the specified host until
stopped. To see statistics and continue - Type Control-Break; To stop - press Ctrl + C.
|
-a
|
Resolve addresses to hostnames.
|
-n
|
count Number of echo requests to
send.
|
-l size
|
Send buffer size.
|
-f
|
Set Don't Fragment flag in packet
(IPv4-only).
|
-i
|
TTL Time To Live.
|
-v
|
TOS Type Of Service (IPv4-only.
This setting has been deprecated and has no effect on the type of service
field in the IP Header).
|
-r count
|
Record route for count hops
(IPv4-only).
|
-s count
|
Timestamp for count hops
(IPv4-only).
|
-j host-list
|
Loose source route along host-list
(IPv4-only).
|
-k host-list
|
Strict source route along
host-list (IPv4-only).
|
-w timeout
|
Timeout in milliseconds to wait
for each reply.
|
-R
|
Use routing header to test reverse
route also (IPv6-only). Per RFC 5095 the use of this routing header has been deprecated. Some systems may drop echo requests if this header is used.
|
-S srcaddr
|
Source address to use.
|
-4
|
Force using IPv4.
|
-6
|
Force using IPv6.
|
Examples:
pinglocalhost (enter in command
window)
Pings the localhost,
which helps determine if the computer can send information out and receive the
information back from itself.
Note: The above command does not send
information over network, but can indicate if the card can respond .
ping computerhope.com
Ping supports the ability to ping an
Internet address. In the above example, we pinged "computerhope.com"
and as can be seen, received four responses back. If we couldn't reach the
server or the server was blocking our request we would have lost all four packets.
ping 69.72.169.241
Allows you to ping another computer
where <69.72.169.241> can be the IP address
of the computer you want to ping. If you do not get a reply or get lost packets
you have a problem with your network, which can be a cable issues, network card
issues, drivers,
router,
switch,
or other network problem.
Is there a continuous ping options?
ping<address> -t
Use the -t option to ping any
address until you cancel it by pressing Ctrl + C.
When I ping the IP address doesn't
look right. In newer versions of the ping command and computers running on IPv6 you may get an IP
address that looks something like [fe80::51c1:5214:a18e:8dec%12] instead of
[192.168.1.7] to get the IPv4 IP address use the below command.
ping<hostname> -4
The hostname can be any computer and
the -4 forces the address to be shown as an IPv4 address.
Another important command in
networking is tracert(traceroute)
Network administrators and system administrators use this tool most commonly in
their day to day activities. It is basically a network diagnostic tool that is
very handy. There are three main primary objectives of traceroute tool. These
objectives fulfilled by tracroute gives an insight to your network problem [3].
The entire path that a packet
travels through
1. Names and identity of routers and
devices in your path
2. Network Latency or more specifically
the time taken to send and receive data to each devices on the path
3. Network Latency or more specifically
the time taken to send and receive data to each devices on the path
It is a tool that can be used to vary the path that your data will take to
reach its destination, without actually sending your data. Each IP packet that
you send on the internet has got a field called as TTL. TTL stands for Time To
Live. Although it is called as Time To Live, it is not actually the time in
seconds, but it is something else. TTL is not measured by the no of seconds but
the no of hops. It is the maximum number of hops that a packet can travel
through across the internet, before it is discarded.Hops are nothing but the
computers, routers, or any devices that comes in between the source and the
destination.It allows you to view a listing of how a network packet travels
through the network and where it may fail or slow down. Using this information
you can determine the computer, router, switch or other network device possibly
causing your network issues [4].
What if there was no TTL at all? If there was no TTL in an IP packet, the
packet will flow endlessly from one router to another and on and on forever
searching for the destination. TTL value is set by the sender inside his
IP packet ( the person using the system, or sending the packet, is unaware of
these things going on under the hood, but is automatically handled by the
operating system ). If the destination is not found after traveling through too
many routers in between ( hops ) and TTL value becomes 0 (which means no
further travel) the receiving router will drop the packet and informs the
original sender. Original sender is informed that the TTl value exceeded
and it cannot forward the packet further.
Let's say I need to reach
10.1.136.23 IP address, and my default TTL value is 30 hops. Which means
I can travel a maximum of 30 hops to reach my destination, before which the
packet is dropped.But how will the routers in between determine the TTL value
limit has reached. Each router that comes in between the source and destination
will go on reducing the TTL value before sending to the next router. Which
means if I have a default TTL value of 30, then the first router will reduce it
to 29 and then send that to the next router across the path.The receiving
router will make it 28 and send to the next and so on. If a router receives a
packet with TTl of 1 (which means no more further traveling, and no forwarding
), the packet is discarded.
But the router which discards the packet will inform the original sender
that the TTL value has exceeded!
The information send by the router receiving a packet with TTL of 1 back to the
original sender is called as "ICMP TTL exceeded messages". Of
course in internet when you send something to a receiver, the receiver will
come to know the address of the sender.Hence when an ICMP TTL exceeded message
is sent by a router, the original sender will come to know the address of the
router.Traceroute makes use of this TTL exceeded messages to find out
routers that come across your path to destination(Because these exceeded
messages send by the router will contain its address).
But how does Traceroute uses TTL exceeded message to find out routers/hops in
between?
You might be thinking, TTL exceeded
messages are only send by the router that receives a packet with TTL of 1.
That's correct, every router in between you and your receiver will not send TTL
exceeded message. Then how will you find the address of all the routers/hops in
between you and your destination. Because the main purpose of Traceroute is to
identify the hops between you and your destination. But you can exploit this
behavior of sending TTL exceeded messages by routers/hops in between by
purposely sending an IP packet with a TTL value of 1. See an example diagram of
the whole process in the below diagram, where a sender does a traceroute
towards one of the servers a remote location [3].
So let's say I want to do a
traceroute to google. My traceroute command and its result will look something
like the below.
tracert www.google.com
Using the tracert command as shown
above, we're asking tracert to show us the path from the local computer all the
way to the network device with the hostname www.google.com. If your
gateway router’s IP address is 192.168.2.1, you will get the above
traceroute reply message.
Different types of Traceroute
program
There are different types of traceroute programs. Each of them works slightly
differently. But the overall concept behind each of them is the same. All of
them uses the TTL value. Why different implementations? That because you
can use the one which is applicable to your environment. If suppose A firewall
block the UDP traffic then you can use another traceroute for this
purpose. The different types are mentioned below.
- UDP Traceroute
- ICMP traceroute
- TCP Traceroute
ICMP for traceroute works the same way as UDP traceroute. Traceroute program
will send ICMP Echo Request messages and the hops in between will reply with a
ICMP Time exceeded messages. But the final destination will reply with ICMP
Echo reply. Tracert command available in windows operating system by
default uses ICMP traceroute method.
Now the last is the most interesting one. Itငs called TCP traceroute. It is
used because almost all firewall and routers in between allows you to send TCP
traffic. And if the packet is toward port 80, which is the web traffic then
most of the routers allow that packet. TCPTRACEROUTE by default sends TCP SYN
requests to port 80 [3].
References:
1. Network troubleshooting commands
for Windows.html
2. MS-DOS ping command help.html
3. How Does Traceroute Work and
Example's of using traceroute command.html
4. Help with ping, winipcfg, and
other network commands.html
