Monday, August 27, 2012

TCP/IP Utilities

Utility is a program or application that enhances an operating system's capabilities by performing a special function not provided by the operating system, such as a "print" utility or a "search and replace" utility.  There are three common TCP/IP utilities: Ping, Tracert, and NSlookup, which are available on both a Macintosh and Windows-based computer.

These utilities will help you diagnose and troubleshoot issues by verifying:

(PING) That a specific IP address or URL is active and also able to send/receive information

(TRACEROUTE) That a route/switch that could be causing an issue is identified

(NSLOOKUP) Who hosts the domain, either by IP address or URL

This command verifies that a specific destination IP address exists and is operating (i.e., accepting requests).  Ping works by sending an echo packet to a specified host and waiting for a reply.  All hosts are supposed to bounce the packet back so that the program can determine if the host is online or not.

Ping can also be used to:

1. Determine how long it takes to receive a response from a specific address (to calculate latency)

2. Determine a host's dot address.  Ping will not help if you are having any non-connectivity related problems with applications like Microsoft Office, etc.

The IPv4 syntax for the ping command is: ping [destination computer or IP address] and the IPv6 syntax for the ping command is: ping6 [destination computer or IP address]

You can set any of the following options when using the ping command:

-n – Specifies the number of packets to transmit.  Default is four.  In the example below, the ping count is 10.

-a – Resolves IP addresses to host names.

-l (Lowercase "L") – The size of the packet being transmitted (default is 32 bytes).  In the example below, the packet size is 50. 

NOTE: The larger the packet, the longer it takes to get a reply. 
 -t – Used for a number of things, such as detecting if the customer has a firewall.  This command will ping an IP address continuously until you press CTRL-C.  To determine if the customer has a firewall, run the command while the customer reboots the PC.  If a firewall loads, the ping replies will stop (unless you press CTRL-C). 

Tracert is a diagnostic utility used to identify equipment issues.  It traces the route taken to a destination by sending echo packets with varying Time-to-Live (TTL) values.  For example, we may only set the TTL to 10 hops.  This tells us the number of hops that a packet of information makes from one point to another in the network.  Each router/switch encountered along the path decreases the TTL value by 1 before forwarding it.  So, if the max TTL is set to 10 hops, it will count down from 10 to 9 and so on until it either is at 0 or finds the piece of equipment it was tracing to. 

When the TTL on a packet reaches 0, the router is supposed to send back a Time Exceeded message. Some servers just drop the request without sending back a message, or they block the packets and return a "Request Timed Out" message. In this case, a row of asterisks (*) is displayed. Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the ICMP Time Exceeded messages sent back by intermediate routers.

NOTE: While tracert is an effective tool used to determine the path to a destination site, it is not always the best tool for determining packet loss or latency along that path. Because of the way that tracert works (it only pings each hop three times, therefore providing a very small sample of data), the times listed at each hop may give an inaccurate representation of the status of the network. Ping is a much more effective tool for determining packet loss and latency.

NOTE: The first column is the hop number.  The next three columns show ping times between you and that particular host.  The last column shows the name of that server, or gateway, and its IP address.

A few important facts about Internet speeds related to latency:

Hop times of less than (<) 100 milliseconds are normal for short (<100 distances.="distances." medium="medium" miles="miles" p="p" to="to">

Hop times of <200 although="although" applications.="applications." cause="cause" distances="distances" do="do" for="for" ideal="ideal" in="in" longer="longer" miles="miles" milliseconds="milliseconds" most="most" not="not" p="p" problems="problems" the="the" us="us">

Sustained, consistent hop times greater than (>) 250 milliseconds need to be investigated. Occasional response times of >250 milliseconds do not need to be investigated (these occur due to momentary network congestion). 

The Traceroute command line syntax is:

tracert [-d] [-h maximum_hops] [-w timeout] target_name >> textfile.txt

Traceroute Command Line Options:

-"d" – Does not resolve addresses to hostnames. 

-"h maximum_hops" – Maximum number of hops to search for target. 

-"w timeout" – Wait timeout milliseconds for each reply. 

">> textfile.txt" – Writes the results to textfile.txt in the same directory you run tracert from. 


This diagnostic tool displays information from the DNS name servers.  You can enter a host name and find the corresponding IP address.  You can also enter an IP address, and the corresponding host name will be displayed.  This is known as a "reverse lookup".

The command line for NSLookup is:

C:> nslookup [domain or IP address]

NSLookup Command Line Result
NSlookup by URL: 

When starting NSLookup, you may receive the following errors:

Can't find server name for address example: w.x.y.z Timed out.

NOTE: w.x.y.z is the first DNS server listed in the DNS Service Search Order list.

The error indicates that no servers have been defined in the DNS Service Search Order list.  To correct this problem, add the IP address of a valid DNS server to this list.

Can't find server name for address Timed out

This error indicates that the DNS server cannot be reached or the service is not running on that computer.  To correct this problem, either start the DNS service on that server or check for possible connectivity problems.

No comments:

Post a Comment