Beruflich Dokumente
Kultur Dokumente
Command Ipconfig
IPConfig allows a Network Manager to view system TCP/IP settings
and
reconfigure if necessary. It can be used to troubleshoot network
problems.
IP address : 192.168.1.103
Default Gateway: 192.168.1.1
Subnet Mask: 255.255.255.0
Command Tracert
The Tracert diagnostic utility determines the route taken to a
destination by sending
Internet Control Message Protocol (ICMP) echo packets with varying IP
Time-to-
Live (TTL) values to the destination. Each router along the path is
required to
decrement the TTL on a packet by at least 1 before forwarding it.
When the TTL on
a packet reaches 0, the router should send an "ICMP Time Exceeded"
message back
to the source computer.Tracert determines the route by sending the
first echo packet
with a TTL of 1 and incrementing the TTL by 1 on each subsequent
transmission
until the target responds or the maximum TTL is reached. The route is
determined
by examining the "ICMP Time Exceeded" messages sent back by
intermediate
routers. Some routers silently drop packets with expired TTLs and are
invisible to
the Tracert utility. The tracert command prints out an ordered list of
the near-side
interface of the routers in the path that returned the "ICMP Time
Exceeded"
message. If the -d option is used, the Tracert utility does not perform
a DNS lookup
on each IP address.
1 Open command prompt.
2 Type in tracert www.yahoo.com (Take website of your
choice instead of www.yahoo.com)
3 Attach output.
It takes 30 hops
5 Then try the same process with other sites.( Take 2 sample
sites)
6 Attach output.
7 Did you notice that the first few hops are the same? Write down
what hops are taken to reach each destination, and what hops
are the same. Why you think some of the intermediate steps are
the same for different destinations?
First few hops are same. I think some of intermediate steps are
same for different destination because If any of the hops come
back with * Request timed out, this denotes network
congestion and a reason for slow loading Web pages and
dropped connections.
The reason for that result on a trace is that, some ISP, does load
balance in his Autonomus System, thats it: same destination across
diferent ways. We can basically use Ping and Traceroute to self-
diagnose problems with your Internet connection. When you
view the results this shows you where the problem lies &$151;
with your own computer, on the network, or to see if it is the
server you are trying to reach that is experiencing issues.
Traceroute tells you the exact route you take to reach the
server from your computer (ISP) and how long each hop takes.
Command ns Lookup
nslookup is a network administration command-line tool
available for many
computer operating systems for querying the Domain Name
System (DNS) to
obtain domain name or IP address mapping or for any other
specific DNS record
Command ARP
ARP command is used to view and then delete the ARP cache, and you use the
ping
command to generate ARP cache entries. Address Resolution
Protocol (ARP) is a
telecommunications protocol used for resolution of network layer
addresses into
link layer addresses, a critical function in multiple-access
networks. ARP was
defined by RFC 826 and is also the name of the program for
manipulating these
addresses in most operating systems.
6 To verify that the entries have been deleted, type arp -a and
press Enter again.
7 Attach output.
8 Ask someone else in the lab for their IP address. They
can get that by typing ipconfig
9 Type ping IP address of another computer in your network and
press Enter.
10 Attach output.
Command Ping
Ping is a basic Internet program that lets you verify that a
particular Internet address
exists and can accept requests. The verb ping means the act of
using the ping utility
or command. Ping is used diagnostically to ensure that a host
computer you are
trying to reach is actually operating. If, for example, a user cannot ping a host,
then
the user will be unable to use the File Transfer Protocol (FTP) to
send files to that
host. Ping can also be used with a host that is operating to see
how long it takes to
get a response back. Using ping, you can learn the number form
of the IP address
from the symbolic domain name Loosely, ping means "to get the
attention of" or "to
check for the presence of" another party online. Ping operates
by sending a packet to
a designated address and waiting for a response.
1 Ask your friend to give his/her IP address.
2 Now try a simple ping to their machine using e.g. ping your
friend’s IP address,
3 Attach output.
Command Openfiles
Openfiles queries or displays open files. It also queries,
displays, or disconnects files opened by network users.
In the command prompt, type in openfiles to if any shared files
which are currently open. Useful again for finding live attacks.
It will more than likely state INFO: No share
open files found." Attach output.
Command netstat
Netstat allows you to display statistics about your Ethernet
interface. If any errors are indicated in the display, you might
have problems with your network connection that are slowing
the network down. If the error packets approach 1% of the total
number of packets, something is probably wrong with your NIC
or physical interface.
Attach output.
2 You should see a list of connections listed. Useful again for finding live
attacks.
3 Type in netstat -? to see options with this command. You should see
-a, -e and others.
4 Attach output.
5 Type in netstat -e. These statistics include the number of bytes and
packets received and sent through the Ethernet interface.
6 Attach output.
7 To see statistics for all protocols, type netstat -s and press Enter.
8 Attach output.
10 To limit the display to just IP statistics, type netstat -ps IP and press
Enter.
11 Attach output.
12 To see your active network statistics updated every 5 seconds, type
netstat -e -t 5 and press Enter. Press Ctrl+C to stop the program.
13 Attach output.
14 Type netstat -o. This shows active TCP connections, but it also displays
the corresponding process identifier [-o] for each connection so you
can determine which program on your computer initiated each one.
15 Attach output.
16 Pay attention to the PID column. In somes cases, the PIDs are all the
same, meaning that the same program on your computer opened
these connections. However, to determine what program is
represented by the PID of say 2948 on your computer, all you have to
do is open Task Manager, click on the Processes tab, and note the
Image Name listed next to the PID your are looking for in the PID
column. Go ahead and try this.... Also, please be aware that using the
netstat command with the - o option can be very helpful when tracking
down which program is using too big a share of your bandwidth. It
can also help locate the destination where some kind of malware, or
even an otherwise legitimate piece of software, might be sending
information without your permission.
17 Note: While this and the previous example were both run on the same
computer, and within just a minute of each other, you can see that the
list of active TCP connections is considerably different. This is
because your computer is constantly connecting to, and
disconnecting from, various other devices on your network and over
the Internet.
18 To display ICMP information, type netstat -ps ICMP and press Enter. A
variety of ICMP message types are displayed along with how many
of each type of message were received and sent. Most, if not all, will
be Echo and Echo Reply messages.
19 Attach output.
Ask your friend for his/her IP address. Then use that e.g. Type ping IP
address of your friend and press Enter. This command should
generate ICMP Destination Unreachable messages.
20 Attach output
6 Press the spacebar one or more times to display the rest of the
output. You'll see row of output labeled Persistent Routes. If you
create a route manually and it is to stay in the table between reboots,
it is listed here. You will also see your default route listed under
Persistent Routes in the IPv4 section of the output
7 Attach output.
8 To verify that you can communicate with the Internet, type ping
www.gmail.com (Take website of your choice instead of
www.yahoo.com)press Enter. If the ping is successful, your default
network is working correctly.