Beruflich Dokumente
Kultur Dokumente
The ping command is a Command Prompt command used to test the ability of the
source computer to reach a specified destination computer. The ping command is
usually used as a simple way to verify that a computer can communicate over
the network with another computer or network device.
The ping command operates by sending Internet Control Message Protocol (ICMP)
Echo Request messages to the destination computer and waiting for a response.
How many of those responses are returned, and how long it takes for them to return,
are the two major pieces of information that the ping command provides.
For example, you might find that there are no responses when pinging a network
printer, only to find out that the printer is offline and its cable needs replaced. Or
maybe you need to ping a router to verify that your computer can connect to it, to
eliminate it as a possible cause for a networking issue.
The word "ping" is also used online to refer to a brief message, usually over text
message or email. For example, you can "ping your boss," or send her a message,
when you're done with a specific project, but it has nothing to do with the ping
command.
The ping command is available from within the Command Prompt in Windows
10, Windows 8, Windows 7, Windows Vista, and Windows XP operating systems.
The ping command is also available in older versions of Windows like Windows 98
and 95.
The ping command can also be found in Command Prompt in the Advanced Startup
Options and System Recovery Options repair/recovery menus.
The availability of certain ping command switches and other ping command syntax might
differ from operating system to operating system.
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [-
R] [-S srcaddr] [-p] [-4] [-6] target [/?]
See How to Read Command Syntax if you're not sure how to interpret the ping command
syntax as it's described above or in the table below.
The -f, -v, -r, -s, -j, and -k options work when pinging IPv4 addresses only. The -R and -
S options only work with IPv6.
Other less commonly used switches for the ping command exist including [-j host-
list], [-k host-list], and [-c compartment]. Execute ping /? from the Command Prompt
for more information on these options.
You can save the ping command output to a file using a redirection operator. See How to
Redirect Command Output to a File for instructions or see our Command Prompt
Tricks list for more tips.
The result displayed in the Command Prompt window will look something like this:
The 0% loss reported under Ping statistics for 74.217.1.142 explains that each ICMP
Echo Request message sent to www.google.com was returned. This means that, as
far as this network connection goes, it can communicate with Google's website just
fine.
ping 127.0.0.1
In the above example, we're pinging 127.0.0.1, also called the IPv4 localhost IP
address or IPv4 loopback IP address, without options.
Using the ping command to ping 127.0.0.1 is an excellent way to test that Windows'
network features are working properly but it says nothing about your own
network hardware or your connection to any other computer or device. The IPv6
version of this test would be ping ::1.
ping -a 192.168.1.22
In this example, we're asking the ping command to find the hostname assigned to
the 192.168.1.22 IP address, but to otherwise ping it as normal.
ping 192.168.2.1
Similar to the ping command examples above, this one is used to see if your
computer can reach your router. The only difference here is that instead of using a
ping command switch or pinging the localhost, we're checking the connection
between the computer and the router (192.168.2.1 in this case).
If you're having troubles logging in to your router or accessing the internet at all, see
if your router is accessible with this ping command, of course,
replacing 192.168.2.1 with your router's IP address.
ping -t -6 SERVER
In this example, we force the ping command to use IPv6 with the -6 option and
continue to ping SERVER indefinitely with the -t option. You can interrupt the ping
manually with Ctrl+C.
tracert
The tracert command is a Command Prompt command that's used to show several
details about the path that a packet takes from the computer or device you're on to
whatever destination you specify.
You might also sometimes see the tracert command referred to as the trace route
command or traceroute command.
Tracert, as it's explained below, applies to Windows only, but the traceroute command is
available for Linux, too.
The tracert command is available from within the Command Prompt in all
Windows operating systems including Windows 10, Windows 8, Windows
7, Windows Vista, Windows XP, and older versions of Windows as well.
tracert [-d] [-h MaxHops] [-w TimeOut] [-4] [-6] target [/?]
See How to Read Command Syntax if you're having a hard time understanding the tracert
syntax as it's shown above or explained in the table below.
Other less commonly used options for the tracert command also exist, including [-
jHostList], [-R], and [-S SourceAddress]. Use the help switch with the tracert
command for more information on these options.
Save the lengthy results of a tracert command to a file with a redirection operator. Take a
look at How to Redirect Command Output to a File for help or see Command Prompt
Tricks for this and other helpful tips.
In the above example, the tracert command is used to show the path from the
networked computer on which the tracert command is being executed by
a networkdevice, in this case, a router on a local network, that's assigned
the 192.168.1.1 IP address.
The result displayed on the screen will look something like this:
In this example, you can see that tracert found a network device using the IP
address of 192.168.1.254, let's say a network switch, followed by the
destination, 192.168.1.1, the router.
tracert www.google.com
With the tracert command shown above, we're asking tracert to show us the path
from the local computer all the way to the network device with the
hostname www.google.com.
In this example, we can see that tracert identified fifteen network devices including
our router at 10.1.0.1 and all the way through to the target of www.google.com,
which we now know uses the public IP address of 209.85.225.104, one of Google's
many IP addresses.
Hops 4 through 12 were excluded above just to keep the example simple. If you were
executing a real tracert, those results would all show up on screen.
tracert -d www.yahoo.com
With this tracert command example, we're again requesting the path to a website,
this time www.yahoo.com, but now we're preventing tracert from resolving
hostnames by using the -d option.
We can see that tracert again identified fifteen network devices including our router
at 10.1.0.1 and all the way through to the target of www.yahoo.com, which we can
assume uses the public IP address of 209.191.122.70.
As you can see, tracert didn't resolve any hostnames this time, which significantly
sped up the process.
In this last example of the tracert command in Windows, we're using -h to limit the
hop count to 3, but instead of displaying the results in Command Prompt, we'll use
the > redirection operator to send it all to a TXT file located on Z:, an external hard
drive.
Ipconfig
Using ipconfig
From the command prompt, type ipconfig to run the utility with default options. The
output of the default command contains the IP address, network mask, and gateway
for all physical and virtual network adapters.
The ipconfig command supports several command line options. The command
ipconfig /?
Ipconfig /all
This option displays the same IP addressing information for each adapter as the
default option. Additionally, it displays DNS and WINS settings for each adapter.
nThe nslookup (which stands for name server lookup) command is a network utility
program used to obtain information about internet servers. It finds name server
information for domains by querying the Domain Name System.
Most computer operating systems include a built-in command line program with the
same name. Some network providers also host web-based services of this same
utility (like Network-Tools.com). These programs are all designed to perform name
server lookups against specified domains.
C:\> nslookup
Server: resolver1.opendns.com
Address: 208.67.222.222
>
This command identifies which DNS server the computer is currently configured to
use for its DNS lookups. As the example shows, this computer is using
an OpenDNSDNS server.
Take note of the small > at the bottom of the command's output. nslookup remains
running in the background after the command is issued. The prompt at the end of the
output lets you enter additional parameters. When you execute nslookupwithout
specifying a domain name, the program enters interactive mode.
Either type the domain name you want the nslookup details for or quit nslookup with
the exit command (or the Ctrl+C keyboard shortcut). You could instead use nslookup
by typing the command before the domain, all on the same line:
nslookup lifewire.com.
pathping
Provides information about network latency and network loss at intermediate hops
between a source and destination. pathping sends multiple echo Request messages
to each router between a source and destination over a period of time and then
computes results based on the packets returned from each router.
Because pathping displays the degree of packet loss at any given router or link, you
can determine which routers or subnets might be having network problems.
Syntax
Copy
pathping [/n] [/h] [/g <Hostlist>] [/p <Period>] [/q <NumQueries> [/w <timeout>]
[/i <IPaddress>] [/4 <IPv4>] [/6 <IPv6>][<TargetName>]
Parameters
Parameter Description
/h Specifies the maximum number of hops in the path to search for the target
<MaximumHops> (destination). The default is 30 hops.
/g <Hostlist> Specifies that the echo Request messages use the Loose Source Route option in
the IP header with the set of intermediate destinations specified in Hostlist. With
loose source routing, successive intermediate destinations can be separated by
one or multiple routers. The maximum number of addresses or names in the host
list is 9. The Hostlist is a series of IP addresses (in dotted decimal notation)
separated by spaces.
Parameter Description
/p <Period> Specifies the number of milliseconds to wait between consecutive pings. The
default is 250 milliseconds (1/4 second).
/q <NumQueries> Specifies the number of echo Request messages sent to each router in the path.
The default is 100 queries.
/w <timeout> Specifies the number of milliseconds to wait for each reply. The default is 3000
milliseconds (3 seconds).
<TargetName> Specifies the destination, which is identified either by IP address or host name.
Remarks
pathping parameters are case-sensitive.
To avoid network congestion, pings should be sent at a sufficiently slow pace.
To minimize the effects of burst losses, do not send pings too frequently.
When using the /p parameter, pings are sent individually to each intermediate
hop. Because of this, the interval between two pings sent to the same hop
is period multiplied by the number of hops.
When using the /w parameter, multiple pings can be sent in parallel. Because of
this, the amount of time specified in the timeout parameter is not bounded by
the amount of time specified in the Period parameter for waiting between
pings.
This command is available only if the Internet Protocol (TCP/IP) protocol is
installed as a component in the properties of a network adapter in Network
Connections.
Examples
The following example shows pathping command output:
Copy
D:\>pathping /n corp1
Tracing route to corp1 [10.54.1.196]
over a maximum of 30 hops:
0 172.16.87.35
1 172.16.87.218
2 192.168.52.1
3 192.168.80.1
4 10.54.247.14
5 10.54.1.196
computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct address
0 172.16.87.35
0/ 100 = 0% |
1 41ms 0/ 100 = 0% 0/ 100 = 0% 172.16.87.218
13/ 100 = 13% |
2 22ms 16/ 100 = 16% 3/ 100 = 3% 192.168.52.1
0/ 100 = 0% |
3 24ms 13/ 100 = 13% 0/ 100 = 0% 192.168.80.1
0/ 100 = 0% |
4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14
0/ 100 = 0% |
5 24ms 13/ 100 = 13% 0/ 100 = 0% 10.54.1.196
Trace complete.
When pathping is run, the first results list the path. This is the same path that is
shown using the tracert command. Next, a busy message is displayed for
approximately 90 seconds (the time varies by hop count). During this time,
information is gathered from all routers previously listed and from the links between
them. at the end of this period, the test results are displayed.
The loss rates displayed for the links, identified as a vertical bar (|) in
the address column, indicate link congestion that is causing the loss of packets that
are being forwarded on the path. The loss rates displayed for routers (identified by
their IP addresses) indicate that these routers might be overloaded
Hostname
If you run hostname command without any options, it will displays the
current host name and domain name of your Linux system.
$ hostname
tecmint
Formatted: Font: (Default) Arial, 13.5 pt, Font color: Custom
Color(RGB(59,141,189)), Border: : (No border)
If the host name can be resolved, you can display the network address(es)
(IP address) of the host name with the -i flag and the -I option
establishes all configured network interfaces and shows all network
addresses of the host.
$ hostname -i
$ hostname -I
To view the name of the DNS domain and FQDN (Fully Qualified Domain
Name) of your machine, use the -f and -d switches respectively. And
the -A enables you to see all the FQDNs of the machine.
$ hostname -d
$ hostname -f
$ hostname -A
Route
For a computer with more than one interface and that's configured to
work as a router, the routing table is often a major source of trouble.
Setting up the routing table properly is a key part of configuring a router
to work.
For each entry in the routing table, five items of information are listed:
The destination IP address Actually, this is the address of the
destination subnet, and must be interpreted in the context of the
subnet mask.
The subnet mask that must be applied to the destination
address to determine the destination subnet
The IP address of the gateway to which traffic intended for
the destination subnet will be sent
The IP address of the interface through which the traffic will
be sent to the destination subnet
The metric, which indicates the number of hops required to
reach destinations via the gateway
Here's how the rules shown in this example are used. Notice that you
have to read the entries from the bottom up:
Warning You shouldn't do this unless you know what you're doing. If you
mess up the routing table, your computer may not be able to
communicate with anyone.
The syntax for the route command for adding, deleting, or changing a
route entry is
-p: Makes the entry persistent. If you omit -p, the entry will be
deleted the next time you reboot. (Use this only with add
commands.)
command: Add, delete, or change.
dest: The IP address of the destination subnet.
mask subnet: The subnet mask. If you omit the subnet mask, the
default is 255.255.255.255, meaning that the entry will apply only
to a single host rather than a subnet. You usually want to include
the mask.
gateway: The IP address of the gateway to which packets will be
sent.
-if interface: The IP address of the interface through which packets
will be sent. If your computer has only one network interface, you
can omit this.
Suppose that your network has a second router that serves as a link to
another private subnet, 192.168.2.0 (subnet mask 255.255.255.0). The
interface on the local side of this router is at 192.168.1.200. To add a
static route entry that sends packets intended for the 192.168.2.0 subnet
to this router, use a command like this:
If you omit the mask from a route change command, the command
changes the mask to 255.255.255.255!
Finally, suppose that you realize that setting up a second router on this
network wasn't such a good idea after all, so you want to just delete the
entry. The following command will do the trick:
Specifically, the netstat command can show details about individual network
connections, overall and protocol-specific networking statistics, and much more, all
of which could help troubleshoot certain kinds of networking issues.
The netstat command is available from within the Command Prompt in most versions
of Windows including Windows 10, Windows 8, Windows 7, Windows
Vista, Windows XP, Windows Server operating systems, and some older versions of
Windows, too.
netstat is a cross-platform command, which means it's also available in other operating
systems like macOS and Linux.
netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p protocol] [-r] [-s] [-t] [-x] [-y] [time_interval] [/?]
Make all that netstat information in the command line easier to work with by outputting
what you see on the screen to a text file using a redirection operator. See How to
Redirect Command Output to a File for complete instructions.
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:5357 VM-Windows-7:49229 TIME_WAIT
TCP 127.0.0.1:49225 VM-Windows-7:12080 TIME_WAIT
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT
TCP 192.168.1.14:49196 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49197 a795sm.avast.com:http CLOSE_WAIT
TCP 192.168.1.14:49230 TIM-PC:wsd TIME_WAIT
TCP 192.168.1.14:49231 TIM-PC:icslap ESTABLISHED
TCP 192.168.1.14:49232 TIM-PC:netbios-ssn TIME_WAIT
TCP 192.168.1.14:49233 TIM-PC:netbios-ssn TIME_WAIT
TCP [::1]:2869 VM-Windows-7:49226 ESTABLISHED
TCP [::1]:49226 VM-Windows-7:icslap ESTABLISHED
As you can see, there were 11 active TCP connections at the time netstat was
executed in this example. The only protocol (in the Proto column) listed is TCP,
which was expected because we didn't use -a.
You can also see three sets of IP addresses in the Local Address column — the
actual IP address of 192.168.1.14 and both IPv4 and IPv6 versions of the loopback
addresses, along with the port each connection is using. The Foreign
Address column lists the FQDN (75.125.212.75 didn't resolve for some reason)
along with that port as well.
Finally, the State column lists the TCP state of that particular connection.
netstat -o
In this example, netstat will be run normally so it only shows active TCP connections,
but we also want to see the corresponding process identifier [-o] for each connection
so that we can determine which program on the computer initiated each one.
Active Connections
Proto Local Address Foreign Address State PID
TCP 192.168.1.14:49194 75.125.212.75:http CLOSE_WAIT 2948
TCP 192.168.1.14:49196 a795sm:http CLOSE_WAIT 2948
TCP 192.168.1.14:49197 a795sm:http CLOSE_WAIT 2948
You probably noticed the new PID column. In this case, the PIDs are all the same,
meaning that the same program on the computer opened these connections.
To determine what program is represented by the PID of 2948 on the computer, all
you have to do is open Task Manager, select the Processes tab, and note
the Image Name listed next to the PID we're looking for in the PID column.1
Using the netstat command with the -o option can be very helpful when tracking
down which program is using too big a share of your bandwidth. It can also help
locate the destination where some kind of malware, or even an otherwise legitimate
piece of software, might be sending information without your permission.
While this and the previous example were both run on the same computer, and within just
a minute of each other, you can see that the list of active TCP connections is
considerably different. This is because your computer is constantly connecting to,
and disconnecting from, various other devices on your network and over the internet.
The above example is similar to what we've already looked at, but instead of
displaying all connections, we're telling the netstat command to show only the
connections that are using a specific PID, 28604 in this example.
netstat -s -p tcp -f
In this example, we want to see protocol specific statistics [-s] but not all of them, just
TCP stats [-p tcp]. We also want the foreign addresses displayed in FQDN format [-
f].
This is what the netstat command, as shown above, produced on the example
computer:
As you can see, various statistics for the TCP protocol are displayed, as are all
active TCP connections at the time.
netstat -e -t 5
In this final example, netstat command is executed to show some basic network
interface statistics [-e] and so that these statistics continually updated in the
command window every five seconds [-t 5].
Interface Statistics
Received Sent
Bytes 22132338 1846834
Unicast packets 19113 9869
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
Interface Statistics
Received Sent
Bytes 22134630 1846834
Unicast packets 19128 9869
Non-unicast packets 0 0
Discards 0 0
Errors 0 0
Unknown protocols 0
^C
Various pieces of information, which you can see here and that we listed in the -
esyntax above, are displayed.
UBUNTU Commands
Tcpdump
tcpdump is a most powerful and widely used command-line packets sniffer
or package analyzer tool which is used to capture or filter TCP/IP packets
that received or transferred over a network on a specific interface. It is
available under most of the Linux/Unix based operating systems. tcpdump
also gives us a option to save captured packets in a file for future analysis.
It saves the file in a pcap format, that can be viewed by tcpdump command
or a open source GUI based tool called Wireshark (Network Protocol
Analyzier) that reads tcpdump pcap format files.
1.eth0
2.eth1
3.usbmon1 (USB bus number 1)
4.usbmon2 (USB bus number 2)
5.usbmon3 (USB bus number 3)
6.usbmon4 (USB bus number 4)
7.usbmon5 (USB bus number 5)
8.any (Pseudo-device that captures on all interfaces)
9.lo
Ifconfig
Description
ifconfig stands for "interface
configuration." It is used to view and
change the configuration of the network
interfaces on your system.
ifconfig
collisions:0 txqueuelen:1000
collisions:0 txqueuelen:0
collisions:0 txqueuelen:1000
5 cable.
ifconfig -a
ifconfig eth0
Examples
ifconfig
ifconfig -a
ifconfig eth1 up
Route
route
192.168.1.0 * 255.255.255.0 U
0 0 0 eth0
Host
host IP_Address: This will display the domain details of the specified IP Address.
Example:
host 52.25.109.230
Tracepath
tracepath command in Linux with Examples
tracepath command in Linux is used to traces path to destination discovering MTU along
this path. It uses UDP port or some random port. It is similar to traceroute, but it does not
require superuser privileges and has no fancy options. tracepath6 is a good replacement
for traceroute6 and classic example of the application of Linux error queues. The situation
with IPv4 is worse because commercial IP routers do not return enough information in ICMP
error messages. Probably, it will change, when they will be updated. For now, it uses Van
Jacobson’s trick, sweeping a range of UDP ports to maintain trace history.
Syntax:
tracepath [-n] [-b] [-l pktlen] [-m max_hops] [-p port] destination
Example:
tracepath command without any option: It will print the general syntax of the
command along with the various options that can be used with the tracepath command
as well as gives a brief description about each option.
In the following example using tracepath command we are trying to trace path to
destination for google.com.
tracepath www.google.com
Options:
tracepath -n: This option prints primarily IP addresses numerically.
Example:
tracepath -n www.google.com
tracepath -b: This option print both of host names and IP addresses.
Example:
tracepath -b www.google.com