Professional Documents
Culture Documents
Networking Tools
Networking Tools
Networking Tools
Tools
There are a number of tools available for you to use when it comes to diagnosing and
treating network issues.
These tools may exist in the computer’s operating system itself, as standalone software
applications or as hardware tools that you can use to troubleshoot a network. The
common ones include;
• ping — A TCP/IP utility that transmits a datagram to another host, specified in the
command. If the network is functioning properly, the receiving host returns the
datagram.
• tracert/traceroute —A TCP/IP utility that determines the route data takes to get to a
particular destination. This tool can help you to determine where you are losing packets
in the network, helping to identify problems.
• nslookup — A DNS utility that displays the IP address of a hostname or vice versa. This
tool is useful for identifying problems involving DNS name resolution.
• ipconfig — A Windows TCP/IP utility that verifies network settings and connections. It
can tell you a host’s IP address, subnet mask and default gateway, alongside other
important network information.
• ifconfig — A Linux or UNIX TCP/IP utility that displays the current network interface
configuration and enables you to assign an IP address to a network interface. Like
ipconfig on Windows, this command will tell you vital information about the network
and its status.
• iptables — A Linux firewall program that protects a network. You can use this tool if you
suspect that your firewall may be too restrictive or too lenient.
Tools
• netstat — A utility that shows the status of each active network connection.
This tool is useful for finding out what services are running on a particular
system.
• tcpdump — A utility that is used to obtain packet information from a query
string sent to the network interface. It’s available for free on Linux but can be
downloaded as a command for Windows.
• pathping — A TCP/IP command that provides information about latency and
packet loss on a network. It can help you troubleshoot issues related to
network packet loss.
• nmap — A utility that can scan the entire network for various ports and the
services that are running on them. You can use it to monitor remote network
connections and get specific information about the network.
• route — A command that enables manual updating of the routing table. It can
be used to troubleshoot static routing problems in a network.
• arp — A utility that supports the Address Resolution Protocol (ARP) service of
the TCP/IP protocol suite. It lets the network admin view the ARP cache and
add or delete cache entries. It can be used to address problems having to do
with specific connections between a workstation and a host.
• dig — A Linux or UNIX command-line tool that will display name server
Ping
• Ping sends ICMP echo requests to obtain an ICMP
echo response from a host.
• Some hosts may choose not to reply by security
policy. It may not mean that they’re down.
• Ping is used for troubleshooting, test network
connectivity, determine network response time
(latency or round trip time (RTT)) and host
availability.
• Multiple requests, four or five are send and the
results are displayed
• General ping syntax is ping ipaddress|
domainname
Ping
Example
The display contains information that include host ip address, number of packets
send and received, each packet size, each packet RTT and average, and TTL details
Request timeout; indicates no response due to many different causes; the most
common include network congestion, failure of the ICMP request, packet filtering,
routing error, or a silent discard
Destination host unreachable; means the host does not exist (use of wrong/non
existing IP addresses) as a result of routing problems or the route is blocked due
security reasons
IPCONFIG
• Aka Internet Protocol configuration (IPCONFIG)
• A Windows command that displays information about
network configurations and refresh DHCP and DNS
Settings (ifconfig is the ipconfig version for UNIX OS)
• IPCONFIG basic command displays a connected network
configurations (IP Address, Subnet Mask, and default
gateway ) as well as refresh DHCP and DNS settings
• In addition, IPCONFIG with /all switch command displays
hostname, MAC address, DNS server address and much
more information
• IPCONFIG is used to view IP information, troubleshoot, fix
DNS and IP issues, and more
Uses of IPCONFIG
• Monitor network performance by displaying information about the IP
addresses and other network settings. It identifies network bottlenecks,
detect connectivity issues, troublesome trends and patterns and
troubleshoot other network-related problems
• Ipconfig works in scripts to automate network configuration tasks or to
gather information about network settings especially in large networks
• Ipconfig can be used to view the IP addresses and other network settings
of a computer when it is connected to a virtual private network (VPN)
• Ipconfig helps diagnose connectivity (troubleshoot) issues. If a computer
can’t connect to the Internet or other network resources, use ipconfig to
view the IP configuration and ensure that the correct IP addresses and
default gateway are being used
• It can replace an expired address or help if your current IP assignment is
causing problems (can renew DHCP leases).
• Frequently visited IP addresses are stored in DNS cache if when the IP
addresses changed (occupies space making DNS slow). You can use
ipconfig to solve this problem by flushing the DNS cache. Ipconfig clears
the cache thus resolving the error and improving connectivity
Common ipconfig commands and
switches
• Ipconfig offers several options and switches that can be used to
customize the information displayed in the command or change the
actions performed. The basic syntax of the ipconfig command is
“ipconfig [options],” where “options” are the optional parameters
used to modify the command’s output. Some of these most used
options include:
• ipconfig /all: Displays detailed information about all adapters,
including the IP address, subnet mask, default gateway, DHCP server,
and DNS servers
• ipconfig /release: Releases the DHCP lease for the specified adapter
• ipconfig /renew: Requests a new DHCP lease for the specified adapter
• ipconfig /flushdns: Clears the DNS cache on the computer
• ipconfig /? or /help: Displays all the available options for the ipconfig
command
NSLOOKUP
• Nslooup stands for “name server lookup” and is one of the best ways to
find a host’s IP address or domain name .
In this example, the firewall passes the traffic to the web server (HTTP -> 80) and
the web server responds with the acknowledgement.
In all these examples a firewall could be a separate hardware device, or it could be
a local software firewall on the host computer.
Open Ports
The open service could be a publicly accessible service that
is, by its nature, supposed to be accessible. It may be a
back-end service that does not need to be publicly
accessible, and therefore should be blocked by a firewall.
A filtered port result from Nmap indicates that the port has not
responded at all. The SYN packet has simply been dropped by the
firewall. See the following Wireshark packet capture that shows the
initial packet with no response
Comparing network troubleshooting tools
• Ping, a command-line utility that tests connectivity to a remote
host by sending ICMP echo request packets and waiting for a
response
• Tracert, a command-line utility that displays the path taken by
packets across an IP network
• Netstat, a command-line utility that displays active TCP/IP
connections and their status, including the local and remote IP
addresses and ports
• Netsh, a command-line utility that's used to update network
configuration settings
• Nslookup, a command-line utility that displays information about
a domain name, such as the IP address and the name servers
• Event Viewer, a graphical tool that displays system and
application log data, which then can be used to troubleshoot
issues related to network connectivity or other problems