UNIT-5

TCP/IP UTILITIES

Introduction
The Transmission Control Protocol / Internet Protocol (TCP/IP) is a
nonproprietary, routable network protocol suite that enables computers to
communicate over all types of networks. TCP/IP is the native protocol of the
Internet and is required for Internet Connectivity. The TCP/IP protocol suite
includes a network/node address structure, tools for static and dynamic address
assignment, name resolution services, and utilities for testing and configuration.
TCP/IP utilities offer network connections to other computers, such as UNIX
workstations. You must have the TCP/IP network protocol installed to use the
TCP/IP utilities.Many utilities are available to troubleshoot TCP/IP connectivity
problems. Most utilities are public domain and are included with the TCP/IP
protocol stack provided with the operating system that you are using. This also
means that the utilities may vary slightly depending on the operating system
being used. For example, to view your TCP/IP setting on a Windows Server you
would use "ipconfig", whereas on a Linux box you would use "ifconfig"—each
of which may support different command-line switches. Although these utilities
generally provide very basic functions, they will prove to be invaluable when
troubleshooting network problems.

Some important TCP/IP utilities:

Ping

You can use ping(packet Internet groper) command to verify the network
connectivity of a computer. Ping checks the host name, IP address, and that the
remote system can be reached. Ping uses the ICMP ECHO_REQUEST
datagrams to check connections between hosts by sending an echo packet, then
listening for the reply packets.This command is used to test a machine's
connectivity to another system and to verify that the target system is active.
Usually, using this command is the first step to any troubleshooting if a
connectivity problem is occurring between two computers. This can quickly
help you to determine whether a remote host is available and responsive.

Using Ping:-

1. If you are using Windows NT/2000, go to the command prompt by

selecting Start | Run and then type CMD. If you are using
Windows 95/98/ME, go to Start | Run, and type COMMAND.
2. At the command prompt, type: ping <ip address>. In this example
we are pinging the IP address of 117.194.0.24
 3. You will get four replies back from the ping message if the system
you have pinged is up and running, as shown next.

4. To test your TCP/IP software stack, you can ping the loopback
address by typing ping 127.0.0.1.
5. If you receive four lines of information showing successes, the
TCP/IP protocol is initialized and functioning. Four lines of failed
transmissions will show that TCP/IP is not initialized and cannot
be used to perform network transmissions. The results of a
successful ping to 127.0.0.1 are shown below.

(note:- For more options type "ping /?" in the command prompt. In Unix system
ping works equally well .For knowing more about ping in unix type "man ping"
in the console)

Tracert

The tracert ( or traceroute) utility determines the route data takes to get to a
particular destination. The ICMP protocol sends out Time Exceeded messages
to each router to trace the route. Each time a packet is sent, the time-to-live
(TTL) value is reduced before the packet is forwarded. This allows TTL to
count how many hops it is to the destination.

(note:- For finding more options for "tracert" type "tracert /?" windows
command. In unix system "traceroute" is the command instead of "tracert". To
know about traceroute type "man traceroute" in the console of unix system)

Netstat

The Netstat utility shows the status of each active network connection. Netstat
will display statistics for both TCP and UDP, including protocol, local address,
foreign address, and the TCP connection state. Because UDP is connectionless,
no connection information will be shown for UDP packets.
(note:- For finding more options for "netstat" type "netstat /?" windows
command. In unix system netstat works equally well. Find out more in the "man
netstat" page of Unix).

ARP

Network interface cards (NICs) have a hardware address, or MAC address,

burned into the network card itself. When you communicate from one system to
another, we generally use the IP address of the host with which we want to
communicate, but underneath the hood, the systems must use the physical MAC
address to send and receive data.The problem is, how does one system find out
the MAC address of the other system so that it can send the data across the
network? The answer is ARP. The address resolution protocol (ARP) was
designed to provide a mapping from the logical TCP/IP addresses to the
physical MAC addresses.

Address resolution is the process of resolving addresses or converting from one

type of address to another. In the case of ARP, the logical address (layer-3
address) is being converted to the MAC address (layer-2 address) by a broadcast
out on the network. With ARP, the sending computer yells out on the network
"Whoever has this IP address, I need your MAC address." This broadcast is sent
out on the wire, and every host looks at the broadcast data. The host with that IP
address will reply with its MAC address. The address resolution process is
complete once the original computer has received the MAC address information
of the destination system, and is then able to send data.

How ARP Works:-

When a host wants to send data out on the network, the ARP protocol is tasked
to find a MAC address that matches the IP address for the destination computer.
The ARP protocol first looks inside its ARP cache table for the appropriate
address. If the address is found, the destination MAC address is then added to
the data packet and forwarded. If no entry exists in the ARP cache for the
destination IP address, ARP broadcasts an ARP request packet to all the
machines on the LAN to determine the MAC address of the machine that has
that IP address. The host with that IP address will send an ARP reply that
contains its MAC address, whereas all other hosts do not reply, because they do
not have the IP address specified in the ARP request.

If the destination is on a remote subnet, the address of the router or gateway

used to reach that subnet is ARPed. If the ARP cache does not contain an IP
address for the router or gateway, the sending computer will ARP the IP address
of the router.
Once the MAC address is determined by the ARP reply, the IP and MAC
address of the destination system are stored in the ARP cache (stored in
memory) so that next time the address will be resolved from the cache and a
broadcast will not be needed.

ARP Cache

To reduce the number of address resolution broadcasts, thereby minimizing

network utilization, a client caches resolved addresses for a short time in a table
in memory. This table, known as the ARP cache, is used to maintain the
mappings between each MAC address and its corresponding IP address locally.
This is the most important part of this protocol. Since the size of the ARP cache
is limited, entries need to be purged periodically. If they are not, the cache could
become huge in size and could contain quite a few obsolete entries. Therefore,
ARP cache entries are removed at predefined intervals. This process also
removes any unsuccessful attempts to contact computers that are not currently
running.

Entries in the ARP cache can be viewed, added, or deleted by using the ARP
utility. Entries that are added with this utility manually are called static entries
and will not expire out of cache, whereas the entries that are added
automatically through broadcast are known as the dynamic entries and will
expire from the cache. Being able to view the ARP cache can be helpful in
trying to resolve address resolution problems. By displaying the current cache,
you can determine whether a host's MAC address is being resolved correctly.

To view the ARP cache, type the following command in a command prompt
window and press enter:

ARP –a

(note:- for more options type "ARP /?". The ARP cache result would not be
available properly unless you belong to a netwok. So the above screenshot is
taken from somewhere else, not taken from my computer.. This utility works in
Unix system as well. Find out more in "man ARP".)
Nslookup

Nslookup utility is used to test and troubleshoot domain name servers.

Nslookup has two modes. Interactive mode enables you to query name servers
for information about hosts and domains, or to print a list of hosts in a domain.
Non- interactive mode prints only the name and requested details for one host or
domain. Non-interative mode is useful for a single query.

To enter the interactive mode of Nslookup, type nslookup without any

arguments at a command prompt, or use only a hypen as the first argument and
specify a domain name server in the second. The default DNS name server will
be used if you don't enter anything for the second argument.

To use non-interactive mode, in the first argument, enter the name or IP address
of the computer you want to look up. In the second argument, enter the name or
IP address of a domain name server. The default DNS name server will be used
if you don't enter anything for the second argument.
(note:- nslookup works equally well in unix. Find out in the man page of unix
about the command).

Ipconfig

Displays all current TCP/IP network configuration values and refreshes

Dynamic Host Configuration Protocol (DHCP) and Domain Name System
(DNS) settings. Used without parameters, ipconfig displays the IP address,
subnet mask, and default gateway for all adapters.

Among many parameters of this command three commands are very important:-

1. /all
2. /release[adapter]
3. /renew [adapter]

For /all, Ipconfig displays all of the current TCP/IP configuration values,
including the IP address, subnet mask, default gateway, and Windows Internet
Naming Service (WINS) and DNS configuration.

For /release and /renew, if no adapter name is specified, the IP address leases
for all adapters that are bound to TCP/IP are released or renewed.

Both /renew and /release options only work on clients configured for dynamic
(DHCP) addressing.
(note:- in unix system "ifconfig" is the command instead of "ipconfig". To know
about ifconfig type "man ifconfig" in the console of unix system.)