Command-Line Tools - CompTIA Network+ N10-006 Cert Guide (2015)

CompTIA Network+ N10-006 Cert Guide (2015)

Chapter 10. Command-Line Tools

After completion of this chapter, you will be able to answer the following questions:

Image What are some of the more useful Microsoft Windows commands for configuring and troubleshooting network clients and servers?

Image What are some of the more useful UNIX commands for configuring and troubleshooting network clients and servers?

Your configuration and troubleshooting of networks will undoubtedly involve issuing commands at an operating system (OS) prompt of an end-user computer (a client) or a server. This chapter provides you with a collection of commands that you can use at those OS prompts. The two operating systems for which commands are provided are Microsoft Windows and UNIX.

Some commands, you will notice, exist on both Microsoft Windows and UNIX platforms. For example, both platforms can use the ping command to check network reachability; however, other commands are OS-specific. For example, the IP address settings on a Microsoft Windows PC can be viewed by entering the ipconfig command. However, a slightly different command, the ifconfig command, is used to gather similar information on UNIX hosts.

Many of the commands presented in this chapter have multiple command-line arguments; however, this chapter focuses on the more popular options for these commands. As a result, this chapter is not an exhaustive reference listing all available options for the commands presented.

Foundation Topics

Windows Commands

The Microsoft Windows OS (generically referred to as Windows in this chapter) allows you to access a command prompt by opening the Command Prompt application or by typing cmd in the Start > Run dialog box (on some Windows platforms, such as Windows XP) or in the Start > Search Programs and Files dialog box (on other Windows platforms, such as Windows 7). Although slight variations exist in these Windows commands based on your version of Windows, this chapter describes these Windows commands as they exist in Windows 7. Also, note that all the commands listed in this section are commands on the Network+ exam (N10-006) blueprint.

arp

You can use the arp command to see what a Layer 2 MAC address corresponds to as a known Layer 3 IP address. In addition, you can use the arp command to statically add a MAC address to IP address mapping to a PC’s Address Resolution Protocol (ARP) MAC address lookup table (sometimes called the ARP cache).

The syntax of the arp command is as follows:

Click here to view code image

arp -s inet_addr eth_addr [if_addr]
arp -d inet_addr [if_addr]
arp -a [inet_addr] [-N if_addr] [-v]

Table 10-1 describes the previously listed switches (for example, -s, -d, and -a) and arguments (for example, inet_addr and if_addr).

Image

Table 10-1 Parameters for the Windows arp Command

Example 10-1 shows the arp -a command being issued on a PC. The output shows what MAC addresses have been learned for the listed IP addresses. The dynamically learned addresses have dynamic listed in the Type column, and statically configured addresses (which are addresses configured by a user or the OS) are listed with static in the Type column. From the output, as one example, you can determine that the network device with an IP address of 172.16.202.1 has a MAC address of 00-50-56-c0-00-08, which could alternatively be written as 0050.56c0.0008. Also, you can determine from the output that this information was dynamically learned, as opposed to being statically configured.

Image

Example 10-1 Sample Output from the Windows arp -a Command

Click here to view code image


C:\> arp -a
Interface: 172.16.202.128 --- 0xb
Internet Address Physical Address Type
172.16.202.1 00-50-56-c0-00-08 dynamic
172.16.202.2 00-50-56-fd-65-2c dynamic
172.16.202.254 00-50-56-e8-84-fc dynamic
172.16.202.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static

Interface: 172.16.202.129 --- 0x14
Internet Address Physical Address Type
172.16.202.1 00-50-56-c0-00-08 dynamic
172.16.202.2 00-50-56-fd-65-2c dynamic
172.16.202.254 00-50-56-e8-84-fc dynamic
172.16.202.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
224.0.1.60 01-00-5e-00-01-3c static
255.255.255.255 ff-ff-ff-ff-ff-ff static


From a troubleshooting perspective, keep in mind that static ARP entries tend to be more problematic than dynamic entries. For example, a static entry might be added to a laptop computer, and the computer might later connect to a different network. If a PC then attempts to reach the IP address specified in the static ARP entry, the Layer 2 frame would have the incorrect destination MAC address (which should then be the MAC address of the PC’s default gateway) in its header.

ipconfig

You can use the ipconfig command to display IP address configuration parameters on a Windows PC. In addition, if the PC uses Dynamic Host Configuration Protocol (DHCP), you can use the ipconfig command to release and renew a DHCP lease, which is often useful when troubleshooting.

The syntax of the ipconfig command, along with some of its more commonly used parameters, is as follows:

Click here to view code image

ipconfig [/all | /renew | /release | /renew6 | /release6]

Table 10-2 describes the previously listed parameters for the ipconfig command.

Image

Table 10-2 Parameters for the Windows ipconfig Command

Example 10-2 shows the ipconfig command, without extra parameters, being issued on a PC. The PC contains an Ethernet and a wireless network interface card (NIC). From the output, you can conclude that one of the NICs has an IP address of 172.16.202.129, while the other NIC has an IP address of 172.16.202.128. Also, you can see that these two NICs share a common default gateway of 172.16.202.2.

Image

Example 10-2 Sample Output from the Windows ipconfig Command

Click here to view code image


C:\> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::5101:b420:4354:d496%20
IPv4 Address. . . . . . . . . . . : 172.16.202.129
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.202.2
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::a10f:cff4:15e4:aa6%11
IPv4 Address. . . . . . . . . . . : 172.16.202.128
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.202.2
OUTPUT OMITTED...


Example 10-3 shows the ipconfig /all command being issued on a PC. Notice the additional output from this command, not shown in the output of the ipconfig command. As a couple of examples, you can see the MAC address (labeled as the physical address) for each NIC and the DNS server’s IP address of 172.16.202.2.

Example 10-3 Sample Output from the Windows ipconfig /all Command

Click here to view code image


C:\> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN-OD1IG7JF47P
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomain
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection #2
Physical Address. . . . . . . . . : 00-0C-29-3A-21-67
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5101:b420:4354:d496%20
(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.202.129(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, May 28, 2011 6:28:08
PM
Lease Expires . . . . . . . . . . : Saturday, May 28, 2011 9:28:08
PM
Default Gateway . . . . . . . . . : 172.16.202.2
DHCP Server . . . . . . . . . . . : 172.16.202.254
DHCPv6 IAID . . . . . . . . . . . : 419433513
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A6-11-77-00-0C-
29-3A-21-5D
DNS Servers . . . . . . . . . . . : 172.16.202.2
Primary WINS Server . . . . . . . : 172.16.202.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-29-3A-21-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a10f:cff4:15e4:aa6%11
(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.202.128(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, May 28, 2011 6:27:56
PM
Lease Expires . . . . . . . . . . : Saturday, May 28, 2011 9:28:08
PM
Default Gateway . . . . . . . . . : 172.16.202.2
DHCP Server . . . . . . . . . . . : 172.16.202.254
DHCPv6 IAID . . . . . . . . . . . : 234884137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A6-11-77-00-0C-
29-3A-21-5D
DNS Servers . . . . . . . . . . . : 172.16.202.2
Primary WINS Server . . . . . . . : 172.16.202.2
NetBIOS over Tcpip. . . . . . . . : Enabled
OUTPUT OMITTED...


If you are troubleshooting a PC and suspect that IP addressing might be an issue, you can release the PC’s current DHCP lease with the ipconfig /release command, as shown in Example 10-4. Then you can renew the DHCP lease with the ipconfig /renew command, as shown in Example 10-5.

Example 10-4 Sample Output from the Windows ipconfig /release Command

Click here to view code image


C:\> ipconfig /release
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::5101:b420:4354:d496%20
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a10f:cff4:15e4:aa6%11
Default Gateway . . . . . . . . . :
OUTPUT OMITTED...


Example 10-5 Sample Output from the Windows ipconfig /renew Command

Click here to view code image


C:\> ipconfig /renew
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::5101:b420:4354:d496%20
IPv4 Address. . . . . . . . . . . : 172.16.202.129
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.202.2
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::a10f:cff4:15e4:aa6%11
IPv4 Address. . . . . . . . . . . : 172.16.202.128
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.202.2
OUTPUT OMITTED...


nbtstat

The nbtstat command displays NetBIOS information for IP-based networks. The nbt prefix of the nbtstat command refers to NetBIOS over TCP/IP, which is called NBT or NetBT. This command can, for example, display a listing of NetBIOS device names learned by a Windows PC.

The syntax of the nbtstat command is as follows:

Click here to view code image

nbtstat [ [-a remote_name] [-A ip_address] [-c] [-n] [-r] [-R] [-S] ]

Table 10-3 describes the previously listed parameters for the nbtstat command.

Image

Table 10-3 Parameters for the Windows nbtstat Command

When troubleshooting, it often helps to know the IP address of a known NetBIOS name. You can view a PC’s NetBIOS name cache, which lists this information, with the nbtstat -c command, as shown in Example 10-6.

Image

Example 10-6 Sample Output from the Windows nbtstat -c Command

Click here to view code image


C:\> nbtstat -c
Local Area Connection:
Node IpAddress: [192.168.1.50] Scope Id: []

NetBIOS Remote Cache Name Table

Name Type Host Address Life [sec]
------------------------------------------------------------
192.168.1.150 <20> UNIQUE 192.168.1.150 440
192.168.1.241 <20> UNIQUE 192.168.1.241 395
192.168.1.50 <20> UNIQUE 192.168.1.50 392
AZSCO-CISCO-S2 <00> UNIQUE 192.168.1.150 555
AZSCO-CISCO-S2 <20> UNIQUE 192.168.1.150 555
THE-WALLACES-TI<20> UNIQUE 192.168.1.1 202
THE-WALLACES-TI<00> UNIQUE 192.168.1.1 202
IMAC-3026FE <00> UNIQUE 192.168.1.240 552
IMAC-3026FE <20> UNIQUE 192.168.1.240 550
LIVE-DELIVERY <20> UNIQUE 192.168.1.50 222


If you want to verify that a PC is successfully resolving NetBIOS names, either by using a broadcast or from a WINS server, the nbtstat -r command, as demonstrated in Example 10-7, can help.

Example 10-7 Sample Output from the Windows nbtstat -r Command

Click here to view code image


C:\> nbtstat -r
NetBIOS Names Resolution and Registration Statistics
----------------------------------------------------
Resolved By Broadcast = 6
Resolved By Name Server = 0

Registered By Broadcast = 4
Registered By Name Server = 0

NetBIOS Names Resolved By Broadcast
---------------------------------------------
AZSCO-CISCO-S2 <00>
AZSCO-CISCO-S2
IMAC-3026FE <00>
IMAC-3026FE
THE-WALLACES-TI<00>
THE-WALLACES-TI


The nbtstat command even allows you to view the NetBIOS table of a remote PC with the nbtstat -a command, as shown in Example 10-8. Note, however, that the Node IpAddress parameter shows the IP address of the PC issuing the nbtstat command. However, the MAC Address parameter shows the MAC address of the remote PC.

Example 10-8 Sample Output from the Windows nbtstat -a Command

Click here to view code image


C:\> nbtstat -a AZSCO-CISCO-S2
Local Area Connection:
Node IpAddress: [192.168.1.50] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
AZSCO-CISCO-S2 <00> UNIQUE Registered
KITCHEN <00> GROUP Registered
AZSCO-CISCO-S2 <20> UNIQUE Registered
KITCHEN <1E> GROUP Registered
KITCHEN <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
MAC Address = 00-13-72-79-4C-9D


netstat

You can use the netstat command to display various information about IP-based connections on a PC. For example, you can view information about current sessions, including source and destination IP addresses and port numbers. You can also display protocol statistics. This might be useful for troubleshooting purposes. For example, you might issue the netstat command and see that your PC has sessions open to an unknown host on the Internet. These sessions might warrant further investigation to determine why the sessions are open and if they might be resulting in performance issues on your PC or possibly posing a security risk.

The following is the syntax for the netstat command and some of its commonly used options:

Click here to view code image

netstat [-a] [-b] [-e] [-f] [-p proto] [-r] [-s]

Table 10-4 explains the usage of the previously listed command options.

Image

Table 10-4 Parameters for the Windows netstat Command

The netstat command issued without any options lists source and destination IP addresses and port numbers for all IP-based sessions. Example 10-9 shows sample output from this command.

Image

Example 10-9 Sample Output from the Windows netstat Command

Click here to view code image


C:\> netstat
OUTPUT OMITTED...
TCP 127.0.0.1:27015 LIVE-DELIVERY:1309 ESTABLISHED
TCP 192.168.1.50:1045 172.16.224.200:https CLOSE_WAIT
TCP 192.168.1.50:1058 THE-WALLACES-TI:microsoft-ds ESTABLISHED
TCP 192.168.1.50:1079 tcpep:https ESTABLISHED
TCP 192.168.1.50:1081 174:http ESTABLISHED
TCP 192.168.1.50:1089 by2msg4020609:msnp ESTABLISHED
TCP 192.168.1.50:1111 HPB81308:netbios-ssn ESTABLISHED
TCP 192.168.1.50:1115 10.65.228.81:https ESTABLISHED
TCP 192.168.1.50:1116 10.65.228.81:https ESTABLISHED
TCP 192.168.1.50:1117 10.65.228.81:https ESTABLISHED
TCP 192.168.1.50:1118 10.65.228.81:https ESTABLISHED
TCP 192.168.1.50:1126 10.65.228.81:https ESTABLISHED
TCP 192.168.1.50:1417 vip1:http CLOSE_WAIT
TCP 192.168.1.50:1508 208:https CLOSE_WAIT
TCP 192.168.1.50:1510 208:https CLOSE_WAIT
TCP [::1]:2869 LIVE-DELIVERY:1514 TIME_WAIT
TCP [::1]:2869 LIVE-DELIVERY:1515 ESTABLISHED
OUTPUT OMITTED...


You might notice an open connection using a specific port and be unsure what application opened that connection. As seen in Example 10-10, the netstat -b command shows which application opened a specific connection. In this example, Dropbox.exe, iTunex.exe, firefox.exe, and OUTLOOK.exe are applications that have currently open connections.

Example 10-10 Sample Output from the Windows netstat -b Command

Click here to view code image


C:\> netstat -b
Active Connections
OUTPUT OMITTED...
Proto Local Address Foreign Address State
TCP 127.0.0.1:1068 LIVE-DELIVERY:19872 ESTABLISHED
[Dropbox.exe]
TCP 127.0.0.1:1309 LIVE-DELIVERY:27015 ESTABLISHED
[iTunes.exe]
TCP 127.0.0.1:1960 LIVE-DELIVERY:1961 ESTABLISHED
[firefox.exe]
TCP 192.168.1.50:1115 10.1.228.81:https ESTABLISHED
[OUTLOOK.EXE]
TCP 192.168.1.50:1116 10.1.228.81:https ESTABLISHED
[OUTLOOK.EXE]
OUTPUT OMITTED...


nslookup

Although the nslookup command offers various command options, this section focuses on the most common use for the command. Specifically, you can use the nslookup command to resolve an FQDN to an IP address. This can, for example, help you to determine whether a DNS record is correct and to verify that your DNS server is operating.

The nslookup command can be issued along with an FQDN, or it can be used in an interactive mode, where you are prompted to enter command parameters. Therefore, the syntax can be summarized as follows:

nslookup [fqdn]

In noninteractive mode, you issue the nslookup command followed by an FQDN to display the IP address corresponding to the FQDN. To illustrate, consider Example 10-11, where the nslookup command is issued to resolve the IP address of the website cbtnuggets.com, which appears to be 172.31.194.74. (Note that a private IP address is used for illustrative purposes; in a real-world example, a public IP address would display.)

Image

Example 10-11 Sample Output from the Windows nslookup Noninteractive Command

Click here to view code image


C:\> nslookup cbtnuggets.com
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: cbtnuggets.com
Address: 172.31.194.74


In interactive mode, the nslookup command is entered, after which you enter command parameters from the > prompt. In Example 10-12, cbtnuggets.com is entered at the prompt to see the IP address corresponding to that FQDN. Also, notice that entering a question mark (?) displays a help screen that shows command options. Entering quit exits you from interactive mode.

Example 10-12 Sample Output from the Windows nslookup Interactive Command

Click here to view code image


C:\> nslookup
Default Server: UnKnown
Address: 192.168.1.1

> cbtnuggets.com
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: cbtnuggets.com
Address: 172.31.194.74

> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to
N1,N2, etc.
root=NAME - set root server to NAME
OUTPUT OMITTED...
> quit
C:\>


ping

The ping command is one of the most commonly used command-line commands. You can use it to check IP connectivity between two network devices. Multiple platforms (for example, routers, switches, and hosts) support the pingcommand.

The ping command uses Internet Control Message Protocol (ICMP), which is a Layer 4 protocol. If you issue a ping command from your PC, your PC sends an ICMP echo message to the specified destination host. Assuming the destination host is reachable, the host responds with an ICMP echo reply message. Other ICMP messages can be returned to your PC, from your PC’s default gateway, to indicate that a destination host is unreachable, that an ICMP echo timed out, or that a Time To Live (TTL) value (which is decremented by 1 at each router hop) has expired (decremented to a value of 0).

The syntax of the ping command, along with some of its commonly used options, is as follows:

Click here to view code image

ping [-t] [-n count] [-l size] [-f] [-i TTL] [-S srcaddr] target_name

Table 10-5 explains the usage of the previously listed command options.

Image

Table 10-5 Parameters for the Windows ping Command

A Windows ping command specifying only the target_name parameter sends four ICMP echo messages to the specified target, as shown in Example 10-13. In the output, notice that none of the packets were dropped.

Image

Example 10-13 Sample Output from the Windows ping Command

Click here to view code image


C:\> ping 192.168.1.2
Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=2ms TTL=64
Reply from 192.168.1.2: bytes=32 time=1ms TTL=64
Reply from 192.168.1.2: bytes=32 time=1ms TTL=64
Reply from 192.168.1.2: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms


If the specified target address is unreachable, output from the ping command indicates that the target cannot be reached, as shown in Example 10-14.

Example 10-14 Windows ping Command Indicating an Unreachable Destination

Click here to view code image


C:\> ping 192.168.1.200

Pinging 192.168.1.200 with 32 bytes of data:
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.
Reply from 192.168.1.50: Destination host unreachable.

Ping statistics for 192.168.1.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


ping with IPv6

Depending on the operating system, ping can natively work to test connectivity using IPv6 when an IPv6 destination address is part of the ping command. On some systems the command ping -6 IPv6-destination-address, ping6IPv6-destination-address, or some variant specific to that operating system may be available for testing IPv6 connectivity.

route

The route command can display a PC’s current IP routing table. In addition, you can use the route command to add or delete entries to or from that routing table. Syntax of the route command, with a collection of commonly used options, is as follows:

Click here to view code image

C:\>route [-f] [-p] command [destination] [mask netmask] [gateway]
[metric metric] [if interface]

Table 10-6 explains the usage of the previously listed command options.

Image

Table 10-6 Parameters for the Windows route Command

Example 10-15 illustrates the use of the route print command, which displays the contents of a PC’s routing table. Notice that the output identifies a listing of the PC’s interfaces, along with IPv4 routes and IPv6 routes. From the output, you see that the 10.0.0.0 255.0.0.0 network is reachable via two gateways (192.168.1.77 and 192.168.1.11). Also, notice that there is a persistent route (a route entry that survives a reboot) to act as a default gateway for the PC, which is 192.168.1.1.

Image

Example 10-15 Sample Output from the Windows route print Command

Click here to view code image


C:\> route print
======================================================================
Interface List
11...00 24 81 ee 4c 0e ......Intel(R) 82566DM-2 Gigabit Network
Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
======================================================================

IPv4 Route Table
==============================+=======================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.50 276
10.0.0.0 255.0.0.0 192.168.1.77 192.168.1.50 21
10.0.0.0 255.0.0.0 192.168.1.11 192.168.1.50 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.0.0 255.255.0.0 192.168.1.11 192.168.1.50 21
192.168.0.0 255.255.255.0 192.168.1.11 192.168.1.50 21
192.168.1.0 255.255.255.0 On-link 192.168.1.50 276
192.168.1.50 255.255.255.255 On-link 192.168.1.50 276
192.168.1.255 255.255.255.255 On-link 192.168.1.50 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.50 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.50 276
=========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
=========================================================================

IPv6 Route Table
=========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:10e2:614f:b34e:ea84/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::10e2:614f:b34e:ea84/128
On-link
11 276 fe80::f46d:4a34:a9c4:51a0/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
=========================================================================
Persistent Routes:
None


Imagine that you want to remove one of the route entries for the 10.0.0.0 255.0.0.0 network. Example 10-16 shows how one of the two entries (specifically, the entry pointing to 192.168.1.11) can be removed from the routing table. Notice from the output that after the route delete 10.0.0.0 mask 255.0.0.0 192.168.1.11 command is issued, the route no longer appears in the routing table.

Image

Example 10-16 Sample Output from the Windows route delete Command

Click here to view code image


C:\> route delete 10.0.0.0 mask 255.0.0.0 192.168.1.11
OK!
C:\> route print
OUTPUT OMITTED...
IPv4 Route Table
======================================================++++================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.50 276
10.0.0.0 255.0.0.0 192.168.1.77 192.168.1.50 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.0.0 255.255.0.0 192.168.1.11 192.168.1.50 21
192.168.0.0 255.255.255.0 192.168.1.11 192.168.1.50 21
192.168.1.0 255.255.255.0 On-link 192.168.1.50 276
192.168.1.50 255.255.255.255 On-link 192.168.1.50 276
192.168.1.255 255.255.255.255 On-link 192.168.1.50 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.50 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.50 276
==========================================================================
OUTPUT OMITTED...


A route can be added by using the route add command. Example 10-17 shows and confirms the addition of a route pointing to the 10.2.1.0 255.255.255.0 network, with a next-hop route (gateway) of 192.168.1.1.

Example 10-17 Sample Output from the Windows route add Command

Click here to view code image


C:\> route add 10.2.1.0 mask 255.255.255.0 192.168.1.1
OK!

C:\> route print
OUTPUT OMITTED...
IPv4 Route Table
==========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.50 276
10.0.0.0 255.0.0.0 192.168.1.77 192.168.1.50 21
10.2.1.0 255.255.255.0 192.168.1.1 192.168.1.50 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.0.0 255.255.0.0 192.168.1.11 192.168.1.50 21
192.168.0.0 255.255.255.0 192.168.1.11 192.168.1.50 21
192.168.1.0 255.255.255.0 On-link 192.168.1.50 276
192.168.1.50 255.255.255.255 On-link 192.168.1.50 276
192.168.1.255 255.255.255.255 On-link 192.168.1.50 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.50 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.50 276
==========================================================================
OUTPUT OMITTED...


tracert

In an earlier section, you were introduced to the ping command, which can verify Layer 3 connectivity to a remote host. If the ping were unsuccessful, or if the round-trip response times seem too long, the tracert command might help isolate the issue. Specifically, the tracert command pings every router hop from the source to the destination and reports the round-trip time for each router hop.

If a router is not reachable, you might want to investigate the router hop just before or just after the hop that timed out. However, in many cases, a router does not respond to a tracert because it has been configured not to respond to ICMP messages (which is what the tracert command uses) for security reasons. So, a failed response does not always indicate a router-configuration issue or a bad link between two routers. However, even if the tracert output shows every route hop from the source to the destination, the round-trip delay time can help identify congested links.

Although the tracert command has a few optional parameters, usually, the command simply specifies a target IP address or FQDN, as follows:

C:\>tracert destination

Example 10-18 shows a successful trace from a PC to a destination FQDN of pearsonitcertification.com. Even though the trace was successful, the output still helps identify any slow links interconnecting routers along the path from the source to the destination.

Example 10-18 Sample Output from a Successful Windows tracert Command

Click here to view code image


C:\> tracert pearsonitcertification.com
Tracing route to pearsonitcertification.com [64.28.85.25]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms THE-WALLACES-TI [192.168.1.1]
2 12 ms 18 ms 9 ms CPE-76-177-16-1.natcky.res.rr.com [76.177.16.1]
3 8 ms 13 ms 11 ms gig2-0-0.rcmdky-mx41.natcky.rr.com
[65.28.199.205]
4 32 ms 35 ms 34 ms tge0-2-0.chcgileq-rtr1.kc.rr.com [65.28.199.97]
5 30 ms 28 ms 35 ms ae-4-0.cr0.chi10.tbone.rr.com [66.109.6.100]
6 28 ms 36 ms 51 ms ae-0-0.pr0.chi10.tbone.rr.com [66.109.6.153]
7 32 ms 37 ms 32 ms if-4-0-0.core1.CT8-Chicago.as6453.net
[66.110.14.21]
8 32 ms 31 ms 33 ms if-1-0-0-1878.core2.CT8-Chicago.as6453.net
[66.110.27.78]
9 58 ms 60 ms 56 ms 63.243.186.25
10 95 ms 64 ms 73 ms cr2-pos-0-8-0-3.nyr.savvis.net [208.173.129.29]
11 66 ms 61 ms 72 ms hr1-tengig-13-0-0.waltham2bo2.savvis.net
[204.70.198.182]
12 62 ms 67 ms 62 ms das3-v3038.bo2.savvis.net[209.202.187.182]
13 62 ms 63 ms 66 ms blhosting.bridgelinesw.com [64.14.81.46]
14 63 ms 62 ms 76 ms www1.webdialogs.com [64.28.85.25]
Trace complete.


Example 10-19 shows an unsuccessful trace. The first-hop router (192.168.1.1) responded; however, the router beyond that did not respond. So, in a troubleshooting situation, you might focus your attention to the interconnection between those two routers.

Example 10-19 Sample Output from an Unsuccessful Windows tracert Command

Click here to view code image


C:\> tracert 172.16.1.1
Tracing route to 172.16.1.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms THE-WALLACES-TI [192.168.1.1]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
OUTPUT OMITTED...


tracert with IPv6

Similar to the tracert options for IPv4, the IPv6 path through a network can be verified with tracert for IPv6. Depending on the version of Windows being used, this may be done by using tracert destination-IPv6-address, tracert6destination-IPv6-address, or tracert -6 destination-IPv6-address.

PathPing

The PathPing Windows tool combines features of Ping and Tracert over a period of time. It can be used with IPv4 and IPv6. PathPing shows the amount of packet loss at any given router so you can identify the routers that might be causing in the path. Options with PathPing include those outlined in Table 10-7.

Image

Table 10-7 Parameters for the Windows PathPing Tool

UNIX Commands

This discussion of UNIX OS commands is more generic than Windows, in that there are many variations of UNIX implementations: some open-standard implementations and some vendor-specific implementations. This chapter describes UNIX commands as they exist in Apple’s OS X, which runs a variant of UNIX at its core.

Although some of the following UNIX command can be used for the same purposes as some of the Windows commands, the syntax might vary slightly. Again, this chapter is not an exhaustive syntax reference, but a quick reference for common use cases and common options for the selected commands.

One of the benefits of UNIX is its extensive syntax reference in the form of manual pages (man pages). These man pages can be invoked with the following syntax:

HOST# man command

For example, if you want detailed information about the arp command, you can enter man arp to produce the output shown in Example 10-20.

Example 10-20 Sample Output from a Sample UNIX man Command

Click here to view code image


HOST# man arp

ARP(8) BSD System Manager's Manual ARP(8)

NAME
arp -- address resolution display and control

SYNOPSIS
arp [-n] [-i interface] hostname
arp [-n] [-i interface] -a
arp -d hostname [pub] [ifscope interface]
arp -d [-i interface] -a
arp -s hostname ether_addr [temp] [reject] [blackhole] [pub [only]]
[ifscope interface]
arp -S hostname ether_addr [temp] [reject] [blackhole] [pub [only]]
[ifscope interface]
arp -f filename

DESCRIPTION
The arp utility displays and modifies the Internet-to-Ethernet
address
translation tables used by the address resolution protocol (arp(4)).
With no flags, the program displays the current ARP entry for
hostname.
The host may be specified by name or by number, using Internet dot
notation.

:
OUTPUT OMITTED...


Other than the man command, all the UNIX commands listed in this section are commands listed in the Network+ exam (N10-006) blueprint.

arp

Similar to the Windows arp command, the UNIX arp command can be used to display MAC address to IP address mappings. The syntax of the arp command is as follows:

Click here to view code image

arp [-a]
arp [-n] [-i interface] -a
arp -s hostname ether_addr [temp] [reject] [blackhole] [ifscope
interface]
arp -d hostname [ifscope interface]
arp -d [-i interface] -a
arp -f filename

Table 10-8 explains the usage of the previously listed command options.

Image

Table 10-8 Parameters for the UNIX arp Command

To illustrate a few uses of the arp command, first imagine that you want to add an entry in your UNIX host’s ARP cache for an IP address of 192.168.1.32. You know the MAC address of that device is 11:22:33:44:55:66, and you know that the device is available off of interface en0. You can enter the arp command with the -s option, as demonstrated in Example 10-21, to add a static ARP entry. The example then confirms the entry has been made by issuing the arp -a command.

Image

Example 10-21 Adding and Confirming a Static ARP Entry with the UNIX arp Command

Click here to view code image


HOST# arp -s 192.168.1.32 11:22:33:44:55:66 ifscope en0
HOST# arp -a
? (172.16.53.255) at (incomplete) on vmnet1 ifscope [ethernet]
? (172.16.202.255) at (incomplete) on vmnet8 ifscope [ethernet]
? (192.168.1.1) at 0:1f:f3:c9:39:fe on en0 ifscope [ethernet]
? (192.168.1.2) at 0:18:f8:50:ad:35 on en0 ifscope [ethernet]
? (192.168.1.32) at 11:22:33:44:55:66 on en0 ifscope [ethernet]
? (192.168.1.50) at 0:24:81:ee:4c:e on en0 ifscope [ethernet]
? (192.168.1.235) at 0:21:5a:b8:13:9 on en0 ifscope [ethernet]
? (192.168.1.240) at 0:23:12:18:a1:bd on en0 ifscope [ethernet]
? (192.168.1.248) at 0:21:47:3:6:94 on en0 ifscope [ethernet]
? (192.168.1.255) at (incomplete) on en0 ifscope [ethernet]


Next, imagine that you want to delete the entry you just added. Example 10-22 shows how the -d option of the arp command can remove an entry from a host’s ARP cache. The output then confirms that the entry was removed.

Example 10-22 Deleting and Confirming the Deletion of a Static ARP Entry with the UNIX arp Command

Click here to view code image


HOST# arp -d 192.168.1.32 ifscope en0
192.168.1.32 (192.168.1.32) deleted
HOST# arp -a
? (172.16.53.255) at (incomplete) on vmnet1 ifscope [ethernet]
? (172.16.202.255) at (incomplete) on vmnet8 ifscope [ethernet]
? (192.168.1.1) at 0:1f:f3:c9:39:fe on en0 ifscope [ethernet]
? (192.168.1.2) at 0:18:f8:50:ad:35 on en0 ifscope [ethernet]
? (192.168.1.50) at 0:24:81:ee:4c:e on en0 ifscope [ethernet]
? (192.168.1.235) at 0:21:5a:b8:13:9 on en0 ifscope [ethernet]
? (192.168.1.240) at 0:23:12:18:a1:bd on en0 ifscope [ethernet]
? (192.168.1.248) at 0:21:47:3:6:94 on en0 ifscope [ethernet]
? (192.168.1.255) at (incomplete) on en0 ifscope [ethernet]


dig and nslookup

The Windows nslookup command was used to resolve a given FQDN to its IP address. UNIX has a similar nslookup command, which you can also use for FQDN-to-IP address resolution.

The dig command can similarly be used to resolve FQDNs to IP addresses. Unlike the nslookup command, however, the dig command is entirely a command-line command. (dig lacks the interactive mode of the nslookupcommand.)

Example 10-23 compares the output of the nslookup and dig commands. Notice that the dig command offers more information than the nslookup command. For example, the A in the QUESTION SECTION output of the digcommand identifies the DNS record type (an A record, which is an alias record). If you peruse the output, you can find a few other pieces of information present in the dig command output, not found in the nslookup command output; however, the dig command is rarely used to glean these more subtle pieces of information. Rather, the dig command is used by many UNIX administrators as simply an alternate way of resolving FQDNs to IP addresses. Notice that both commands indicate that the IP address corresponding to the FQDN of www.pearsonitcertification is 64.28.85.25.

Image

Example 10-23 Comparing Output from the UNIX dig and nslookup Commands

Click here to view code image


HOST# nslookup www.pearsonitcertification.com
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: www.pearsonitcertification.com
Address: 64.28.85.25

HOST# dig www.pearsonitcertification.com

; <<>> DiG 9.6.0-APPLE-P2 <<>> www.pearsonitcertification.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.pearsonitcertification.com. IN A

;; ANSWER SECTION:
www.pearsonitcertification.com. 10791 IN A 64.28.85.25

;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 30 13:36:11 2011
;; MSG SIZE rcvd: 64


host

Yet another approach to resolving FQDNs to IP addresses is to use the host command. The host command offers a variety of options, and you can read more about them by issuing the man host command from a UNIX prompt. However, this discussion focuses on the most common use of the host command, which is FQDN-to-IP address resolution.

Example 10-24 shows output from host www.pearsonitcertification.com. Notice that the resolved IP address of 64.28.85.25 matches the IP address resolved by both the dig and nslookup commands.

Image

Example 10-24 Sample Output from the UNIX host Command

Click here to view code image


HOST# host www.pearsonitcertification.com
www.pearsonitcertification.com has address 64.28.85.25


ifconfig

The UNIX ifconfig command is most similar to the Windows ipconfig command, although the output is noticeably different. Issued by itself, the ifconfig command displays a UNIX host’s interfaces along with configuration information about those interfaces, including MAC address, maximum transmission unit (MTU), IPv4 address, and IPv6 address information.

Beyond just displaying interface information, the ifconfig command can also configure interface parameters. For example, an interface’s IP address can be configured with the ifconfig command.

Although many options are available (see the UNIX man pages for more details), the following syntax shows how to use the previously described ifconfig command functions:

Click here to view code image

ifconfig [interface [inet ip_addr netmask netmask]]

For example, if you want to configure interface en0 with an IP address of 192.168.1.26 and a subnet mask of 255.255.255.0, you could issue the command ifconfig en0 inet 192.168.1.26 netmask 255.255.255.0. Example 10-25shows this command being issued, followed by the display generated from the ifconfig command to confirm that the change took effect.

Image

Example 10-25 Configuring and Verifying the Configuration of an Interface’s IP Address with the UNIX ifconfig Command

Click here to view code image


HOST# ifconfig en0 inet 192.168.1.26 netmask 255.255.255.0
HOST# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet6 fdb9:537c:6f1c:705f:5a55:caff:fefa:1551 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 58:55:ca:fa:15:51
inet6 fe80::5a55:caff:fefa:1551%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.26 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
OUTPUT OMITTED...


traceroute

The traceroute UNIX command can be used for the same purpose as the tracert Windows command. Specifically, you can help isolate which router hop along the path from a source device to a destination device is having issues. Also, based on the round-trip response time information reported for each hop, you can better determine which network segment might be causing excessive delay because of congestion. Example 10-26 offers sample output from the traceroute command, which is identifying the 13 router hops a UNIX host must transit to reach pearsonitcertification.com.

Image

Example 10-26 Sample Output from the UNIX traceroute Command

Click here to view code image


HOST# traceroute pearsonitcertification.com
traceroute to pearsonitcertification.com (64.28.85.25), 64 hops max, 52 byte
packets
1 192.168.1.1 (192.168.1.1) 3.480 ms 2.548 ms 2.404 ms
2 cpe-76-177-16-1.natcky.res.rr.com (76.177.16.1) 22.150 ms 11.300 ms
9.719 ms
3 gig2-0-0.rcmdky-mx41.natcky.rr.com (65.28.199.205) 9.242 ms 19.940
ms 11.735 ms
4 tge0-2-0.chcgileq-rtr1.kc.rr.com (65.28.199.97) 38.459 ms 38.821 ms
36.157 ms
5 ae-4-0.cr0.chi10.tbone.rr.com (66.109.6.100) 41.903 ms 37.388 ms
31.966 ms
6 ae-0-0.pr0.chi10.tbone.rr.com (66.109.6.153) 75.757 ms 46.287 ms
35.031 ms
7 if-4-0-0.core1.ct8-chicago.as6453.net (66.110.14.21) 48.020 ms
37.248 ms 45.446 ms
8 if-1-0-0-1878.core2.ct8-chicago.as6453.net (66.110.27.78) 108.466 ms
55.465 ms 87.590 ms
9 63.243.186.25 (63.243.186.25) 64.045 ms 63.582 ms 69.200 ms
10 cr2-pos-0-8-0-3.nyr.savvis.net (208.173.129.29) 64.933 ms 65.113 ms
61.759 ms
11 hr1-tengig-13-0-0.waltham2bo2.savvis.net (204.70.198.182) 71.964 ms
65.430 ms 74.397 ms
12 das3-v3038.bo2.savvis.net (209.202.187.182) 65.777 ms 64.483 ms
82.383 ms
13 blhosting.bridgelinesw.com (64.14.81.46) 63.448 ms !X * 68.879 ms !X


traceroute for IPv6

Similar to the traceroute options for IPv4, the IPv6 path through a network can be verified with traceroute for IPv6. Depending on the vendor and platform, this may be done by using traceroute destination-IPv6-address, traceroute6 destination-IPv6-address, traceroute -6 destination-IPv6-address, or some variant specific to the vendor and product being used.

netstat

The UNIX netstat command serves the same basic purpose of the Windows netstat command, which is to display various information about current connections. This information includes source and destination IP addresses and port numbers. You can also display protocol statistics with the netstat command.

The following is the syntax for the netstat command, with some of its commonly used options:

netstat [-a] [-b] [-r] [-s]

Table 10-9 explains the usage of the previously listed command options.

Image

Table 10-9 Parameters for the Windows netstat Command

As with Windows, the UNIX netstat command issued by itself produces output that details each current session, as shown in Example 10-27.

Image

Example 10-27 Sample Output from the UNIX netstat Command

Click here to view code image


HOST# netstat
Active Internet connections
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 37 0 192.168.1.245.49499 172.20.202.51-st.https CLOSE_WAIT
tcp4 37 0 192.168.1.245.49495 192.168.202.51-st.https CLOSE_WAIT
tcp4 0 0 192.168.1.26.49472 192.168.1.50.17500 ESTABLISHED
tcp4 0 0 192.168.1.26.49471 192.168.1.240.17501 ESTABLISHED
tcp4 0 0 192.168.1.245.49436 172.16.30.42-sta.http ESTABLISHED
tcp4 0 0 192.168.1.245.17500 192.168.1.50.2583 ESTABLISHED
tcp4 0 0 192.168.1.245.17500 192.168.1.240.60687 ESTABLISHED
tcp4 0 0 192.168.1.245.49423 10.243.202.51-st.https CLOSE_WAIT
tcp4 0 0 192.168.1.245.49321 172.16.62.121.https ESTABLISHED
tcp4 0 0 localhost.26164 localhost.49184 ESTABLISHED
tcp4 0 0 192.168.1.26.49505 192.168.1.240.netbios- TIME_WAIT
OUTPUT OMITTED...


The netstat command with the -r option can also be used to view the IP routing table of a UNIX host, as shown in Example 10-28.

Example 10-28 Sample Output from the UNIX netstat -r Command

Click here to view code image


HOST# netstat -r
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 45 40 en0
127 localhost UCS 0 0 lo0
localhost localhost UH 2 14 lo0
169.254 link#4 UCS 0 0 en0
172.16.53/24 link#6 UC 3 0 vmnet1
172.16.53.1 0:50:56:c0:0:1 UHLWI 0 107 lo0
172.16.53.255 link#6 UHLWbI 2 184 vmnet1
172.16.202/24 link#5 UC 2 0 vmnet8
172.16.202.255 link#5 UHLWbI 2 184 vmnet8
192.168.1 link#4 UC 10 0 en0
192.168.1.1 0:1f:f3:c9:39:fe UHLWI 67 257 en0
1183
192.168.1.2 0:18:f8:50:ad:35 UHLWI 0 0 en0
1032
192.168.1.50 0:24:81:ee:4c:e UHLWI 2 481 en0


ping

The UNIX ping command is most typically used to test network reachability to a specified destination, such as the Windows version ping command. However, unlike the Windows ping command, the UNIX ping command sends continuous pings, as opposed to the Windows default of only four pings.

Syntax for the UNIX ping command, along with some of its commonly used parameters, is as follows:

Click here to view code image

ping [-c count] [-D] [-S srcaddr] target_name

Table 10-10 explains the usage of the previously listed command options.

Image

Table 10-10 Parameters for the UNIX ping Command

Example 10-29 shows output from a ping command limited to sending only five ICMP echo packets.

Image

Example 10-29 Sample Output from the UNIX ping -c Command

Click here to view code image


HOST# ping -c 5 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=7.386 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=7.490 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=7.485 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=2.575 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=7.584 ms

--- 192.168.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.575/6.504/7.584/1.965 ms
route


Although the UNIX route command is not used to display a host’s IP routing table, which is a use of the Windows route command, it can be used to modify a UNIX host’s IP routing table. The route command has multiple options; however, this discussion focuses on using the route command to add or delete a route from a UNIX host’s routing table.

A partial syntax description for the UNIX route command, which focuses on adding and deleting routes from a UNIX host’s routing table, is as follows:

Click here to view code image

route [-qv] [[add | delete] net network/mask gateway]

Table 10-11 explains the usage of the previously listed command options.

Image

Table 10-11 Parameters for the UNIX route Command Used to Add and Delete Routes

Example 10-30 illustrates use of the UNIX route command to add a static route to a UNIX host’s routing table. Specifically, a route to 10.1.2.0/24 with a next-hop gateway of 192.168.1.1 is being added. Also, notice the netstat -rcommand issued after the route command to confirm the insertion of the 10.1.2.0/24 route into the UNIX host’s routing table.

Image

Example 10-30 Adding a Static Route with the UNIX route Command

Click here to view code image


HOST# route add 10.1.2.0/24 192.168.1.1
add net 10.1.2.0: gateway 192.168.1.1
HOST# netstat -r
Routing tables

Internet:
Destination Gatewa Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 15 0 en0
10.1.2/24 192.168.1.1 UGSc 0 0 en0
127 localhost UCS 0 0 lo0
localhost localhost UH 2 8 lo0
169.254 link#4 UCS 0 0 en0
OUTPUT OMITTED...


Real-World Case Study

Acme Inc. has most of its network infrastructure in place, including connectivity to the Internet. An administrator was attempting to visit a web server on the Internet but was not able to successfully connect.

From the Windows computer that he was using, he opened up a command prompt to do some troubleshooting. He verified that the local computer had an IP address and a default gateway by using the command ipconfig /all. Next he used the command arp -a to verify that his local computer had already resolved the default gateway’s Layer 2 MAC address. A ping command was used to verify connectivity between the local computer and the default gateway. The command nslookup was used to verify that the name of the website that was attempting to be visited was being correctly resolved to an IP address by DNS. The command tracert was used to verify the path to the server, but the tracert output stopped before reaching the web server’s final IP address. Browser-based access to other web servers on the Internet proved to be successful.

As a result of basic connectivity working to the Internet, including name resolution working correctly, it was determined that either the web server being accessed was temporarily down or that there was some type of a firewall or filter preventing access to that specific web server.

Summary

The main topics covered in this chapter are the following:

Image You can use a number of Windows CLI commands to monitor and troubleshoot a network. These commands include arp, ipconfig, nbtstat, netstat, nslookup, ping, pathping, route, and tracert.

Image UNIX CLI commands include man, arp, dig, nslookup, host, ifconfig, traceroute, netstat, ping, and route.

Exam Preparation Tasks

Review All the Key Topics

Review the most important topics from inside the chapter, noted with the Key Topic icon in the outer margin of the page. Table 10-12 lists these key topics and the page numbers where each is found.

Image

Image

Table 10-12 Key Topics for Chapter 10

Complete Tables and Lists from Memory

Print a copy of Appendix D, “Memory Tables” (found on the DVD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Table Answer Key,” also on the DVD, includes the completed tables and lists so you can check your work.

Define Key Terms

Define the following key terms from this chapter, and check your answers in the Glossary:

arp command

ipconfig command

nbtstat command

netstat command

nslookup command

ping command

route command

tracert command

dig command

host command

traceroute command

Complete Chapter 10 Hands-On Lab in Network+ Simulator Lite

Image Using ipconfig, ping, arp, and tracert Together to Troubleshoot Connectivity

Review Questions

The answers to these review questions are in Appendix A, “Answers to Review Questions.”

1. Consider the following output:

Click here to view code image

C:\> arp -a

Interface: 172.16.202.128 --- 0xb
Internet Address Physical Address Type
172.16.202.2 00-50-56-fd-65-2c dynamic
172.16.202.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static

What is the MAC address corresponding to the IP address of 172.16.202.2?

a. ff-ff-ff-ff-ff-ff

b. 00-50-56-fd-65-2c

c. 01-00-5e-00-00-16

d. 01-00-5e-00-00-fc

2. What option would you specify after the ipconfig command to display a Windows PC’s DNS server’s IP address?

a. No option is needed, because the ipconfig displays DNS server information by default.

b. /full

c. /fqdn

d. /all

3. Which Windows commands could have produced the following output? (Choose two.)

Click here to view code image

=============================================================================
Interface List
20...00 0c 29 3a 21 67 ......Intel(R) PRO/1000 MT Network Connection #2
11...00 0c 29 3a 21 5d ......Intel(R) PRO/1000 MT Network Connection
1........................... Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
=============================================================================

IPv4 Route Table
=============================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.202.2 172.16.202.128 10
0.0.0.0 0.0.0.0 172.16.202.2 172.16.202.129 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.202.0 255.255.255.0 On-link 172.16.202.128 266
172.16.202.0 255.255.255.0 On-link 172.16.202.129 266
172.16.202.128 255.255.255.255 On-link 172.16.202.128 266
172.16.202.129 255.255.255.255 On-link 172.16.202.129 266
172.16.202.255 255.255.255.255 On-link 172.16.202.128 266
172.16.202.255 255.255.255.255 On-link 172.16.202.129 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.202.129 266
224.0.0.0 240.0.0.0 On-link 172.16.202.128 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.202.129 266
255.255.255.255 255.255.255.255 On-link 172.16.202.128 266

a. netstat -a

b. route print

c. netstat -r

d. nbtstat -r

4. Which of the following Windows commands enables you to display NetBIOS over TCP/IP information?

a. route

b. nbtstat

c. dig

d. netstat

5. What protocol is used by the ping command?

a. IGMP

b. PIM

c. ICMP

d. RTP

6. Which of the following commands is used on a UNIX host to generate information about each router hop along the path from a source to a destination?

a. ping -t

b. tracert

c. ping -r

d. traceroute

7. Which of the following UNIX commands can be used to check FQDN-to-IP address resolution? (Choose three.)

a. nslookup

b. netstat

c. dig

d. host

8. Which of the following commands would you issue on a UNIX host to send five ICMP echo messages to a device with an IP address of 10.1.1.1?

a. ping 10.1.1.1 (No options are required, because five is the default number of pings.)

b. ping -c 5 10.1.1.1

c. ping -t 5 10.1.1.1

d. ping 10.1.1.1 -t 5

9. What command produced the following snippet of output?

Click here to view code image

OUTPUT OMITTED...
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62169
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;pearsonitcertification.com. IN A

;; ANSWER SECTION:
pearsonitcertification.com. 10800 IN A 64.28.85.25

;; Query time: 202 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Jun 1 20:41:57 2011
;; MSG SIZE rcvd: 60
OUTPUT OMITTED...

a. traceroute -d pearsonitcertification.com

b. dig pearsonitcertification.com

c. netstat -a pearsonitcertification.com

d. nbtstat pearsonitcertification.com

10. What command produced the following snippet of output?

Click here to view code image

OUTPUT OMITTED...
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet6 fd4e:f9d5:c34e:acd1:5a55:caff:fefa:1551 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 58:55:ca:fa:15:51
inet6 fe80::5a55:caff:fefa:1551%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.245 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
OUTPUT OMITTED...

a. ifconfig

b. ipconfig

c. ipconfig /all

d. ifconfig /all