The Transmission Control Protocol / Internet Protocol (TCP/IP) is a nonproprietary, routable network protocol suite that enables computers to communicate over all types of networks. TCP/IP is the native protocol of the Internet and is required for Internet Connectivity. The TCP/IP protocol suite includes a network/node address structure, tools for static and dynamic address assignment, name resolution services, and utilities for testing and configuration. TCP/IP utilities offer network connections to other computers, such as UNIX workstations. You must have the TCP/IP network protocol installed to use the TCP/IP utilities.Many utilities are available to troubleshoot TCP/IP connectivity problems. Most utilities are public domain and are included with the TCP/IP protocol stack provided with the operating system that you are using. This also means that the utilities may vary slightly depending on the operating system being used. For example, to view your TCP/IP setting on a Windows Server you would use "ipconfig", whereas on a Linux box you would use "ifconfig"—each of which may support different command-line switches. Although these utilities generally provide very basic functions, they will prove to be invaluable when troubleshooting network problems.
Some important TCP/IP utilities:
You can use ping(packet Internet groper) command to verify the network connectivity of a computer. Ping checks the host name, IP address, and that the remote system can be reached. Ping uses the ICMP ECHO_REQUEST datagrams to check connections between hosts by sending an echo packet, then listening for the reply packets.This command is used to test a machine's connectivity to another system and to verify that the target system is active. Usually, using this command is the first step to any troubleshooting if a connectivity problem is occurring between two computers. This can quickly help you to determine whether a remote host is available and responsive.
- If you are using Windows NT/2000, go to the command prompt by selecting Start | Run and then type CMD. If you are using Windows 95/98/ME, go to Start | Run, and type COMMAND.
- At the command prompt, type: ping <ip address>. In this example we are pinging the IP address of 126.96.36.199
- You will get four replies back from the ping message if the system you have pinged is up and running, as shown next.
- To test your TCP/IP software stack, you can ping the loopback address by typing ping 127.0.0.1.
- If you receive four lines of information showing successes, the TCP/IP protocol is initialized and functioning. Four lines of failed transmissions will show that TCP/IP is not initialized and cannot be used to perform network transmissions. The results of a successful ping to 127.0.0.1 are shown below.
The tracert ( or traceroute) utility determines the route data takes to get to a particular destination. The ICMP protocol sends out Time Exceeded messages to each router to trace the route. Each time a packet is sent, the time-to-live (TTL) value is reduced before the packet is forwarded. This allows TTL to count how many hops it is to the destination.
(note:- For finding more options for "tracert" type "tracert /?" windows command. In unix system "traceroute" is the command instead of "tracert". To know about traceroute type "man traceroute" in the console of unix system)
The Netstat utility shows the status of each active network connection. Netstat will display statistics for both TCP and UDP, including protocol, local address, foreign address, and the TCP connection state. Because UDP is connectionless, no connection information will be shown for UDP packets.
(note:- For finding more options for "netstat" type "netstat /?" windows command. In unix system netstat works equally well. Find out more in the "man netstat" page of Unix).
Network interface cards (NICs) have a hardware address, or MAC address, burned into the network card itself. When you communicate from one system to another, we generally use the IP address of the host with which we want to communicate, but underneath the hood, the systems must use the physical MAC address to send and receive data.The problem is, how does one system find out the MAC address of the other system so that it can send the data across the network? The answer is ARP. The address resolution protocol (ARP) was designed to provide a mapping from the logical TCP/IP addresses to the physical MAC addresses.
Address resolution is the process of resolving addresses or converting from one type of address to another. In the case of ARP, the logical address (layer-3 address) is being converted to the MAC address (layer-2 address) by a broadcast out on the network. With ARP, the sending computer yells out on the network "Whoever has this IP address, I need your MAC address." This broadcast is sent out on the wire, and every host looks at the broadcast data. The host with that IP address will reply with its MAC address. The address resolution process is complete once the original computer has received the MAC address information of the destination system, and is then able to send data.
How ARP Works:-
When a host wants to send data out on the network, the ARP protocol is tasked to find a MAC address that matches the IP address for the destination computer. The ARP protocol first looks inside its ARP cache table for the appropriate address. If the address is found, the destination MAC address is then added to the data packet and forwarded. If no entry exists in the ARP cache for the destination IP address, ARP broadcasts an ARP request packet to all the machines on the LAN to determine the MAC address of the machine that has that IP address. The host with that IP address will send an ARP reply that contains its MAC address, whereas all other hosts do not reply, because they do not have the IP address specified in the ARP request.
If the destination is on a remote subnet, the address of the router or gateway used to reach that subnet is ARPed. If the ARP cache does not contain an IP address for the router or gateway, the sending computer will ARP the IP address of the router.
Once the MAC address is determined by the ARP reply, the IP and MAC address of the destination system are stored in the ARP cache (stored in memory) so that next time the address will be resolved from the cache and a broadcast will not be needed.
To reduce the number of address resolution broadcasts, thereby minimizing network utilization, a client caches resolved addresses for a short time in a table in memory. This table, known as the ARP cache, is used to maintain the mappings between each MAC address and its corresponding IP address locally. This is the most important part of this protocol. Since the size of the ARP cache is limited, entries need to be purged periodically. If they are not, the cache could become huge in size and could contain quite a few obsolete entries. Therefore, ARP cache entries are removed at predefined intervals. This process also removes any unsuccessful attempts to contact computers that are not currently running.
Entries in the ARP cache can be viewed, added, or deleted by using the ARP utility. Entries that are added with this utility manually are called static entries and will not expire out of cache, whereas the entries that are added automatically through broadcast are known as the dynamic entries and will expire from the cache. Being able to view the ARP cache can be helpful in trying to resolve address resolution problems. By displaying the current cache, you can determine whether a host's MAC address is being resolved correctly.
To view the ARP cache, type the following command in a command prompt window and press enter:
(note:- for more options type "ARP /?". The ARP cache result would not be available properly unless you belong to a netwok. So the above screenshot is taken from somewhere else, not taken from my computer.. This utility works in Unix system as well. Find out more in "man ARP".)
Nslookup utility is used to test and troubleshoot domain name servers. Nslookup has two modes. Interactive mode enables you to query name servers for information about hosts and domains, or to print a list of hosts in a domain. Non- interactive mode prints only the name and requested details for one host or domain. Non-interative mode is useful for a single query.
To enter the interactive mode of Nslookup, type nslookup without any arguments at a command prompt, or use only a hypen as the first argument and specify a domain name server in the second. The default DNS name server will be used if you don't enter anything for the second argument.
To use non-interactive mode, in the first argument, enter the name or IP address of the computer you want to look up. In the second argument, enter the name or IP address of a domain name server. The default DNS name server will be used if you don't enter anything for the second argument.
(note:- nslookup works equally well in unix. Find out in the man page of unix about the command).
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters.
Among many parameters of this command three commands are very important:-
- /renew [adapter]
For /release and /renew, if no adapter name is specified, the IP address leases for all adapters that are bound to TCP/IP are released or renewed.
Both /renew and /release options only work on clients configured for dynamic (DHCP) addressing.
(note:- in unix system "ifconfig" is the command instead of "ipconfig". To know about ifconfig type "man ifconfig" in the console of unix system.)