The TCP/IP utilities Network commands are very much useful in the field of computer networking in diagnosing problems and getting solutions.
It also gives you more knowledge and more clutch on computer networking.
We will use some of those TCP/IP utilities.
Address resolution protocol, or termination control protocol/internet protocol is a part of the TCP/IP stake. Using this broadcast the TCP/AP addresses are used to MAC (Media access control) to translate into addresses. When a machine runs TCP/AP then it wants that information that what special address this machine going to use.
This will send an ARP which says in an effective form that which is in this xxx xxx xxx xxx address. That machine in which this special address is there will reply to Mac with this address. After this, the machine which gave this message, adds it to its ARP table.
Apart for normal uses a special utility is shown in ARP windows that this local workstation can be used to install this ARP and also see it.
Windows ARP table
In windows the ARP table is a message with TCP/IP addresses and its related (Mac) addresses. This table is cached in the memory, by which the TCP/IP address given quickly for which the ARP is not looked up. In every entry only one IP address is not there, but for Tile to Leave (TTL) there is a value which is shown by this that for every entry in the ARP table how much time will be taken.
In ARP table there are two types of entries.
Dynamic entries are created in ARP table at that when the windows looks up the TCP/IP stake in the ARP and the MAC address is not available in the ARP table. This ARP request is broadcast on the local segment. When the requested address is obtained then the information is added in the ARP table in the form of dynamic entry.
Using the ARP utility
In the ARP TCP/IP suit there is a protocol. In s similar requestor subnet a device is used to determine the requestor’s MAC address.
For a TCP/IP device to be connected to a local subnet a device a packet is necessary to be forwarded then first of all a communication has to be established between an IP address known with the intended device on the local subnet and a similar device’s MAC address, for this our table which is known as ARP cache, (cache because its parts after a particular period of time goes out) is seen.
If any such connection is not there, that which can be exhibited and that which can be included in the destination address, then the device sends a broadcast. In this along with its own MAC and IP information, there is also the IP address of the target device and a blank NOC address is also included, which is the aim of the whole operation. This is such an unknown name, by which the source device in one replying requests for returning. This gives the permission to see ARP cache of the operating system.
In windows, to start the ARP utility follow the steps given below:
- Select start and then Run and to open the MS-DOS prompt, enter cmd or you can also select command prompt from the start program and then accessories.
- On the command prompt, type arp and whichever switch you need, type that as discussed in this section later.
To resolve the utility, a duplicate IP address is used in its primary form. For example, your workstation obtains its address from a dynamic host configuration protocol (DHCP) server. But unfortunately, a similar address is obtained by another workstation too.
When you try to ping this, you don’t get any response. Your workstation tries to determine the MAC address and this cannot be done because two machines are reporting that they have the same address. To solve this problem and to see your ARP table and see this as to which TCP/IP address is resolved for which MAC address, you can use the arp utility. To display the presently broadcast ARP table use the switch given below with an ARP command.
You will then see something like this.
Apart from displaying the arp table, you can also use the arp utility to facilitate the table. To connect the static entries in the arp table use the switch along with arp command.
This entry remains in the arp table until the machine is not rebooted. A static entry exhibits a special IP address for a special Mac address, a solution that when a packet needs to send for that IP address, then it sends this MAC address in the automatic form. An example of this is given below.
arp=s 18.104.22.168 00-a0-c0-abc-311
To see the TCP/IP connections (both inbound and outbound) of your machine using NET Stat is a good method. You can use this to see the packet statics i.e. on the console of a network server like the MONITOR NLM utility, how many bits have sent and received the number errors and to see such other thing like this.
When this is used without any alternative then the NET stat gives the output as shown in the figure which shows all outbound TCP/IP connections. In the state of the figure on web connection when this NET stat utility is used without any alternative then it is very useful in determining the status of the outbound web connections.
Protocol on disables the used protocols. Because this is a web connection meaning it is a protocol TCP. Local address colon disables source address and source port (source socket). In this condition, the default shows that the NetBIOS name is not configured in the PC and refers to the local address, which to open the four parts TCP connection source ports, is followed through four parts registered TCP ports in the dynamic form.
For all four connections foreign address it is item 22.214.171.124:80 which shows this that the dynamic machine address is 126.96.36.199 and its destination port TCP is port 80. In other words for the web, it is HTTP. Stat column shows the status for every connection because UDP does not make a virtual circuit for a remote device. Normally when once a TCP connection is established between your computer and the destination computer then this column shows established on it.
The output will be like this… i.e. netstat command without any switch.
Depends on the netstat utility’s output switch you can use the following
-a, -e, -f, -s, -n, -p, -r
Normally you give a space net stat and after that type the switch. There are alternatives in some switches but the syntax in the principal form is the same. Pay attention to the switches in its UNIX form, where a hyphen is necessarily added and should be there. This is ordinary for TCP/IP utility in the Microsoft operating system but is different from the usual usage in the UNIX system.
The –a switch
When you use the –a switch then the net stat utility displays all the TCP/IP connections and the user datagram protocol (UDP) connections. A sample output generated by the net stat –a command is shown in the figure.
The last two entries in the figure are a type of protocol of the UDP and nb names and nb datagram source port nicknames, which are the familiar port numbers of 137 and 138.
This port number is generally seen in those networks which broadcasts the net bios name of a workstation on the TCP/IP network. You can say that this is broadcast because the destination address is disabled in this form.
-a switch’s most ordinary use in a TCP/IP connection is to check its status, which is seen as though it is hung. If the connection is ordinarily obtained then in the actual form it is hung and for a long time, it is not responding you can determine that.
The –e switch
The –e switch displays the summary of all those packets which is sent at those moments to the network card (NIC). In the table given below two columns show those packets, which came in this and is being sent now.
You can use –e switch to display the following series of statistics.
Bytes: when the computer is turned off, the number of transmitted and received bytes during that time. This statistics is useful in determining whether the data is actually transmitted and received or the interface network is not working at all.
Unicast packets: The numbers of those packets which are sent from this computer or received by this computer. To register a column from this packet has to be directly addressed from one computer to another computer and the address of the packet should be either in the source or the destination addresses section.
Non-unicast packets: the number of packets which is not sent directly from one workstation to the other. For example, the broadcast packet is a non-unicast packet.
The non-unicast packets should be equal to the number of unicast packets. If the number of unicast packets is less that non-unicast packet then lots of broadcast packets are sent to your computer. You will have to search for the source of these broadcasts and make some necessary adjustments.
Discards: the number of those packets which are discarded during the transmission or receiving by the NIC, because these are assembled properly.
Errors: that number of errors that took place during the transmission or reception. This number with the network card can highlight many problems.
Unknown protocols: the number of packets that were received which the windows network stake cannot describe. This statistics can be seen only in the column of receiving, because if this computer sends these then these will not be remaining unknown. Will they do so?
Unfortunately statistics does not mean that it is displayed with the time information. For example if the errors column show 100 errors then is it a problem? This can be a problem if the computer was put on only for a few minutes. But if the computer is working for many days then 100 errors can be easily ignored. Unfortunately the netstat utility has no method to show this that in how much has these errors occurred.
The –r switch
You can use the –r switch to display the routing table of a work station. The solution that you can see how many TCP/IP information has been routed. In the figure, the sample output goes from using this switch. You can tell this from the output that to route a special network which interface is being used. (This is more useful when there are many NIC in the computer.)
The –s switch
Many protocol statistics can be displayed of TCP, UDP, IP, and ICMP by using the –s switch. Below some samples are given which are obtained.
The –n switch
-n switch is a modifier for other switches, when this is used with other switches then this reverses the natural behavior of the net stat for using names in place of a network address. In other words when you use the –n switch, the output always displays network addresses in place of the related network names. Shown below is the netstat command and after that, the output obtained by using the netstat –n command. This shows similar information along with the network addresses in place of names.
The –p switch
Like the –n switch the –p switch is too a modifier. This is ideally used with the –s switch. This describes in which of the protocol statistics, the disabling is done i.e. IP, TCP, UDP or ICMP. For example, if you want to see only ICMP statistics then you can use this –p switch in the following manner.
netstat –s-p ICMP
After this netstat utility TC/IP statistics which ordinarily generates –s switch, in place of its gamut it displays ICMP statistics.
These are some of the TCP/IP utilities network commands that every networking guy should know.
I hope you like the presentation and explanation. If you have any query, please let us know.