EXPERIMENT-_

Practical implementation of basic network command and Network

configuration commands like ping, ipconfig, netstat, tracert etc. for trouble
shooting network related problems.
Theory: - The various network related commands used in MS-DOS, Windows, Linux ,Unix
and other operating system are explained below.
1. arp
2. finger
3. hostname
4. ipconfig
5. pathping
6. ping
7. nbtstat
8. netstat
9. nslookup
10. tracert
1. arp: - ARP stands for Address Resolution Protocol. This protocol is used by network nodes
to match IP addresses to MAC addresses. The original specification was RFC 826. That has
since been updated by RFC 5227, and RFC 5494.
The protocol functionally divided into two parts: -
 One part determines a physical address when sending a packet.
 Other part answers requests from other machines.
So ARP provides method for hosts send message to destination address on physical network.
Ethernet hosts must convert a 32-bit IP address into a 48-bit Ethernet address. The host
checks its ARP cache to see if address mapping from IP to physical address is known: -
 If mapping is known, physical address is placed in frame and sent.
 If mapping is not known, broadcast message is sent and awaits a reply.
 Target machine, recognizing IP address matches its own, returns answer.
ARP is transparent to bridging - bridging will send ARP broadcasts. Routers do not propagate
Ethernet broadcasts – a router is Network Level device.
Some arp related commands are given below: -
 arp/a: - Displays current arp cache tables for all interfaces. The /n parameter is case
sensitive. To display the arp cache entry for a specific IP address, use arp /a with the inetaddr
2320224 E-2 Yanshaj
parameter, where inetaddr is an IP address. If inetaddr is not specified, the first applicable
interface is used.
 arp/n: - To display the arp cache table for a specific interface, use the /n ifaceaddr
parameter in conjunction with the /a parameter where inetaddr is the IP address assigned to
the interface.
 arp/g: - Identical to /a.
 arp/d: - Deletes an entry with a specific IP address, where inetaddr is the IP address. To
delete an entry in a table for a specific interface, use the ifaceaddr parameter where ifaceaddr
is the IP address assigned to the interface. To delete all entries, use the asterisk (*) wildcard
character in place of inetaddr.
 arp/s: - Adds a static entry to the arp cache that resolves the IP address inetaddr to the
physical address etheraddr. To add a static arp cache entry to the table for a specific interface,
use the ifaceaddr parameter where ifaceaddr is an IP address assigned to the interface.

Note: - arp/a can also be written as arp –a. This applies in every command.
2. finger: - The finger command may also be used to look up users on a remote system. The
format is to specify the user as user@host. If you omit the user name, the finger command
provides the standard format listing on the remote system.

2320224 E-2 Yanshaj

3. hostname: - This is the simplest of all TCP/IP commands. It simply displays the name of
your computer.

4. ipconfig: - IP Configure (Internet Protocol configuration). In Windows, ipconfig is a

console application designed to run from the Windows command prompt. This utility allows
you to get the IP address information of a Windows computer. It also allows some control
over active TCP/IP connections. ipconfig replaced the older winipcfg utility.
 ipconfig/all: - Displays the full TCP/IP configuration for all adapters. Adapters can
represent physical interfaces, such as installed network adapters, or logical interfaces, such as
dial-up connections.
 ipconfig/displaydns: - Displays the contents of the DNS client resolver cache, which
includes both entries preloaded from the local Hosts file and any recently obtained resource
records for name queries resolved by the computer. The DNS Client service uses this
information to resolve frequently queried names quickly, before querying its configured DNS
servers.

2320224 E-2 Yanshaj

 ipconfig/flushdns: - Flushes and resets the contents of the DNS client resolver cache.
During DNS troubleshooting, you can use this procedure to discard negative cache entries
from the cache, as well as any other entries that have been added dynamically.
 ipconfig/registerdns: - Initiates manual dynamic registration for the DNS names and IP
addresses that are configured at a computer. You can use this parameter to troubleshoot a
failed DNS name registration or resolve a dynamic update problem between a client and the
DNS server without rebooting the client computer. The DNS settings in the advanced
properties of the TCP/IP protocol determine which names are registered in DNS.
 ipconfig /release [adapter]: - Sends a DHCPRELEASE message to the DHCP server to
release the current DHCP configuration and discard the IP address configuration for either all
adapters (if an adapter is not specified) or for a specific adapter if the adapter parameter is
included. This parameter disables TCP/IP for adapters configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that appears when you use
ipconfig without parameters.
 ipconfig/release6 [adapter]: - Sends a DHCPRELEASE message to the DHCPv6 server to
release the current DHCP configuration and discard the IPv6 address configuration for either
all adapters (if an adapter is not specified) or for a specific adapter if the adapter parameter is
included. This parameter disables TCP/IP for adapters configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that appears when you use
ipconfig without parameters.
 ipconfig/renew [adapter]: - Renews DHCP configuration for all adapters (if an adapter is
not specified) or for a specific adapter if the adapter parameter is included. This parameter is
available only on computers with adapters that are configured to obtain an IP address
automatically. To specify an adapter name, type the adapter name that appears when you use
ipconfig without parameters.
 ipconfig/renew6 [adapter]: - Renews DHCPv6 configuration for all adapters (if an adapter
is not specified) or for a specific adapter if the adapter parameter is included. This parameter
is available only on computers with adapters that are configured to obtain an IPv6 address
automatically. To specify an adapter name, type the adapter name that appears when you use
ipconfig without parameters.
 ipconfig/setclassid [adapter] [class ID]: - Configures the DHCP class ID for a specified
adapter. To set the DHCP class ID for all adapters, use the asterisk (*) wildcard character in
place of adapter. This parameter is available only on computers with adapters that are
configured to obtain an IP address automatically. If a DHCP class ID is not specified, the
current class ID is removed.
 ipconfig/showclassid [adapter]: - Displays the DHCP class ID for a specified adapter. To
see the DHCP class ID for all adapters, use the asterisk (*) wildcard character in place of
adapter. This parameter is available only on computers with adapters that are configured to
obtain an IP address automatically.

2320224 E-2 Yanshaj

5. pathping: - Provides information about network latency and network loss at intermediate
hops between a source and destination. This command sends multiple echo Request messages
to each router between a source and destination, over a period of time, and then computes
results based on the packets returned from each router. Because this command displays the
degree of packet loss at any given router or link, you can determine which routers or subnets
might be having network problems. Used without parameters, this command displays help.
This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a
component in the properties of a network adapter in Network Connections.
Additionally, this command identifies which routers are on the path, same as using the tracert
command. However, this command also sends pings periodically to all of the routers over a
specified time period and computes statistics based on the number returned from each.
Some pathping related commands are given below: -

2320224 E-2 Yanshaj

 pathping/n: - Prevents pathping from attempting to resolve the IP addresses of intermediate
routers to their names. This might expedite the display of pathping results.
 pathping/h: - Specifies the maximum number of hops in the path to search for the target
(destination). The default is 30 hops.
 pathping/g: - Specifies that the echo Request messages use the Loose Source Route option
in the IP header with the set of intermediate destinations specified in hostlist. With loose
source routing, successive intermediate destinations can be separated by one or multiple
routers. The maximum number of addresses or names in the host list is 9. The hostlist is a
series of IP addresses (in dotted decimal notation) separated by spaces.
 pathping/p: - Specifies the number of milliseconds to wait between consecutive pings. The
default is 250 milliseconds (1/4 second). This parameter sends individual pings to each
intermediate hop. Because of this, the interval between two pings sent to the same hop is
period multiplied by the number of hops.
 pathping/q: - Specifies the number of echo Request messages sent to each router in the
path. The default is 100 queries.
 pathping/w: - Specifies the number of milliseconds to wait for each reply. The default is
3000 milliseconds (3 seconds). This parameter sends multiple pings in parallel. Because of
this, the amount of time specified in the timeout parameter isn't bounded by the amount of
time specified in the period parameter for waiting between pings.
 pathping/i: - Specifies the source address.
 pathping/4: - Specifies that pathping uses IPv4 only.
 pathping/6: - Specifies that pathping uses IPv6 only.

2320224 E-2 Yanshaj

6. ping: - ping is used to verify IP – level connectivity to another TCP/IP computer by
sending Internet Control Message Protocol (ICMP) echo Request messages. The receipt of
corresponding echo Reply messages are displayed, along with round-trip times. ping is the
primary TCP/IP command used to troubleshoot connectivity, reachability, and name
resolution. Used without parameters, this command displays Help content.
You can also use this command to test both the computer name and the IP address of the
computer. If pinging the IP address is successful, but pinging the computer name isn't, you
might have a name resolution problem. In this case, make sure the computer name you are
specifying can be resolved through the local Hosts file, by using Domain Name System
(DNS) queries, or through NetBIOS name resolution techniques.
Some ping related commands are given below: -
 ping/t: - Specifies ping continue sending echo Request messages to the destination until
interrupted. To interrupt and display statistics, press CTRL+ENTER. To interrupt and quit
this command, press CTRL+C.
 ping/a: - Specifies reverse name resolution be performed on the destination IP address. If
this is successful, ping displays the corresponding host name.
 ping/n : - Specifies the number of echo Request messages be sent. The default is 4.
 ping/l : - Specifies the length, in bytes, of the Data field in the echo Request messages. The
default is 32. The maximum size is 65,527.
 ping/f: - Specifies that echo Request messages are sent with the Do not Fragment flag in the
IP header set to 1 (available on IPv4 only). The echo Request message can't be fragmented by
routers in the path to the destination. This parameter is useful for troubleshooting path
Maximum Transmission Unit (PMTU) problems.
 ping/l : - Specifies the value of the Time To Live (TTL) field in the IP header for echo
Request messages sent. The default is the default TTL value for the host. The maximum TTL
is 255.
 ping/v : - Specifies the value of the Type Of Service (TOS) field in the IP header for echo
Request messages sent (available on IPv4 only). The default is 0. TOS is specified as a
decimal value from 0 through 255.
 ping/r : - Specifies the Record Route option in the IP header is used to record the path taken
by the echo Request message and corresponding echo Reply message (available on IPv4
only). Each hop in the path uses an entry in the Record Route option. If possible, specify a
count equal to or greater than the number of hops between the source and destination. The
count must be a minimum of 1 and a maximum of 9.
 ping/s : - Specifies that the Internet timestamp option in the IP header is used to record the
time of arrival for the echo Request message and corresponding echo Reply message for each
hop. The count must be a minimum of 1 and a maximum of 4. This is required for link – local
destination addresses.
2320224 E-2 Yanshaj
 ping/j : - Specifies the echo Request messages use the Loose Source Route option in the IP
header with the set of intermediate destinations specified in hostlist (available on IPv4 only).
With loose source routing, successive intermediate destinations can be separated by one or
multiple routers. The maximum number of addresses or names in the host list is 9. The host
list is a series of IP addresses (in dotted decimal notation) separated by spaces.
 ping/k : - Specifies the echo Request messages use the Strict Source Route option in the IP
header with the set of intermediate destinations specified in hostlist (available on IPv4 only).
With strict source routing, the next intermediate destination must be directly reachable (it
must be a neighbour on an interface of the router). The maximum number of addresses or
names in the host list is 9. The host list is a series of IP addresses (in dotted decimal notation)
separated by spaces.
 ping/w : - Specifies the amount of time, in milliseconds, to wait for the echo Reply message
corresponding to a given echo Request message. If the echo Reply message is not received
within the time-out, the "Request timed out" error message is displayed. The default time-out
is 4000 (4 seconds).
 ping/R: - Specifies the round-trip path is traced (available on IPv6 only).
 ping/S : - Specifies the source address to use (available on IPv6 only).
 ping/4: - Specifies IPv4 used to ping. This parameter is not required to identify the target
host with an IPv4 address. It is only required to identify the target host by name.
 ping/6: - Specifies IPv6 used to ping. This parameter is not required to identify the target
host with an IPv6 address. It is only required to identify the target host by name.

7. nbtstat: - nbtstat is used to displays NetBIOS over TCP/IP (NetBT) protocol statistics,
NetBIOS name tables for both the local computer and remote computers, and the NetBIOS
name cache. This command also allows a refresh of the NetBIOS name cache and the names

2320224 E-2 Yanshaj

registered with Windows Internet Name Service (WINS). Used without parameters, this
command displays Help information.
Some nbtstat related commands are given below: -
 nbtstat/a : - Displays the NetBIOS name table of a remote computer, where remote name is
the NetBIOS computer name of the remote computer. The NetBIOS name table is the list of
NetBIOS names that corresponds to NetBIOS applications running on that computer.
 nbtstat/A : - Displays the NetBIOS name table of a remote computer, specified by the IP
address (in dotted decimal notation) of the remote computer.
 nbtstat/c: - Displays the contents of the NetBIOS name cache, the table of NetBIOS names
and their resolved IP addresses.
 nbtstat/n: - Displays the NetBIOS name table of the local computer. The status of
registered indicates that the name is registered either by broadcast or with a WINS server.
 nbtstat/r: - Displays NetBIOS name resolution statistics.
 nbtstat/R: - Purges the contents of the NetBIOS name cache and then reloads the pre
tagged entries from the Lmhosts file.
 nbtstat/RR: - Releases and then refreshes NetBIOS names for the local computer that is
registered with WINS servers.
 nbtstat/s: - Displays NetBIOS client and server sessions, attempting to convert the
destination IP address to a name.
 nbtstat/S: - Displays NetBIOS client and server sessions, listing the remote computers by
destination IP address only.

2320224 E-2 Yanshaj

8. netstat: - netstat is used to display active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and
UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over
IPv6 protocols). Used without parameters, this command displays active TCP connections.
Some netstat related commands are given below: -
 netstat/a: - Displays all active TCP connections and the TCP and UDP ports on which the
computer is listening.
 netstat/b: - Displays the executable involved in creating each connection or listening port.
In some cases well – known executable host multiple independent components, and in these
cases the sequence of components involved in creating the connection or listening port is
displayed. In this case the executable name is in [ ] at the bottom, on top is the component it

2320224 E-2 Yanshaj

called, and so forth until TCP/IP was reached. Note that this option can be time-consuming
and will fail unless you have sufficient permissions.
 netstat/e: - Displays Ethernet statistics, such as the number of bytes and packets sent and
received. This parameter can be combined with /s.
 netstat/n: - Displays active TCP connections, however, addresses and port numbers are
expressed numerically and no attempt is made to determine names.
 netstat/o: - Displays active TCP connections and includes the process ID (PID) for each
connection. You can find the application based on the PID on the Processes tab in Windows
Task Manager. This parameter can be combined with /a, /n, and /p.
 netstat/p : - Shows connections for the protocol specified by Protocol. In this case, the
Protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics
by protocol, Protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.
 netstat/s: - Displays statistics by protocol. By default, statistics are shown for the TCP,
UDP, ICMP, and IP protocols. If the IPv6 protocol is installed, statistics are shown for the
TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used
to specify a set of protocols.
 netstat/r: - Displays the contents of the IP routing table. This is equivalent to the route print
command.

9. nslookup: - nslookup is used to display information that you can use to diagnose Domain
Name System (DNS) infrastructure. Before using this tool, you should be familiar with how

2320224 E-2 Yanshaj

DNS works. The nslookup command-line tool is available only if you have installed the
TCP/IP protocol.
The nslookup command-line tool has two modes: interactive and noninteractive.
If you need to look up only a single piece of data, we recommend using the non-interactive
mode. For the first parameter, type the name or IP address of the computer that you want to
look up. For the second parameter, type the name or IP address of a DNS name server. If you
omit the second argument, nslookup uses the default DNS name server.
If you need to look up more than one piece of data, you can use interactive mode. Type a
hyphen (-) for the first parameter and the name or IP address of a DNS name server for the
second parameter. If you omit both parameters, the tool uses the default DNS name server.
While using the interactive mode, you can: -
 Interrupt interactive commands at any time, by pressing CTRL+B.
 Exit, by typing exit.
 Treat a built-in command as a computer name, by preceding it with the escape character ().
An unrecognized command is interpreted as a computer name.
Some nslookup related commands are given below: -
 nslookup exit: - Exits the nslookup command-line tool.
 nslookup finger: - Connects with the finger server on the current computer.
 nslookup help: - Displays a short summary of subcommands.
 nslookup ls: - Lists information for a DNS domain.
 nslookup lserver: - Changes the default server to the specified DNS domain.
 nslookup root: - Changes the default server to the server for the root of the DNS domain
name space.
 nslookup server: - Changes the default server to the specified DNS domain.
 nslookup set: - Changes configuration settings that affect how lookups function.
 nslookup set all: - Prints the current values of the configuration settings.
 nslookup set class: - Changes the query class. The class specifies the protocol group of the
information.
 nslookup set d2: - Turns exhaustive Debugging mode on or off. All fields of every packet
are printed.
 nslookup set debug: - Turns Debugging mode on or off.
 nslookup set domain: - Changes the default DNS domain name to the name specified.

2320224 E-2 Yanshaj

 nslookup set port: - Changes the default TCP/UDP DNS name server port to the value
specified.
 nslookup set querytype: - Changes the resource record type for the query.
 nslookup set recurse: - Tells the DNS name server to query other servers if it doesn't have
the information.
 nslookup set retry: - Sets the number of retries.
 nslookup set root: - Changes the name of the root server used for queries.
 nslookup set search: - Appends the DNS domain names in the DNS domain search list to
the request until an answer is received. This applies when the set and the lookup request
contain at least one period, but do not end with a trailing period.
 nslookup set srchlist: - Changes the default DNS domain name and search list.
 nslookup set timeout: - Changes the initial number of seconds to wait for a reply to a
request.
 nslookup set type: - Changes the resource record type for the query.
 nslookup set vc: - Specifies to use or not use a virtual circuit when sending requests to the
server.
 nslookup view: - Sorts and lists the output of the previous ls subcommand or commands.

10. tracert: - This diagnostic tool determines the path taken to a destination by sending
Internet Control Message Protocol (ICMP) echo Request or ICMPv6 messages to the
destination with incrementally increasing time to live (TTL) field values. Each router along
2320224 E-2 Yanshaj
the path is required to decrement the TTL in an IP packet by at least 1 before forwarding it.
Effectively, the TTL is a maximum link counter. When the TTL on a packet reaches 0, the
router is expected to return an ICMP time Exceeded message to the source computer.
This command determines the path by sending the first echo Request message with a TTL of
1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or
the maximum number of hops is reached. The maximum number of hops is 30 by default and
can be specified using the /h parameter. The path is determined by examining the ICMP time
Exceeded messages returned by intermediate routers and the echo Reply message returned by
the destination. However, some routers do not return time Exceeded messages for packets
with expired TTL values and are invisible to the tracert command. In this case, a row of
asterisks (*) is displayed for that hop. The path displayed is the list of near/side router
interfaces of the routers in the path between a source host and a destination. The near/side
interface is the interface of the router that is closest to the sending host in the path.
Some tracert related commands are given below: -
 tracert/d: - Stops attempts to resolve the IP addresses of intermediate routers to their
names. This can speed up the return of results.
 tracert/h : - Specifies the maximum number of hops in the path to search for the target
(destination). The default is 30 hops.
 tracert/j : - Specifies that echo Request messages use the Loose Source Route option in the
IP header with the set of intermediate destinations specified in . With loose source routing,
successive intermediate destinations can be separated by one or multiple routers. The
maximum number of addresses or names in the list is 9. The is a series of IP addresses (in
dotted decimal notation) separated by spaces. Use this parameter only when tracing IPv4
addresses.
 tracert/w : - Specifies the amount of time in milliseconds to wait for the ICMP time
Exceeded or echo Reply message corresponding to a given echo Request message to be
received. If not received within the time-out, an asterisk (*) is displayed. The default time-out
is 4000 (4 seconds).
 tracert/R: - Specifies that the IPv6 Routing extension header be used to send an echo
Request message to the local host, using the destination as an intermediate destination and
testing the reverse route.
 tracert/S : - Specifies the source address to use in the echo Request messages. Use this
parameter only when tracing IPv6 addresses.
 tracert/4: - Specifies that tracert.exe can use only IPv4 for this trace.  tracert/6: - Specifies
that tracert.exe can use only IPv6 for this trace.

2320224 E-2 Yanshaj

2320224 E-2 Yanshaj