Ping, Tracert, and Nslookup Tutorial
Ping
Ping is like a network echolocation mechanism.Ping stands for "Packet INternet Groper." An Internet utility used to determine whether a particular IP address is reachable online by sending out a packet and waiting for a response. Ping is used to test and debug a network as well as see if a user or server is online.Ping sends ICMP ECHO_REQUEST packets to any network addressable host (i.e. a server, a gateway router, etc.). The piece of equipment must be IP (Internet Protocol) addressable in order for ping to workPing Usage
Ping is useful for determining whether a host is up and running on the network. Ping returns information regarding the hosts response to the ICMP ECHO_REQUEST packets.Ping Syntax
Ping on Windows machine sends four datagram packets to be delivered:ping hostname
-or-
ping nn.nn.nn.nn
where nn.nn.nn.nn is an IP address. For example:ping localhost
-or-
ping 127.0.0.1
Ping Errors
unknown host hostname
Most likely cause: the host you pinged isn't a valid fully qualified domain name.The host you pinged is a valid fully qualified domain name, but ping could not establish a network connection to it. Could be that the host is down. Another possibility is that your local machine has fallen off the network. Maybe the local gateway router is down.Another error:4 packets transmitted, 3 packets received, 25% packet loss
Don't be too alarmed by packet losses. Any loss under 50-60% might be normal for a heavily loaded network circuit.Resolving Problems
If you can ping an IP host on a different network, it suggests that both hosts have TCP/IP correctly initialized and configured, and that routing between the networks is also configured correctly.In cases where you cannot ping a remote host, don't jump to the conclusion that the remote host is unavailable or misconfigured, though it might be, the problem may also be a configuration issue with the source host, or potentially some routing-related (or physical connectivity) issue between the two. As a general rule, use the following steps to determine the source of connectivity issues between your PC and a remote system:- Assuming that your IP address, subnet mask, and default gateway are correct, attempt to ping a host on a different subnet. If this fails, one possibility is that routing is not configured correctly.
- If pinging a remote host fails, attempt to ping your default gateway. If this fails, it may indicate that TCP/IP is not configured correctly on your local router interface, on your host PC, or that the router interface has not been enabled with the no shutdown command.
- If pinging your default gateway fails, try pinging your host's configured IP address. If this fails, it can may mean that you have configured your host PC's IP address incorrectly, or that TCP/IP is not properly installed or initialized on the host system.
- If pinging the host's IP address fails, try pinging the loopback address 127.0.0.1. If this fails, it generally indicates that TCP/IP is not properly installed or initialized on your host system.
Using Tracert
Tracert is another command line utility built into Windows and most other computer systems. The basic tracert command syntax is:tracert hostname
-or-
tracert nn.nn.nn.nn
where nn.nn.nn.nn is an IP address. For example:tracert microsoft.com
-or-
tracert 207.46.197.32
Tracert sends an ICMP echo packet, but it takes advantage of the fact that most Internet routers will send back an ICMP TTL expired in transit message if the TTL field is ever decremented to zero by a router. Using this knowledge, we can discover the path taken by IP Packets.First, tracert sends out an ICMP echo packet to the named host with a TTL of 1, second - with a TTL of 2, then - with a TTL of 3, and so on. Tracert eventually gets TTL expired in transitmessage back from the routers until the desination host computer finally is reached.When the host computer is reached, it responds with the standard ICMP echo reply packet. The tracert then prints Trace complete and stops.The tracert action can be roughly emulated using the -i option of ping. This option is asking ping to set the specific TTL value of outgoing ping packets. For example, the sequence of commandsping -i 1 microsoft.com
ping -i 2 microsoft.com
ping -i 3 microsoft.com
ping -i 4 microsoft.com
...
results in "TTL expired in transit" messages, but sooner or later will get the destination host,microsoft.com, responding.Tracert Round Trip Times: Each millisecond (ms) time in the table is the round-trip time that it took (to send the ICMP packet and to get the ICMP reply packet). The faster (smaller) the times the better. ms times of 0 mean that the reply was faster than the computers timer of 10 milliseconds, so the time is actually somewhere between 0 and 10 milliseconds.Tracert Packet Loss: Packet loss is indication of the deteriorated throughput. Having no packet loss is critical to having a connection to the Internet that responds well. Thus, a slower connection with zero packet loss can easily outperform a faster connection with some packet loss. Also, packet loss on the last hop, the desination, is what is most important. Sometimes routers in-between will not send ICMP "TTL expired in transit" messages, causing what looks to be high packet loss at a particular hop, but all it means is that the particular router is not configured to respond with the ICMP echo.Nslookup
The nslookup command runs queries against DNS servers for answers related to network host/domain name resolution. Nslookup is an interactive program to find records of the following types:------------------------------ ------------------------------
Type Description
------ ------------------------------ -----------------------
a IP address
cname Canonical name for an alias
hinfo Host CPU and operating system type
mx Mail exchanger records
ns Name server record
soa Core information about the host (Start of Authority)
any Union of all records
------------------------------ ------------------------------
When nslookup starts, it prints the name and IP address of your local DNS server. Commands> set type=a
> google.com.
generate output:Non-authoritative answer:
Name: google.com
Addresses: 74.125.45.100
209.85.171.100
74.125.67.100
Note that Non-authoritative answer clause means that you are looking up google.com not the first time, which means that the the name server uses its cache to generate the answer, resulting in the "Non-authoritative" answer.Using trailing dot at the end of the fully qualified domain name is equivalent to set nosearch (see below.) This is important when debugging DNS servers. The dot is preferred.
Assuming that your IP address, subnet mask, and default gateway are correct, attempt to ping a host on a different subnet. If this fails, one possibility is that routing is not configured correctly.
If pinging a remote host fails, attempt to ping your default gateway. If this fails, it may indicate that TCP/IP is not configured correctly on your local router interface, on your host PC, or that the router interface has not been enabled with the no shutdown command.
If pinging your default gateway fails, try pinging your host's configured IP address. If this fails, it can may mean that you have configured your host PC's IP address incorrectly, or that TCP/IP is not properly installed or initialized on the host system.
If pinging the host's IP address fails, try pinging the loopback address 127.0.0.1. If this fails, it generally indicates that TCP/IP is not properly installed or initialized on your host system.
No comments:
Post a Comment