Many utilities can be used when troubleshooting TCP/IP. Although the actual utilities available vary from platform to platform, the functionality between platforms is quite similar. Table 10.1 lists the TCP/IP troubleshooting tools covered in the Network+ exam along with their purpose.
The following sections look in more detail at these utilities and the output they produce.
The Trace Route Utility (tracert/traceroute)The trace route utility does exactly what its name impliesit traces the route between two hosts. It does this by using Internet Control Message Protocol (ICMP) echo packets to report information back at every step in the journey. Each of the common network operating systems provides a trace route utility, but the name of the command and the output vary slightly on each. However, for the purposes of the NetWork+ exam, you should not concern yourself with the minor differences in the output format. Table 10.2 shows the trace route command syntax used in various operating systems
Trace route provides a lot of useful information, including the IP address of every router connection it passes through and, in many cases, the name of the router (although this depends on the router's configuration). Trace route also reports the length, in milliseconds, of the round-trip the packet made from the source location to the router and back. This information can help identify where network bottlenecks or breakdowns might be. The following is an example of a successful tracert command on a Windows 2000 system: C:\>tracert 24.7.70.37 Tracing route to c1-p4.sttlwa1.home.net [24.7.70.37] over a maximum of 30 hops: 1 30 ms 20 ms 20 ms 24.67.184.1 2 20 ms 20 ms 30 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7] 3 50 ms 30 ms 30 ms rc1wh-atm0-2-1.vc.shawcable.net [204.209.214.193] 4 50 ms 30 ms 30 ms rc2wh-pos15-0.vc.shawcable.net [204.209.214.90] 5 30 ms 40 ms 30 ms rc2wt-pos2-0.wa.shawcable.net [66.163.76.37] 6 30 ms 40 ms 30 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37] Trace complete. Similar to the other common operating systems covered by the Network+ exam, the tracert display on a Windows-based system includes several columns of information. The first column represents the hop number. You may recall that 'hop' is the term used to describe a step in the path a packet takes as it crosses the network. The next three columns indicate the round-trip time, in milliseconds, that a packet takes in its attempts to reach the destination. The last column is the hostname and the IP address of the responding device. Of course, not all trace route attempts are successful. The following is the output from a tracert command on a Windows Server 2003 system that doesn't manage to get to the remote host: C:\>tracert comptia.org Tracing route to comptia.org [216.119.103.72] over a maximum of 30 hops: 1 27 ms 28 ms 14 ms 24.67.179.1 2 55 ms 13 ms 14 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7] 3 27 ms 27 ms 28 ms rc1wh-atm0-2-1.shawcable.net [204.209.214.19] 4 28 ms 41 ms 27 ms rc1wt-pos2-0.wa.shawcable.net [66.163.76.65] 5 28 ms 41 ms 27 ms rc2wt-pos1-0.wa.shawcable.net [66.163.68.2] 6 41 ms 55 ms 41 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37] 7 54 ms 42 ms 27 ms home-gw.st6wa.ip.att.net [192.205.32.249] 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 * * * Request timed out. 14 * * * Request timed out. 15 * * * Request timed out. In this example, the trace route request only gets to the seventh hop, at which point it fails; this failure indicates that the problem lies on the far side of the device in step 7 or on the near side of the device in step 8. In other words, the device at step 7 is functioning but might not be able to make the next hop. The cause of the problem could be a range of things, such as an error in the routing table or a faulty connection. Alternatively, the seventh device might be operating 100%, but device 8 might not be functioning at all. In any case, you can isolate the problem to just one or two devices.
The trace route utility can also help you isolate a heavily congested network. In the following example, the trace route packets fail in the midst of the tracert from a Windows Server 2003 system, but subsequently are able to continue. This behavior can be an indicator of network congestion: C:\>tracert comptia.org Tracing route to comptia.org [216.119.103.72]over a maximum of 30 hops: 1 96 ms 96 ms 55 ms 24.67.179.1 2 14 ms 13 ms 28 ms rd1ht-ge3-0.ok.shawcable.net [24.67.224.7] 3 28 ms 27 ms 41 ms rc1wh-atm0-2-1.shawcable.net [204.209.214.19] 4 28 ms 41 ms 27 ms rc1wt-pos2-0.wa.shawcable.net [66.163.76.65] 5 41 ms 27 ms 27 ms rc2wt-pos1-0.wa.shawcable.net [66.163.68.2] 6 55 ms 41 ms 27 ms c1-pos6-3.sttlwa1.home.net [24.7.70.37] 7 54 ms 42 ms 27 ms home-gw.st6wa.ip.att.net [192.205.32.249] 8 55 ms 41 ms 28 ms gbr3-p40.st6wa.ip.att.net [12.123.44.130] 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 69 ms 68 ms 69 ms gbr2-p20.sd2ca.ip.att.net [12.122.11.254] 14 55 ms 68 ms 69 ms gbr1-p60.sd2ca.ip.att.net [12.122.1.109] 15 82 ms 69 ms 82 ms gbr1-p30.phmaz.ip.att.net [12.122.2.142] 16 68 ms 69 ms 82 ms gar2-p360.phmaz.ip.att.net [12.123.142.45] 17 110 ms 96 ms 96 ms 12.125.99.70 18 124 ms 96 ms 96 ms light.crystaltech.com [216.119.107.1] 19 82 ms 96 ms 96 ms 216.119.103.72 Trace complete. Generally speaking, trace route utilities allow you to identify the location of a problem in the connectivity between two devices. After you have determined this location, you might need to use a utility such as ping to continue troubleshooting. In many cases, as in the examples provided in this chapter, the routers might be on a network such as the Internet and therefore not within your control. In that case, there is little you can do except inform your ISP of the problem. pingMost network administrators are very familiar with the ping utility and are likely to use it on an almost daily basis. The basic function of the ping command is to test the connectivity between the two devices on a network. All the command is designed to do is determine whether the two computers can see each other and to notify you of how long the round-trip takes to complete. Although ping is most often used on its own, a number of switches can be used to assist in the troubleshooting process. Table 10.3 shows some of the commonly used switches with ping on a Windows system.
ping works by sending ICMP echo request messages to another device on the network. If the other device on the network hears the ping request, it automatically responds with an ICMP echo reply. By default, the ping command on a Windows-based system sends four data packets; however, using the -t switch, a continuous stream of ping requests can be sent. ping is perhaps the most widely used of all network tools; it is primarily used to verify connectivity between two network devices. On a good day, the results from the ping command will be successful, and the sending device will receive a reply from the remote device. Not all ping results are that successful, and to be able to effectively use ping, you must be able to interpret the results of a failed ping command. The Destination Host Unreachable MessageThe Destination Host Unreachable error message means that a route to the destination computer system cannot be found. To remedy this problem, you might need to examine the routing information on the local host to confirm that the local host is correctly configured, or you might need to make sure that the default gateway information is correct. The following is an example of a ping failure that gives the Destination host unreachable message: Pinging 24.67.54.233 with 32 bytes of data: Destination host unreachable. Destination host unreachable. Destination host unreachable. Destination host unreachable. Ping statistics for 24.67.54.233: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms The Request Timed Out MessageThe Request Timed Out error message is very common when you use the ping command. Essentially, this error message indicates that your host did not receive the ping message back from the destination device within the designated time period. Assuming that the network connectivity is okay on your system, this is typically an indicator that the destination device is not connected to the network, is powered off, or is not configured correctly. It could also mean that some intermediate device is not operating correctly. In some rare cases, it can also indicate that there is so much congestion on the network that timely delivery of the ping message could not be completed. It might also mean that the ping is being sent to an invalid IP address or that the system is not on the same network as the remote host, and an intermediary device is not configured correctly. In any of these cases, the failed ping should initiate a troubleshooting process that might involve other tools, manual inspection, and possibly reconfiguration. The following example shows the output from a ping to an invalid IP address: C:\>ping 169.76.54.3 Pinging 169.76.54.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 169.76.54.3: Packets: Sent = 4, Received = 0, Lost = 4 (100% Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms During the ping request, you might receive some replies from the remote host that are intermixed with Request timed out errors. This is often a result of a congested network. An example follows; notice that this example, which was run on a Windows Me system, uses the -t switch to generate continuous pings: C:\>ping -t 24.67.184.65 Pinging 24.67.184.65 with 32 bytes of data: Reply from 24.67.184.65: bytes=32 time=55ms TTL=127 Reply from 24.67.184.65: bytes=32 time=54ms TTL=127 Reply from 24.67.184.65: bytes=32 time=27ms TTL=127 Request timed out. Request timed out. Request timed out. Reply from 24.67.184.65: bytes=32 time=69ms TTL=127 Reply from 24.67.184.65: bytes=32 time=28ms TTL=127 Reply from 24.67.184.65: bytes=32 time=28ms TTL=127 Reply from 24.67.184.65: bytes=32 time=68ms TTL=127 Reply from 24.67.184.65: bytes=32 time=41ms TTL=127 Ping statistics for 24.67.184.65: Packets: Sent = 11, Received = 8, Lost = 3 (27% loss), Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 69ms, Average = 33ms In this example, three packets were lost. If this continued on your network, you would need to troubleshoot to find out why packets were being dropped. The Unknown Host MessageThe Unknown Host error message is generated when the hostname of the destination computer cannot be resolved. This error usually occurs when you ping an incorrect hostname, as shown in the following example, or try to use ping with a hostname when hostname resolution (via DNS or a HOSTS text file) is not configured: C:\>ping www.comptia.ca Unknown host www.comptia.ca If the ping fails, you need to verify that the ping is being sent to the correct remote host. If it is, and if name resolution is configured, you have to dig a little more to find the problem. This error might indicate a problem with the name resolution process, and you might need to verify that the DNS or WINS server is available. Other commands, such as nslookup or dig, can help in this process. The Expired TTL MessageThe Time to Live (TTL) is an important consideration in understanding the ping command. The function of the TTL is to prevent circular routing, which occurs when a ping request keeps looping through a series of hosts. The TTL counts each hop along the way toward its destination device. Each time it counts one hop, the hop is subtracted from the TTL. If the TTL reaches 0, the TTL has expired, and you get a message like the following: Reply from 24.67.180.1: TTL expired in transit If the TTL is exceeded with ping, you might have a routing problem on the network. You can modify the TTL for ping on a Windows system by using the ping -i command. Troubleshooting with pingAlthough ping does not completely isolate problems, you can use it to help identify where a problem lies. When troubleshooting with ping, take the following steps:
Using just the ping command in these steps, you can confirm network connectivity on not only the local network, but also on a remote network. The whole process requires as much time as it takes to type in the command, and you can do it all from a single location. If you are an optimistic person, you can perform step 5 first. If that works, all the other steps will also work, saving you the need to test them. If your step 5 trial fails, you can go back to step 1 and start the troubleshooting process from the beginning.
ARPThe Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses. This is important because on a network, devices find each other using the IP address, but communication between devices requires the MAC address.
When a computer wants to send data to another computer on the network, it must know the MAC address of the destination system. To discover this information, ARP sends out a discovery packet to obtain the MAC address. When the destination computer is found, it sends its MAC address to the sending computer. The ARP-resolved MAC addresses are stored temporarily on a computer system in the ARP cache. Inside this ARP cache is a list of matching MAC and IP addresses. This ARP cache is checked before a discovery packet is sent on to the network to determine if there is an existing entry. Entries in the ARP cache are periodically flushed so that the cache doesn't fill up with unused entries. The following code shows an example of the ARP command with the output from a Windows 2000 system: C:\>arp -a Interface: 24.67.179.22 on Interface 0x3 Internet Address Physical Address Type 24.67.179.1 00-00-77-93-d8-3d dynamic As you might notice in the previous code, the type is listed as dynamic. Entries in the ARP cache can be added statically or dynamically. Static entries are added manually and do not expire. The dynamic entries are added automatically when the system accesses another on the network. As with other command-line utilities, there are several switches available for the arp command. Table 10.4 shows the available switches for Windows-based systems.
The netstat CommandThe netstat command displays the protocol statistics and current TCP/IP connections on the local system. Used without any switches, the netstat command shows the active connections for all outbound TCP/IP connections. In addition, several switches are available that change the type of information netstat displays. Table 10.5 shows the various switches available for the netstat utility.
The netstat utility is used to show the port activity for both TCP and UDP connections, showing the inbound and outbound connections. When used without switches, the netstat utility has four information headings.
In its default usage, the netstat command shows outbound connections that have been established by TCP. The following shows a sample output from a netstat command without using any switches: C:\>netstat Active Connections Proto Local Address Foreign Address State TCP laptop:2848 MEDIASERVICES1:1755 ESTABLISHED TCP laptop:1833 www.dollarhost.com:80 ESTABLISHED TCP laptop:2858 194.70.58.241:80 ESTABLISHED TCP laptop:2860 194.70.58.241:80 ESTABLISHED TCP laptop:2354 www.dollarhost.com:80 ESTABLISHED TCP laptop:2361 www.dollarhost.com:80 ESTABLISHED TCP laptop:1114 www.dollarhost.com:80 ESTABLISHED TCP laptop:1959 www.dollarhost.com:80 ESTABLISHED TCP laptop:1960 www.dollarhost.com:80 ESTABLISHED TCP laptop:1963 www.dollarhost.com:80 ESTABLISHED TCP laptop:2870 localhost:8431 TIME_WAIT TCP laptop:8431 localhost:2862 TIME_WAIT TCP laptop:8431 localhost:2863 TIME_WAIT TCP laptop:8431 localhost:2867 TIME_WAIT TCP laptop:8431 localhost:2872 TIME_WAIT Like any other command-line utility, they are often used with switches. The following sections provide a brief explanation of the switches and a sample output from each. netstat eThe netstat -e command shows the activity for the NIC and displays the number of packets that have been both sent and received. An example of the netstat -e command is shown here: C:\WINDOWS\Desktop>netstat -e Interface Statistics Received Sent Bytes 17412385 40237510 Unicast packets 79129 85055 Non-unicast packets 693 254 Discards 0 0 Errors 0 0 Unknown protocols 306 As you can see, the netstat -e command shows more than just the packets that have been sent and received:
netstat -aThe netstat -a command displays statistics for both TCP and User Datagram Protocol (UDP). Here is an example of the netstat -a command: C:\WINDOWS\Desktop>netstat -a Active Connections Proto Local Address Foreign Address State TCP laptop:1027 LAPTOP:0 LISTENING TCP laptop:1030 LAPTOP:0 LISTENING TCP laptop:1035 LAPTOP:0 LISTENING TCP laptop:50000 LAPTOP:0 LISTENING TCP laptop:5000 LAPTOP:0 LISTENING TCP laptop:1035 msgr-ns41.msgr.hotmail.com:1863 ESTABLISHED TCP laptop:nbsession LAPTOP:0 LISTENING TCP laptop:1027 localhost:50000 ESTABLISHED TCP laptop:50000 localhost:1027 ESTABLISHED UDP laptop:1900 *:* UDP laptop:nbname *:* UDP laptop:nbdatagram *:* UDP laptop:1547 *:* UDP laptop:1038 *:* UDP laptop:1828 *:* UDP laptop:3366 *:* As you can see, the output includes four columns, which show the protocol, the local address, the foreign address, and the state of the port. The TCP connections show the local and foreign destination addresses and the current state of the connection. UDP, however, is a little different; it does not list a state status because as mentioned throughout this book, UDP is a connectionless protocol and does not establish connections. The following list briefly explains the information provided by the netstat -a command:
netstat -rThe netstat -r command is often used to view the routing table for a system. A system uses a routing table to determine routing information for TCP/IP traffic. The following is an example of the netstat -r command from a Windows Me system: C:\WINDOWS\Desktop>netstat r Route table =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 24.67.179.1 24.67.179.22 1 24.67.179.0 255.255.255.0 24.67.179.22 24.67.179.22 1 24.67.179.22 255.255.255.255 127.0.0.1 127.0.0.1 1 24.255.255.255 255.255.255.255 24.67.179.22 24.67.179.22 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 224.0.0.0 224.0.0.0 24.67.179.22 24.67.179.22 1 255.255.255.255 255.255.255.255 24.67.179.22 2 1 Default Gateway: 24.67.179.1 =========================================================================== Persistent Routes: None
netstat sThe netstat -s command displays a number of statistics related to the TCP/IP protocol suite. Understanding the purpose of every field in the output is beyond the scope of the Network+ exam, but for your reference, sample output from the netstat -s command is shown here: C:\>netstat -s IP Statistics Packets Received = 389938 Received Header Errors = 0 Received Address Errors = 1876 Datagrams Forwarded = 498 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 387566 Output Requests = 397334 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 916 Reassembly Required = 0 Reassembly Successful = 0 Reassembly Failures = 0 Datagrams Successfully Fragmented = 0 Datagrams Failing Fragmentation = 0 Fragments Created = 0 ICMP Statistics Received Sent Messages 40641 41111 Errors 0 0 Destination Unreachable 223 680 Time Exceeded 24 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 38 Echos 20245 20148 Echo Replies 20149 20245 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics Active Opens = 13538 Passive Opens = 23132 Failed Connection Attempts = 9259 Reset Connections = 254 Current Connections = 15 Segments Received = 330242 Segments Sent = 326935 Segments Retransmitted = 18851 UDP Statistics Datagrams Received = 20402 No Ports = 20594 Receive Errors = 0 Datagrams Sent = 10217 nbtstatThe nbtstat utility is used to view protocol statistics and information for NetBIOS over TCP/IP connections. nbtstat is commonly used to troubleshoot NetBIOS name resolution problems. Because nbtstat provides the resolution of NetBIOS names, it's available only on Windows systems. A number of case-sensitive switches are available for the nbtstat command. Table 10.6 summarizes these switches.
As an example, the following is the output from the nbtstat -n command: C:\>nbtstat -n Lana # 0: Node IpAddress: [169.254.196.192] Scope Id: [] NetBIOS Local Name Table Name Type Status --------------------------------------------- LAPTOP <00> UNIQUE Registered KCS <00> GROUP Registered LAPTOP <03> UNIQUE Registered The ipconfig CommandThe ipconfig command is a technician's best friend when it comes to viewing the TCP/IP configuration of a Windows system. Used on its own, the ipconfig command shows basic information such as the name of the network interface, the IP address, the subnet mask, and the default gateway. Combined with the /all switch, it shows a detailed set of information, as you can see in the following example: C:\>ipconfig /all Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : server Primary DNS Suffix . . . . . . . : write Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : write ok.anyotherhost.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : ok.anyotherhost.net Description . . . . . . . . . . . : D-Link DFE-530TX PCI Fast Ethernet Physical Address. . . . . . . . . : 00-80-C8-E3-4C-BD DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 24.67.184.65 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : 24.67.184.1 DHCP Server . . . . . . . . . . . : 24.67.253.195 DNS Servers . . . . . . . . . . . : 24.67.253.195 24.67.253.212 Lease Obtained.. . . . : Thursday, February 07, 2002 3:42:00 AM Lease Expires .. . . . : Saturday, February 09, 2002 3:42:00 AM As you can imagine, you can use the output from an ipconfig /all command in a massive range of troubleshooting scenarios. Table 10.7 lists some of the most common troubleshooting symptoms, along with where to look for clues about solving them in the ipconfig /all output.
Using the /all switch might be far and away the most popular, but there are a few others. These include the switches listed in Table 10.8.
ifconfigifconfig performs the same function as ipconfig, but on a Linux, UNIX, or Macintosh system. Because Linux relies more heavily on command-line utilities than Windows, the Linux and UNIX version of ifconfig provides much more functionality than ipconfig. On a Linux or UNIX system, you can get information about the usage of the ifconfig command by using ifconfig --help. The following output provides an example of the basic ifconfig command run on a Linux system: eth0 Link encap:Ethernet HWaddr 00:60:08:17:63:A0 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:911 errors:0 dropped:0 overruns:0 frame:0 TX packets:804 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:5 Base address:0xe400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:18 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Although the ifconfig command displays the IP address, subnet mask and default gateway information for both the installed network adapter and the local loopback adapter, it does not report DCHP lease information. Instead, you can use the pump s command to view detailed information on the DHCP lease including the assigned IP address, the address of the DHCP server, and the time remaining on the lease. The pump command can also be used to release and renew IP addresses assigned via DHCP and to view DNS server information. The winipcfg CommandOn a Windows 98 Second Edition and Windows Me systems, the winipcfg command is used in addition to the ipconfig command. The difference between the two utilities is that winipcfg is a graphical utility. In basic mode, winipcfg shows information including the Media Access Control (MAC) address and IP address of the interface, the subnet mask, and the default gateway. For detailed information, similar to that produced with ipconfig /all, a More Info button allows you to switch into a much more detailed screen. The same troubleshooting scenarios, with the same solutions, apply to winipcfg as to ipconfig. Table 10.9 lists some solutions to common problems.
nslookupnslookup is a utility used to troubleshoot DNS-related problems. Using nslookup, you can, for example, run manual name resolution queries against DNS servers, get information about the DNS configuration of your system or specify what kind of DNS record should be resolved. When nslookup is started, it displays the current hostname and the IP address of the locally configured DNS server. You will then see a command prompt which allows you to specify further queries. This is known as 'interactive' mode. The commands you can enter in interactive mode are listed in Table 10.10.
Instead of using interactive mode, you can also execute nslookup requests directly at the command prompt. The following listing shows the output from nslookup when a domain name is specified to be resolved. C:\>nslookup comptia.org Server: nsc1.ht.ok.shawcable.net Address: 64.59.168.13 Non-authoritative answer: Name: comptia.org Address: 208.252.144.4 As you can see from the output, nslookup shows the hostname and IP address of the DNS server against which the resolution was performed, along with the hostname and IP address of the resolved host. digdig is used on Linux, UNIX or Macintosh system to perform manual DNS lookups. dig performs the same basic task as nslookup, but with one major distinction: The dig command does not have an interactive mode and instead uses only command-line switches to customize results. dig is generally considered a more powerful tool than nslookup, but in the course of a typical network administrator's day, the minor limitations of nslookup are unlikely to be too much of a factor. Instead, dig is often simply the tool of choice for DNS information and troubleshooting on UNIX, Linux, or Macintosh systems. Like nslookup, dig can be used to perform simple name resolution requests. The output from this process can be seen in the following listing: ; <<>> DiG 8.2 <<>> examcram.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUERY SECTION: ;; examcram.com, type = A, class = IN ;; ANSWER SECTION: examcram.com. 7h33m IN A 63.240.93.157 ;; AUTHORITY SECTION: examcram.com. 7h33m IN NS usrxdns1.pearsontc.com. examcram.com. 7h33m IN NS oldtxdns2.pearsontc.com. ;; Total query time: 78 msec ;; FROM: localhost.localdomain to SERVER: default -- 209.53.4.130 ;; WHEN: Sat Oct 16 20:21:24 2004 ;; MSG SIZE sent: 30 rcvd: 103 As you can see, dig provides a number of pieces of information in the basic outputmore so than nslookup. There are three key areas of the output from which network administrators can gain information. These are the 'Answer Section,' the 'Authority Section,' and the last four lines of the output. The Answer Section of the output provides the name of the domain or host being resolved, along with its IP address. The A in the results line indicates the record type that is being resolved. The Authority Section provides information on the authoritative DNS servers for the domain against which the resolution request was performed. This information can be useful in determining whether the correct DNS servers are considered authoritative for a domain. The last four lines of the output show how long the name resolution request took to process and the IP address of the DNS server that performed the resolution. It also shows the date and time of the request, as well as the size of the packets sent and received. |