Configuring and Troubleshooting the TCPIP Protocol

Configuring and Troubleshooting the TCP/IP Protocol

The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is the default protocol for Windows XP Professional. With the omnipresent Internet, the usage of proprietary network protocol suites has diminished greatly in favor of seamless integration with the Internet, which requires TCP/IP. Since its introduction of the Active Directory in Windows 2000, Microsoft has made TCP/IP the protocol required for Windows networks that use Active Directory. This is largely because of the Active Directory's dependence upon Domain Name System (DNS) to provide the name and address resolution for all Active Directory resources. So, between the ever-present Internet and the need for faultless integration into Windows networks, it is no surprise that TCP/IP is the default protocol suite in the Windows XP Professional desktop operating system.

Much of TCP/IP is transparent to users and to administrators. After the protocol is installed, if the administrator must configure anything, it will be the address information applied to the network interface. This consists of

IP address The unique, logical 32-bit address, which identifies the computer (called a host or node) as well as the subnet on which it is located. The IP address is displayed in dotted decimal notation (each decimal represents an octet of binary ones and zeroes). For example, the binary notation of an address may be 10000000.00000001.00000001.00000011, which in dotted decimal notation it is written as 128.1.1.3.
Subnet mask The subnet mask is applied to an IP address to determine the subnetwork address and the host address on that subnet. All hosts on the same subnet must have the same subnet mask for it to be correctly identified. If a mask is incorrect, both the subnet and the host address will be wrong. (For example, if you have an IP address of 128.1.1.3, and an incorrect mask of 255.255.128.0, the subnet address would be 128.1.0 and the host address would be 1.3. If the correct subnet mask is 255.255.255.0, then the subnet address would be 128.1.1 and the host address would be 3.)
Default gateway The address listed as the default gateway is the location on the local subnet to which the local computer will send all data meant for other subnets. In other words, this is the IP address for a router that is capable of transmitting the data to other networks.
Domain Name System (DNS) server address The DNS server address is the place where names of IP hosts are sent so that the DNS server will respond with an IP address. This process is called name resolution. DNS is a distributed database of records that maps names to IP addresses, and vice versa. A HOSTS file that maps names to IP addresses can be placed on the local computer and used instead of DNS, which renders this an optional setting, although it is rare that a network is small enough to make a HOSTS file more efficient than a DNS server. When a user types in a DNS name such as JacksPC.mydomain.local, the computer sends the name to the DNS server. If the name is one that the DNS server knows, it sends back the IP address. Otherwise, the DNS server sends the name request to a higher-level DNS server, and this recursive process continues until either the IP address is found and returned to the original requestor or until all avenues have been exhausted and the original requestor is notified that the name cannot be found.
Windows Internet Naming Service (WINS) server address The WINS server address is the location where network computers send requests to resolve NetBIOS names to IP addresses. WINS is used on Microsoft Windows networks where older Windows computers or applications require NetBIOS naming. When a user types in a NetBIOS name, such as JACKSPC, the computer sends the name to the WINS server. Because WINS is a flat-file database, it returns an IP address or a Name not found message. WINS server addresses, like DNS server addresses, are optional. A computer can use a local LMHOSTS file to map the NetBIOS names to IP addresses rather than use WINS.

Configuring IP Addresses

You can configure TCP/IP on a Windows XP Professional computer either manually or dynamically. The default method is to dynamically configure TCP/IP. If the infrastructure includes Dynamic Host Configuration Protocol (DHCP) services that deliver IP addresses to network computers, then a Windows XP computer can connect upon logon with the default configuration of the network adapter. However, if you need to apply a static IP address and other parameters, your only option is to manually configure the network adapter. Manually configuring one computer is time-consuming and error-prone. Multiply that by hundreds of computers and you can see why dynamic configuration has become so popular. Step by Step 11.1 describes how to configure TCP/IP.

Step by Step: 11.1 Configuring a Network Adapter with a Static IP Address

1.	Right-click My Network Places and select Properties from the shortcut menu. The Network Connections window opens.
2.	Right-click the connection that represents the adapter you are going to configure. Select Properties from the shortcut menu. The Local Area Connection Properties dialog box opens, as shown in Figure 11.1. Figure 11.1. The network adapter is considered a network connection.
3.	Click to select the Internet Protocol (TCP/IP). (You might need to scroll through other services to reach this item.) Click Properties. The Internet Protocol (TCP/IP) Properties dialog opens, as shown in Figure 11.2 Figure 11.2. The Internet Protocol (TCP/IP) Properties dialog box lets you define manual or dynamic IP address information.
4.	To use DHCP services, you should make certain that Obtain an IP Address Automatically is selected, and if the DHCP server provides extended informationincluding the DNS server informationyou would also select Obtain DNS Server Address Automatically. To manually configure the IP address, you should click Use the Following IP Address.
5.	In the IP Address box, type the address that will function on the current network segment. For example, if the network segment uses a Class C address 192.168.1.0 with a subnet mask of 255.255.255.0, and you've already used 192.168.1.1 and 192.168.1.2, you could select any node address from 3 through 254 (255 is used for broadcasts), in which case you would type 192.168.1.3.
6.	In the Subnet Mask box, type the subnet mask. In this case, it would be 255.255.255.0.
7.	In the Default Gateway box, type the IP address that is assigned to the router interface on your current segment that leads to the main network or the public network. In this case, the IP address of the router on your segment is 192.168.1.1 and the IP address of the router's other interface is 12.88.54.179. In the Default Gateway box, you would type 192.168.1.1.
8.	Click the Use the Following DNS Server Addresses option and type the IP address for at least one DNS server.
9.	Click the Advanced button. The Advanced TCP/IP Properties dialog box opens, as shown in Figure 11.3. Figure 11.3. The Advanced TCP/IP Properties dialog allows you to control granular IP addressing options.
10.	If you require more than one IP address for a computer, such as for hosting two different websites, you can configure the additional IP addresses in this dialog box by clicking the Add button. You cannot configure any additional IP addresses if you are using DHCP.
11.	If your network segment is connected to more than one router leading to the main or outside networks, you can configure these gateway addresses in the Default Gateways section by clicking the Add button.
12.	Click the DNS tab and then click the Add button under the DNS Server Addresses section, type the IP address to the additional DNS server, and click Add.
13.	The lower section of the DNS tab applies to the fully qualified domain name (FQDN) of resources. Users sometimes use a simple name for a computer or printer. This section enables you to configure the last portion of the domain name that will be appended to the simple name to create an FQDN. For example, if you have configured mydomain.local and jubilee.local in this box, and the user typed in `server`, the computer would automatically attempt to contact server.mydomain.local. If that failed, the computer would then attempt to contact server.jubilee.local. Click the Append These DNS Suffixes (in Order) option. Then click the Add button to configure the DNS suffixes.
14.	For a DNS server that provides Dynamic DNS, and when you want to share files or printers from your computer, you should register your computer's DNS name and IP address in the DNS database. To do so, select the Register This Connection's Addresses in DNS check box.
15.	Click the WINS tab. WINS provides resolution for NetBIOS names to IP addresses on Windows networks. If you use legacy networks, or have applications that require NetBIOS names, you should configure the address for a WINS server on the network.
16.	Click the Options tab. In this dialog box, you are able to create an access control list to filter out traffic from reaching this interface. Click the Properties button. The TCP/IP Filtering dialog box opens, as shown in Figure 11.4. Note that you can filter traffic based on the Transmission Control Protocol (TCP) port, User Datagram Protocol (UDP) port, and type of IP protocol. You can use this filter to prevent a hacker from attacking the computer through a port that is not used. You can also prevent a computer from being used for purposes other than you intended, such as by permitting only the ports used by File Transfer Protocol and Trivial File Transfer Protocol traffic on an FTP server.

Figure 11.4. The TCP/IP Filtering options can be configured to restrict unwanted IP traffic on a computer.

Exam Alert

Look out for questions that require you to know how to solve TCP/IP problems as well as use other skills Administrators need to know TCP/IP like the backs of their hands. To make certain you understand these skills and to test you on the core exam requirements, you will find that questions that appear to be focused on one subject also incorporate a question about TCP/IP.

Creating a Network Bridge

Windows XP Professional includes a new type of connection called a network bridge. This type of connection is available when you have two network adapters in a computer, each connected to different network segments, and you want to connect the segments so that the computers on one segment can talk to the computers on the other segment. Basically, the network bridge connection acts as a bridge between two segments.

A traditional router is a dedicated computer or a specialized piece of computer equipment that has two or more network interfaces and is connected to two or more networks. When the router receives data on its first interface, it checks to see whether the data should be sent to a host on its second interface by checking its routing table. If so, the router sends the data on its way. If not, the router discards the data.

A traditional bridge is a dedicated computer or specialized piece of computer equipment that has two or more network interfaces and is connected to two or more physical networks. The networks, however, are logically the same because they are assigned to the same IP subnet. Bridges are often used to overcome the physical distance limitations that are imposed by the media used. They can also be used to link two different media types in a single logical network, as depicted in Figure 11.5.

Figure 11.5. Computer B can use a Windows XP network bridge connection to enable A to send data to C.

The network bridge connection is extremely economical because you need only two interfaces in a computer in order to create it. The computer does not need to be dedicated, nor do you need to purchase additional hardware. Another advantage when you create the network bridge connection is that after the two segments are bridged, they are then able to use the same IP subnet.

Windows XP Professional allows you to create only a single bridge in the computer, regardless of how many network adapters have been installed. To bridge two network connections, follow the process explained in Step by Step 11.2. To perform this exercise, you need to have one PC with two network adapters. Each of the network adapters should be connected to a small network with at least one PC on it.

Step by Step: 11.2 Configuring a Network Bridge

1.	Right-click My Network Places and select Properties.
2.	The Network Connections window opens. There should be a LAN or High-Speed Internet section that contains the network connections for each of the two network adapters.
3.	Click each of the network connections while simultaneously pressing the Ctrl key, so that both are highlighted.
4.	Right-click the connections and select Bridge Connections from the shortcut menu, as depicted in Figure 11.6.

Figure 11.6. When both network connections are selected, a right-click shows the Bridge Connections option in the shortcut menu.

Caution

Network bridge limitations You cannot create a network bridge that includes a connection with Windows Firewall or with Internet Connection Sharing (ICS) enabled.

Implementing APIPA

The Automatic Private Internet Protocol Addressing (APIPA) system provides an alternate configuration to Dynamic Host Configuration Protocol (DHCP) for automatic IP addressing in small networks. When a computer uses APIPA, Windows XP assigns itself an IP address and then verifies that it is unique on the local network. To work effectively, APIPA is useful only on a small local area network (LAN) or as a backup to DHCP.

Note

What is APIPA? APIPA is not a protocol; it is an internal procedure that the operating system performs.

When a Windows XP Professional computer begins its network configuration, it performs the following procedures:

1.	It checks to see whether there is a manually configured (or static) IP address.
2.	If there is none, it contacts a DHCP server with a query for configuration settings. A response from a DHCP server leasesor validates the lease ofan IP address, subnet mask, and extended IP information such as DNS server, default gateway, and so on.
3.	If there is no DHCP server response, Windows XP looks to see whether an alternate configuration has been applied by the administrator.
4.	If there is no alternate configuration, Windows XP uses APIPA to define an IP address unique on the LAN.

APIPA defines its IP addresses in the range of 169.254.0.1 to 169.254.255.254. The subnet mask on these addresses is configured as 255.255.0.0. You do have administrative control over APIPA. When Windows XP selects an address from this range, it then performs a duplicate address detection process to ensure that the IP address it has selected is not already being used, while continuing to query for a DHCP server in the background. If the address is found to be in use, Windows XP selects another address. The random IP selection occurs recursively until an unused IP address is selected, a DHCP server is discovered, or the process has taken place ten times.

To determine whether the IP address the computer is using has been provided by APIPA, you can check the address of the interface by using the ipconfig command at a command prompt. The syntax for this command, which shows you the configuration of all network adapters, is ipconfig /all

In the resulting text, such as is shown in Figure 11.7, you can see whether the line Autoconfiguration Enabled is Yes or No. If Yes, and the IP address is 169.254.0.1 through 169.254.255.254, you are using an APIPA address.

Figure 11.7. APIPA addresses require autoconfiguration to be enabled.

Static IP Addressing

IP addresses indicate the same type of location information as a street address. A building on a street has a number, and when you add it to the street address, you can find it fairly easily because the number and the street will be unique within a city. This type of address schemean individual address plus a location addressallows every computer on the Internet to be uniquely identified.

A static IP address is one that is permanently assigned to a computer on the network. Certain computers require static IP addresses because of their functions, such as routers or servers. Client computers are more often assigned dynamic addresses because they are more likely to be moved around the network or retired and replaced. DSL and cable modem users are usually given a static IP address, whereas dial-up users are provided with dynamic addresses.

As discussed earlier, IP addresses consist of two parts: one that specifies the network and the other that specifies the computer. These addresses are further categorized with Classes, as described in Table 11.1.

Table 11.1. IP Address Classes
Class	Dotted Decimal Range	First Octet Binary	Usage	Number of Networks	Number of Hosts per Network
A	1.0.0.0126.255.255.255	0xxxxxxx	Large networks/ISPs	126	16,777,214
B	128.0.0.0191.255.255.255	10xxxxxx	Large or mid-size networks/ISPs	16,382	65,534
C	192.0.0.0223.255.255.255	1110xxxx	Small networks	2,097,150	255
D	224.0.0.0239.255.255.255	110xxxxx	Multicasting	N/A	N/A
E	240.0.0.0254.255.255.255	1111xxxx	Reserved for future use	N/A	N/A
Loopback	127.0.0.1127.255.255.255	01111111	Loopback testing	N/A	N/A
Private IP Class A address	10.0.0.010.255.255.255	00001010	Reserved for a private network	1	16,777,214
Private IP Class B address	172.16.0.0172.16.255.255	10101100	Reserved for a private network	1	65,534
Private IP Class C address	192.168.0.0192.168.255.255	11000000	Reserved for a private network	254	254

Note

Loopback testing TCP/IP has a predefined IP address that identifies a computer to dial itself up to perform loopback testing. If TCP/IP is configured, you should be able to run the ping 127.0.0.1 command when troubleshooting a connectivity problem. The private IP address classes are used on private networks that utilize Network Address Translation or proxy services to communicate on the Internet. Internet routers are preconfigured to not forward data that contains these IP addresses.

The portion of the address that decides on which network the host resides varies based on the class, and, as you will see further on, the subnet mask. In the following list, the uppercase Ns represent which binary bits represent the part of the IP address that specifies the network, and the lowercase Cs represent the part of the address that specifies the computer. This explains why there are differing numbers of networks per class, and different numbers of hosts per network, as listed in Table 11.1.

Class A NNNNNNNN.cccccccc.cccccccc.cccccccc
Class B NNNNNNNN.NNNNNNNN.cccccccc.cccccccc
Class C NNNNNNNN.NNNNNNNN.NNNNNNNN.cccccccc

These address portions coincide with the default subnet masks for each address class. A Class A subnet mask is 255.0.0.0, a Class B subnet mask is 255.255.0.0, and a Class C subnet mask is 255.255.255.0.

Subnet masks enable you to reconfigure what constitutes the network portion and what constitutes the computer portion. When you apply the subnet mask to the IP address by using a "bitwise logical AND" operation, the result is a network number. A bitwise logical AND operation adds the bit, whether 1 or 0, to the corresponding bit in the subnet mask. If the subnet mask bit is a 1, the corresponding IP address bit is passed through as a result. If the subnet mask bit is a 0, a zero bit is passed through. For example, if the IP address is 141.25.240.201, you will have the following:

IP address10001101.00011001.11110000.11001001
Subnet mask11111111.11111111.00000000.00000000
Result from bitwise logical AND
Network10001101.00011001.00000000.00000000

This shows the network address as 141.25.0.0 and the host address to 0.0.240.201. If you add bits to the mask, you will be able to have additional subnetworks when you perform a bitwise logical AND, and each subnetwork will have fewer hosts because fewer bits are available for the host portion of the address. Using the same address, and adding five bits to the subnet mask, you would receive the following:

IP address10001101.00011001.11110000.11001001
Subnet mask11111111.11111111.11111000.00000000
Result from bitwise logical AND
Network10001101.00011001.11110000.00000000

However, the subnet mask is considered separately from the rest of the network address. For example, the older rules stated that no subnetwork address can be all 1s or all 0s. This reduced the number of subnets and hosts that an address could produce. Some legacy networking devices require the old rules, but most networks have upgraded. (However the Classless Inter-Domain Routing (CIDR) specification enables you to eke out more addresses when you subnet.)

Therefore, the subnet mask changes the network address to 141.25.240.0. The host address changes to 0.0.0.201. Other IP addresses that are under the default Class B subnet mask that would have been considered part of the same network, such as 140.25.192.15 and 140.25.63.12, are now on different subnets. For an organization with a large number of physical networks where each requires a different subnet address, the subnet mask can be used to segment a single address to fit the network. You can easily calculate how many subnets and hosts you will receive when you subnet a network. The formula is 2ⁿ2, where n is the number of bits. 2ⁿ is the number 2 raised to the power of the number of bits, and that result minus 2 (the addresses represented by all 1s and all 0s) equals the available subnets or hosts. Therefore, if you have a subnet of 5 bits as is shown here, you are able to achieve 2⁵2 = 322 = 30 subnets. Because there are 11 bits left for host addresses, each subnet will have 2¹¹2 = 20482 = 2,046 hosts.

When you multiply 2046 by 30, you will see that you have 61,380 addresses available for network hosts, and that you "lost" 4,154 addresses. This is the problem that CIDR solves, and is discussed in the sidebar.

In the Field

How Classless Inter-Domain Routing (CIDR) Functions

When you consider that a Class A address has over 16 million host addresses and that no organization with a Class A address has managed to utilize each of those addresses, the use of classful addressing is extremely wasteful. CIDR was developed to prevent the Internet from running out of IP addresses, by reusing some of the unused addresses and expanding the addresses available when subnetting.

With CIDR, a subnet mask is not considered separate from the network portion of the mask. Instead, whatever portion of the mask is used for the network determines how many networks there are. This means that a company can "supernet" two (or more) Class C addresses to put more than 254 hosts on a single physical network. Supernetting is the process of subtracting bits from the default subnet mask. This adds bits to the host portion, increasing the number of hosts available.

CIDR notation allows you to simply specify the number of bits that are used for a mask after the IP address. For example, 192.168.1.0 with a subnet mask of 255.255.255.0 is written as 192.168.1.0/24. If the address were supernetted, it could be 192.168.1.0/22.

Running out of IP addresses is still a looming problem that IPv6, which provides a 128-bit address, may help to resolve. In the meantime, network administrators may look into Network Address Translation, CIDR, DHCP leasing, and other methods to expand the availability of IP addresses to network clients.

Challenge

You are the network administrator for I.M. Society, a non-profit organization that seeks to protect the rights of Internet usage. I.M. Society has been granted some shared office space from a company named ISPrUS, an ISP. The office space is distributed across a large campus with several different buildings. Because the space has been donated, I.M. does not have the ability to consolidate onto a single network. The organization consists of 102 computers on 12 different subnets. Currently I.M. has been using the same IP addresses as ISPrUS. You have had some questions about security because public traffic has some limited access to some of the subnets that ISPrUS has provided you, so you have wired a separate network for your users. The new network consists of 102 computers on 10 physical subnetworks. You have no more than 14 computers on any single subnet. You have been told that I.M. is not planning on expanding for a long time. You have received a Class C address for your own network.

1.	How can you use the Class C address to provide unique IP addresses for each of your computers?
2.	You have added four bits to the default subnet mask. How many subnets will you have, with how many nodes on each subnet? Will this meet your needs?
3.	If the Class C address you are given is 192.168.0.1, what subnet ranges will you have with the subnet mask of 255.255.255.240?
4.	You decide to use CIDR. How will this affect your network?

Answers to Challenge

1.	You need to create a subnet mask to subdivide the address into multiple subnetworks that provide a minimum of 10 subnets and at least 14 nodes per subnetwork.
2.	Adding 4 bits to the subnet mask results in 14 subnets with 14 nodes on each subnet. This meets your criteria.
3.	You will have the following ranges. Because you cannot have a subnet with all 0s or all 1s, you cannot use the first or last subnet numbers (this is to satisfy legacy rules). The list of networks would be as follows: 192.168.0.0192.168.0.15: not used 192.168.0.16192.168.0.31 192.168.0.32192.168.0.47 192.168.0.48192.168.0.63 192.168.0.64192.168.0.79 192.168.0.80192.168.0.95 192.168.0.96192.168.0.111 192.168.0.112192.168.0.127 192.168.0.128192.168.0.145 192.168.0.146192.168.0.161 192.168.0.162192.168.0.177 192.168.0.178192.168.0.191 192.168.0.192192.168.0.207 192.168.0.208192.168.0.223 192.168.0.224192.168.0.239 192.168.0.240192.168.0.255: not used
4.	CIDR does not use the rules that eliminate the first and last subnet range from your options. For your current network configuration, you will not have much change. However, you are able to expand your network to two other physical subnets.

Dynamic IP Addressing

Dynamic IP addresses are provided to a computer when it needs to be connected to the network. The provider is the DHCP server. When the computer is disconnected, the IP address becomes available for use by another computer. The address does not become available immediately, however. It is leased for a specified period of time (the administrator specifies this time period when configuring the DHCP server), and when the lease is up, the IP address is placed back in an IP address pool and can be delivered to another computer.

Before DHCP was developed, network administrators were forced to manually assign a separate IP address to each computer on the network. If a user left for a 2-month vacation and the computer was off the entire time, the IP address was unusable by anyone else. If the administrator (yes, to err is human) forgot to reuse an IP address for a computer that was retired, then the number of IP addresses available was also reduced. Other administrative errors included assigning duplicate IP addresses to computers on the network and misconfiguring the subnet mask, default gateway, and DNS server addresses. DHCP resolved a lot of problems.

Exam Alert

The DHCP process DHCP has a set communication process that is used to lease an IP address to a DHCP client. You may see a reference to a particular part of this process, so you should be able to relate the entire sequence of events and understand where a breakdown in communications may occur.

1.	Client boots up and broadcasts a DHCPDiscover packet.
2.	Server responds with a DHCPOffer packet, containing an IP address, subnet mask, and often including the default gateway and DNS server addresses.
3.	Client replies with a DHCPRequest packet as a broadcast, requesting verification that it is okay to use the address. This notifies any other DHCP servers that they do not need to hold a reservation of an IP address for the client if they also responded to the original DHCPDiscover packet.
4.	Server responds with a DHCPACK acknowledgement packet, and the client begins using the address.

On a Windows XP Professional computer, you can configure any network connection to be a DHCP client by selecting the option to Obtain an IP Address Automatically, which is configured in the Interent Protocol (TCP/IP) Properties dialog box. If you change from a manual address to a dynamic one, you need to clear out the manual IP addressing information first.

Exam Alert

Troubleshooting DHCP Often a question that requires troubleshooting DHCP involves a DHCP server that resides on a different subnet than the DHCP client, usually because a router does not forward UDP broadcast packets. Routers must be configured to forward packets specifically for DHCP whenever a DHCP client is separated from the DHCP servers.

Troubleshooting TCP/IP

The TCP/IP protocol suite includes a number of tools that can help you isolate the source of connectivity problems. Windows XP Professional incorporates these tools as command-line executables. Each tool is different in what information it provides and when you might want to use it.

When you are troubleshooting a connectivity problem, remember that sometimes the problem is the hardwarea failed network adapter, a failed port on the hub, a failed switch, and so on. If the communication is between two different physical segments, it could be a problem with the router between them. And if you were able to communicate in the past, and now cannot, the most likely suspect is a configuration change on one of the computers and the second most likely is that a piece of equipment has failed. To check whether there is an adapter failure, you can look at Device Manager in Windows XP.

ARP

After data reaches the segment on which the IP address resides, it needs to discover the Media Access Control (MAC) address of the machine. The address resolution Protocol (ARP) is the protocol in the TCP/IP suite that resolves IP addresses to MAC addresses by creating an Address Resolution table in each host that transmits data on the network segment. Arp is also the name of a utility in the TCP/IP suite that can check the table for errors. You should use the Arp utility when data is sent to a computer unexpectedly.

Event Viewer

One of Windows XP's standard troubleshooting tools is Event Viewer, which is incorporated into the Computer Management console. You can rely on this utility to be able to see errors and system messages. The ones that would be of most concern for a network problem are in the System Event log.

Finger

If you want to finger the culprit when a user has intentionally caused a problem, you can use Finger. Actually, the Finger utility, which is part of the TCP/IP protocol suite, requires the finger service to be running on the computer to which you send the command. (If the service is not running, you see a Connection Timed Out response when you run the Finger command.) What the Finger utility does is query the computer about the services and users that are running on it. Each operating system returns different output to the Finger command.

FTP and TFTP

File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP) are not considered to be troubleshooting tools. Sometimes you need to make certain that a protocol is able to move data from one network segment to another and these two utilities can help out in a pinch because they verify TCP and UDP specifically, as well as all the protocols down to the Physical layer of the stack.

If you want to verify whether the Transport Control Protocol (TCP) is functioning across a router, you can use FTP to download a file from an FTP server on another subnet. If you want to verify whether the User Datagram Protocol (UDP) is functioning across a router, you can use TFTP to download a file from a TFTP server on another subnet.

`Ipconfig`

Windows XP uses the Ipconfig utility to display information about the IP address configuration of its network adapters. When you are experiencing a problem with connectivity, this is the first thing you should check (besides the link lights on the network adapter). If you are using DHCP, you can see whether the adapter was able to obtain an IP address lease. If you are using a static IP address, you can verify and validate whether it has been configured correctly. You can use Ipconfig with the following switches:

ipconfig /all Displays all IP address data for all network adapters. Use this command to see whether an adapter has been misconfigured, or the adapter did not receive a DHCP lease.
ipconfig /release Releases the current DHCP lease. Use this command to remove an IP address that is misconfigured, or when you have moved from one network to another and the wrong IP address is still leased to the adapter.
ipconfig /renew Renews (or tries to renew) the current DHCP lease. Use this command to see whether the computer can contact the DHCP server.
ipconfig /displaydns Displays the contents of the DNS cache. Use this command when the computer connects to the wrong network.
ipconfig /flushdns Flushes the contents of the DNS cache. Use this command when the computer connects to the wrong network and you see incorrect entries after using the ipconfig /displaydns command.
ipconfig /registerdns Renews (or tries to renew) all adapters' DHCP leases and refreshes the DNS configuration. Use this command when the network has temporarily disconnected and you have not rebooted the PC.
ipconfig /showclassid adapter Shows the DHCP class ID. If you use the asterisk (*) in place of adapter, you see the DHCP class ID for all adapters.
ipconfig /setclassid adapter Changes the DHCP class ID for an adapter. If you use the asterisk (*) in the place of adapter, you set the DHCP class ID of all adapters.

`Nbtstat`

The Nbtstat utility is used on networks that run NetBIOS over TCP/IP. This utility checks to see the status of NetBIOS name resolution to IP addresses. You can check current NetBIOS sessions, add entries to the NetBIOS name cache, and check the NetBIOS name and scope assigned to the computer.

`Netstat`

The Netstat command-line tool enables you to check the current status of the computer's IP connections. If you do not use switches, the results are protocol statistics and current TCP/IP connections. You should use Netstat to look for the services that are listening for incoming connections, if you have already checked the IP configuration and, though it is correct, the computer still displays a connectivity problem.

`Nslookup`

NSLookup literally means Name Server Lookup, and is a command-line utility that communicates with a DNS server. There are two modes to Nslookup: interactive and non-interactive. The interactive mode opens a session with a DNS server and views various records. The non-interactive mode asks for one piece of information and receives it. If more information is needed, a new query must be made.

`Ping`

Packet InterNet Groper (Ping) is a valuable tool for determining whether there is a problem with connectivity. The ping command uses an Echo packet at the Network layerthe default is to send a series of four echoes in a rowtransmitting the packets to the IP address specified. The Echo returns an acknowledgment if the IP address is found. The results are displayed in the command window. If an IP address is not found, you see only the response Request timed out. You see similar results to those shown in Figure 11.8, where the first address that was pinged was not found and the second address was found. Ping indicates how long each packet took for the response. You can use the ping command to determine whether a host is reachable, and to determine whether you are losing packets when sending/receiving data to a particular host.

Figure 11.8. `Ping` displays its results in a command window.

You can use the ping command to determine whether the internal TCP/IP protocol stack is functioning properly by pinging the loopback testing address. The command is ping 127.0.0.1

`TRacert`

When you have a problem communicating with a particular host, yet you have determined that your computer is functioning well, you can use tracert (TRace Route) to tell you how the data is moving across the network between your computer and the one that you are having difficulty reaching. TRacert offers a somewhat higher level of information than Ping. Rather than simply tell you that the data was transmitted and returned effectively, as Ping does, tracert logs each hop through which the data was transmitted. Figure 11.9 shows the results of a TRacert command. Keep in mind that some network routers strip out or refuse to reply to tracert requests. When this happens, you see Request timed out messages.

Figure 11.9. `tracert` provides detailed information about the path that data travels between two IP hosts.

Exam Alert

Understand the typical response to a connectivity problem The Microsoft troubleshooting process for TCP/IP is

1.	Verify the hardware is functioning.
2.	Run `Ipconfig` to validate the IP address, mask, default gateway, and DNS server, and whether you are receiving a DHCP leased address.
3.	Ping 127.0.0.1, the loopback address, to validate that TCP/IP is functioning.
4.	Ping the computer's own IP address to eliminate a duplicate IP address as the problem.
5.	Ping the default gateway address, which tells you whether data can travel on the current network segment.
6.	Ping a host that is not on your network segment, which shows whether the router will be able to route your data.
7.	FTP a file from an FTP server not on your network, which tells you whether higher-level protocols are functioning. TFTP a file from a TFTP server on a different network to determine whether UDP packets are able to cross the router.