This section covers:
When you troubleshoot a TCP/IP networking problem, begin by checking the
Note
When you use the ipconfig command with the /all option, a detailed configuration report is produced for all interfaces, including any configured serial ports. With ipconfig /all, you can redirect command output to a file and paste the output into other documents. You can also use this output to confirm the
For example, if a computer is configured with an IP address that is a duplicate of an existing IP address, the subnet mask appears as 0.0.0.0.
The following example shows the output of the ipconfig /all command on a computer that running
IP Configuration
Node Type . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . : No
WINS Proxy Enabled. . . . . : No
Ethernet adapter Local Area Connection:
Host Name . . . . . . . . . : client1.microsoft.com
DNS Servers . . . . . . . . : 10.1.0.200
Description . . . . . . . . : 3Com 3C90x Ethernet Adapter
Physical Address. . . . . . : 00-60-08-3E-46-07
DHCP Enabled. . . . . . . . : Yes
Autoconfiguration Enabled . : Yes
IP Address. . . . . . . . . : 192.168.0.112
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . : 10.1.0.50
Primary WINS Server . . . . : 10.1.0.101
Secondary WINS Server . . . : 10.1.0.102
Lease Obtained. . . . . . . : Wednesday, September 02, 1998 10:32:13 AM
Lease Expires . . . . . . . : Friday, September 18, 1998 10:32:13 AM
If no problems appear in the TCP/IP configuration, the next step is testing the ability to connect to other host computers on the
An alternate method of viewing configuration is available through the Status feature of a network connection. For more information, see To view the status of a local area connection.
When you troubleshoot a
When you use ipconfig /renew, all network adapters on the computer that uses DHCP (except those that are manually configured) try to contact a DHCP server and renew their existing configuration or obtain a new configuration.
You can also use the ipconfig command with the /release option to immediately release the current DHCP configuration for a host.
Note
As an alternative to ipconfig you can use Repair to renew LAN or high-speed Internet connection IP settings. Repair performs a series of commands that repair a connection. The commands that are invoked by Repair are listed below with their command-line equivalents:
Repair | Command-line equivalent |
---|---|
Checks whether DHCP is enabled and, if enabled, issues a broadcast renew to refresh the IP address | No command line equivalent available |
Flushes the ARP cache | arp -d * |
Flush the NetBIOS cache | nbtstat -R |
Flushes the DNS cache | ipconfig /flushdns |
Re-registers with WINS | nbtstat -RR |
Re-registers with DNS | ipconfig /registerdns |
Important
For more information, see To repair a LAN or high-speed Internet connection.
You can also use the ipconfig command to:
For more information, see To flush and reset a client resolver cache using the ipconfig command.
For more information, see To renew DNS client registration using the ipconfig command.
For more information, see To show DHCP class ID information at a client computer.
For more information, see To set DHCP class ID information at a client computer.
The ping command helps to verify IP-level connectivity. When troubleshooting, you can use ping to send an ICMP echo request to a target host name or IP address. Use ping whenever you need to verify that a host computer can connect to the
It is usually best to verify that a route exists between the local computer and a network host by first using the ping command and the IP address of the network host to which you want to connect. Try pinging the IP address of the target host to see if it responds, as follows:
ping IP_address
You should perform the following steps when using ping:
ping 127.0.0.1
ping IP_address_of_local_host
ping IP_address_of_default_gateway
ping IP_address_of_remote_host
The ping command uses Windows Sockets–style name resolution to resolve a computer name to an IP address, so if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, not network connectivity. For more information, see Troubleshooting hardware addresses by using arp.
If you cannot use ping successfully at any point, confirm that:
You can use different options with the ping command to specify the size of packets to use, how many packets to send, whether to record the route used, what Time-to-Live (TTL) value to use, and whether to set the "don't fragment" flag. You can type ping
The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address 131.107.8.1:
C:\>ping -n 2 -l 1450 131.107.8.1
Pinging 131.107.8.1 with 1450 bytes of data:
Reply from 131.107.8.1: bytes=1450 time<10ms TTL=32
Reply from 131.107.8.1: bytes=1450 time<10ms TTL=32
Ping statistics for 131.107.8.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milliseconds:
Minimum = 0ms, Maximum = 10ms, Average = 2ms
By default, ping waits 4,000 milliseconds (4 seconds) for each response to be returned before displaying the "Request Timed Out" message. If the remote system being pinged is across a high-delay link, such as a satellite link, responses may take longer to be returned. You can use the
The Address Resolution Protocol (ARP) allows a host to find the media access control address of a host on the same physical network, given the IP address of the host. To make ARP efficient, each computer caches IP–to–media access control address mappings to eliminate repetitive ARP broadcast requests.
You can use the arp command to view and modify the ARP table entries on the local computer. The arp command is useful for viewing the ARP cache and resolving address resolution problems.
For more information, see To view the Address Resolution Protocol (ARP) cache and To add a static ARP cache entry.
NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.
Nbtstat is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat command to remove or correct preloaded entries:
NetBIOS connection table
Local name State In/out Remote Host Input Output
------------------------------------------------------------------
CORP1 <00> Connected Out CORPSUP1<20> 6MB 5MB
CORP1 <00> Connected Out CORPPRINT<20> 108KB 116KB
CORP1 <00> Connected Out CORPSRC1<20> 299KB 19KB
CORP1 <00> Connected Out CORPEMAIL1<20> 324KB 19KB
CORP1 <03> Listening
You can use the netstat command to display protocol statistics and current
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211
C:\>netstat -n -o
Active Connections
Proto Local Address Foreign Address State PID
TCP 172.31.71.152:1136 157.54.2.84:389 CLOSE_WAIT 180
TCP 172.31.71.152:2730 172.31.71.99:139 ESTABLISHED 4
TCP 172.31.71.152:3110 157.54.2.84:389 CLOSE_WAIT 364
TCP 172.31.71.152:3796 172.30.236.233:1479 ESTABLISHED 1128
TCP 172.31.71.152:3800 172.30.236.233:1740 ESTABLISHED 1128
TCP 172.31.71.152:3815 172.30.236.233:1479 ESTABLISHED 908
TCP 172.31.71.152:3819 172.30.236.233:1740 ESTABLISHED 908
TCP 172.31.71.152:4034 172.31.16.197:139 TIME_WAIT 0
TCP 172.31.71.152:4037 157.54.4.183:445 TIME_WAIT 0
TCP 172.31.71.152:4043 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4044 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4045 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4046 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4047 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4048 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4049 157.60.218.11:119 TIME_WAIT 0
TCP 172.31.71.152:4050 157.60.218.11:119 TIME_WAIT 0
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP CORP1:1572 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1589 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1606 172.16.105.245:nbsession ESTABLISHED
TCP CORP1:1632 172.16.48.213:nbsession ESTABLISHED
TCP CORP1:1659 172.16.48.169:nbsession ESTABLISHED
TCP CORP1:1714 172.16.48.203:nbsession ESTABLISHED
TCP CORP1:1719 172.16.48.36:nbsession ESTABLISHED
TCP CORP1:1241 172.16.48.101:nbsession ESTABLISHED
UDP CORP1:1025 *:*
UDP CORP1:snmp *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
C:\>netstat -s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMP Statistics
Received Sent
Messages 693 4
Errors 0 0
Destination Unreachable 685 0
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echoes 4 0
Echo Replies 0 4
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
TCP Statistics
Active Opens = 597
Passive Opens = 135
Failed Connection Attempts = 107
Reset Connections = 91
Current Connections = 8
Segments Received = 106770
Segments Sent = 118431
Segments Retransmitted = 461
UDP Statistics
Datagrams Received = 4157136
No Ports = 351928
Receive Errors = 2
Datagrams Sent = 13809
Tracert (Trace Route) is a route-tracing utility that is used to determine the path that an IP datagram takes to reach a destination. The tracert command uses the IP Time-to-Live (TTL) field and ICMP error messages to determine the route from one host to another through a network.
The Tracert diagnostic utility determines the route taken to a destination by sending Internet Control Message Protocol (ICMP) echo packets with varying IP Time-to-Live (TTL) values to the destination. Each router along the path is required to decrement the TTL on a packet by at least 1 before forwarding it. When the TTL on a packet reaches 0, the router should send an "ICMP Time Exceeded" message back to the source computer.
Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the "ICMP Time Exceeded" messages sent back by intermediate routers. Some routers silently drop packets with expired TTLs and are invisible to the Tracert utility.
The tracert command prints out an ordered list of the near-side interface of the routers in the path that returned the "ICMP Time Exceeded" message. If the
In the following example, the packet must travel through two routers (10.0.0.1 and 192.168.0.1) to get to host 172.16.0.99. The default gateway of the host is 10.0.0.1 and the IP address of the router on the 192.168.0.0 network is 192.168.0.1.
C:\>tracert 172.16.0.99 -d
Tracing route to 172.16.0.99 over a maximum of 30 hops
1 2 ms 3 ms 2 ms 10.0.0.1
2 75 ms 83 ms 88 ms 192.168.0.1
3 73 ms 79 ms 93 ms 172.16.0.99
Trace complete.
You can use the tracert command to determine where a packet stopped on the network. In the following example, the default gateway has determined that there is not a valid path for the host on 192.168.10.99. There is probably a router configuration problem or the 192.168.10.0 network does not exist (a bad IP address).
C:\>tracert 192.168.10.99
Tracing route to 192.168.10.99 over a maximum of 30 hops
1 10.0.0.1 reports: Destination net unreachable.
Trace complete.
The Tracert utility is useful for troubleshooting large networks where several paths can be taken to arrive at the same point.
The tracert command supports several options, as shown in the following table.
tracert [
Option | Description |
---|---|
–d | Specifies that IP addresses are not resolved to host names. |
–h maximum_hops | Specifies the number of hops to allow in tracing a route to the host named in target_name. |
–j host-list | Specifies the list of router interfaces in the path taken by the Tracert utility packets. |
–w timeout | Waits the number of milliseconds specified by timeout for each reply. |
target_name | Name or IP address of the target host. |
For more information, see To trace a path by using the tracert command.
The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.
Option | Name | Function |
---|---|---|
–n | Hostnames | Does not resolve addresses to host names. |
–h | Maximum hops | Maximum number of hops to search for target. |
–g | Host-list | Loose source route along host list. |
–p | Period | Number of milliseconds to wait between pings. |
–q | Num_queries | Number of queries per hop. |
–w | Time-out | Waits this many milliseconds for each reply. |
–i | address | Use the specified source address. |
–4 | IPv4 | Force pathping to use IPv4. |
–6 | IPv6 | Force pathping to use IPv6. |
The default number of hops is 30, and the default wait time before a time-out is 3 seconds. The default period is 250 milliseconds, and the default number of queries to each router along the path is 100.
The following is a typical pathping report. The compiled statistics that follow the hop list indicate packet loss at each individual router.
D:\>pathping -n server1
Tracing route to server1 [10.54.1.196]
over a maximum of 30 hops:
0 172.16.87.35
1 172.16.87.218
2 192.168.52.1
3 192.168.80.1
4 10.54.247.14
5 10.54.1.196
Computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 172.16.87.35
0/ 100 = 0% |
1 41ms 0/ 100 = 0% 0/ 100 = 0% 172.16.87.218
13/ 100 = 13% |
2 22ms 16/ 100 = 16% 3/ 100 = 3% 192.168.52.1
0/ 100 = 0% |
3 24ms 13/ 100 = 13% 0/ 100 = 0% 192.168.80.1
0/ 100 = 0% |
4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14
0/ 100 = 0% |
5 24ms 13/ 100 = 13% 0/ 100 = 0% 10.54.1.196
Trace complete.
When pathping is run, you first see the results for the route as it is tested for problems. This is the same path that is shown by the tracert command. The pathping command then displays a busy message for the next 125 seconds (this time varies by the hop count). During this time, pathping gathers information from all the routers previously listed and from the links between them. At the end of this period, it displays the test results.
The two rightmost columns—This Node/Link Lost/Sent=Pct and Address—contain the most useful information. The link between 172.16.87.218 (hop 1), and 192.168.52.1 (hop 2) is dropping 13 percent of the packets. All other links are working normally. The routers at hops 2 and 4 also drop packets addressed to them (as shown in the This Node/Link column), but this loss does not affect their forwarding path.
The loss rates displayed for the links (marked as a | in the rightmost column) indicate losses of packets being forwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by their IP addresses in the rightmost column) indicate that those routers' CPUs might be overloaded. These congested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software routers.