Most client and server operating systems that support Transmission Control Protocol/Internet Protocol (TCP/IP) come with a suite of commands and tools that are designed to let you examine TCP/IP configuration information and diagnose and correct problems. Although the exact form of these commands varies between Windows and Unix/Linux, most are surprisingly similar. This chapter is a reference to the most commonly used TCP/IP commands.
Using the arp Command
Using the arp command allows you to display and modify the Address Resolution Protocol (ARP) cache, which is a simple mapping of IP addresses to MAC addresses. Each time a computer's TCP/IP stack uses ARP to determine the Media Access Control (MAC) address for an IP address, it records the mapping in the ARP cache so that future ARP lookups go faster.
If you use the arp command without any parameters, you get a list of the command’s parameters. To display the ARP cache entry for a specific IP address, use an -a switch followed by the IP address. For example:
C:\>arp -a 192.168.168.22
Interface: 192.168.168.21 --- 0x10004
Internet Address Physical Address Type
192.168.168.22 00-60-08-39-e5-a1 dynamic
C:\>
You can display the complete ARP cache by using -a without specifying an IP address, like this:
C:\>arp -a
Interface: 192.168.168.21 --- 0x10004
Internet Address Physical Address Type
192.168.168.9 00-02-e3-16-e4-5d dynamic
192.168.168.10 00-50-04-17-66-90 dynamic
192.168.168.22 00-60-08-39-e5-a1 dynamic
192.168.168.254 00-40-10-18-42-49 dynamic
C:\>
ARP is sometimes useful when diagnosing duplicate IP assignment problems. For example, suppose you can't access a computer that has an IP address of 192.168.168.100. You try to ping the computer, expecting the ping to fail, but lo and behold — the ping succeeds. One possible cause for this may be that two computers on the network have been assigned the address 192.168.168.100, and your ARP cache is pointing to the wrong one. The way to find out is to go to the 192.168.168.100 computer that you want to access, run ipconfig /all, and make a note of the physical address. Then return to the computer that's having trouble reaching the 192.168.168.100 computer, run arp -a, and compare the physical address with the one you noted. If they're different, two computers are assigned the same IP address. You can then check the Dynamic Host Configuration Protocol (DHCP) or static TCP/IP configuration of the computers involved to find out why.
Using the hostname Command
The hostname command is the simplest of all the TCP/IP commands presented in this chapter. It simply displays the computer’s host name. For example:
C:\>hostname
doug
C:\>
Here, the host name for the computer is doug. The Windows version of the hostname command has no parameters. However, the Unix/Linux versions of hostname let you set the computer's host name as well as display it. You do that by specifying the new host name as an argument.
Using the ipconfig Command
Using the ipconfig command displays information about a computer’s TCP/IP configuration. It can also be used to update DHCP and Domain Name Server (DNS) settings.
Displaying basic IP configuration
To display the basic IP configuration for a computer, use the ipconfig command without any parameters, like this:
When you use ipconfig without parameters, the command displays the name of the adapter, the domain name used for the adapter, the IP address, the subnet mask, and the default gateway configuration for the adapter. This is the easiest way to determine a computer's IP address.
If your computer indicates an IP address in the 169.254.x.x block, odds are good that the DHCP server isn't working. 169.254.x.x is the Class B address block that Windows uses when it resorts to IP Autoconfiguration. This usually happens only when the DHCP server can't be reached or isn’t working.
Displaying detailed configuration information
You can display detailed IP configuration information by using an /all switch with the ipconfig command, like this:
You can determine a lot of information about the computer from the ipconfig /all command. For example:
The computer's host name is WK17-001.
The computer’s IPv4 address is 192.168.1.110, and the subnet mask is 255.255.255.0.
The default gateway is a router located at 192.168.1.1.
The DNS servers are at 192.168.1.10 and 68.87.76.178.
Renewing an IP lease
If you're having an IP configuration problem, you can often solve it by renewing the computer’s IP lease. To do that, use a /renew switch, like this:
C:\>ipconfig /renew
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address… … … : 192.168.1.110
Subnet Mask … … . . : 255.255.255.0
Default Gateway … … : 192.168.1.1
C:\>
When you renew an IP lease, the ipconfig command displays the new lease information.
This command won't work if you configured the computer to use a static IP address.
Releasing an IP lease
You can release an IP lease by using an ipconfig command with the /release parameter, like this:
C:\>ipconfig /release
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address … … … . . : 0.0.0.0
Subnet Mask… … … . . : 0.0.0.0
Default Gateway … … … :
C:\>
As you can see, the DNS suffix and default gateway for the computer are blank, and the IP address and subnet mask are set to 0.0.0.0.
After you release the DHCP lease, you can use an ipconfig /renew command to obtain a new DHCP lease for the computer.
Flushing the local DNS cache
You probably won't need to do this unless you’re having DNS troubles. If you’ve been tinkering with your network’s DNS configuration, though, you may need to flush the cache on your DNS clients so that they’ll be forced to reacquire information from the DNS server. You can do that by using a /flushdns switch:
C:\>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\>
Even if you don’t need to do this, it’s fun just to see the computer read flushed. If I worked at Microsoft, you'd be able to revert Windows Vista computers back to XP by using a /flushVista switch.
Using the nbtstat Command
nbtstat is a Windows-only command that can help solve problems with NetBIOS name resolution. (nbt stands for NetBIOS over TCP/IP.) You can use any of the switches listed in Table 7-1 to specify what nbtstat output you want to display. For example, you can use an -a switch to display the cached name table for a specified computer, like this:
Lists the specified computer's name table given the computer’s name
-A IP-address
Lists the specified computer’s name table given the computer’s IP address
-c
Lists the contents of the NetBIOS cache
-n
Lists locally registered NetBIOS names
-r
Displays a count of the names resolved by broadcast and via WINS
-R
Purges and reloads the cached name table from the LMHOSTS file
-RR
Releases and then reregisters all names
-S
Displays the sessions table using IP addresses
-s
Displays the sessions table and converts destination IP addresses to computer NetBIOS names
Table 7-1 lists the switches that you can use with nbtstat and explains the function of each switch.
Using the netstat Command
Using the netstat command displays a variety of statistics about a computer's active TCP/IP connections. It’s a useful tool to use when you’re having trouble with TCP/IP applications, such as File Transfer Protocol (FTP), HyperText Transport Protocol (HTTP), and so on.
Displaying connections
If you run netstat without specifying any parameters, you get a list of active connections, something like this:
C:\>netstat
Active Connections
Proto Local Address Foreign Address State
TCP Doug:1463 192.168.168.10:1053 ESTABLISHED
TCP Doug:1582 192.168.168.9:netbios-ssn ESTABLISHED
TCP Doug:3630 192.168.168.30:9100 SYN_SENT
TCP Doug:3716 192.168.168.10:4678 ESTABLISHED
TCP Doug:3940 192.168.168.10:netbios-ssn ESTABLISHED
C:\>
This list shows all the active connections on the computer and indicates the local port used by the connection, as well as the IP address and port number for the remote computer.
You can specify the -n switch to display both local and foreign addresses in numeric IP form:
C:\>netstat -n
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.168.21:1463 192.168.168.10:1053 ESTABLISHED
TCP 192.168.168.21:1582 192.168.168.9:139 ESTABLISHED
TCP 192.168.168.21:3716 192.168.168.10:4678 ESTABLISHED
TCP 192.168.168.21:3904 207.46.106.78:1863 ESTABLISHED
TCP 192.168.168.21:3940 192.168.168.10:139 ESTABLISHED
C:\>
Finally, you can specify the -a switch to display all TCP/IP connections and ports that are being listened to. I won't list the output from that command here because it would run several pages, and I want to do my part for the rainforests. Suffice it to say that it looks a lot like the netstat output shown previously, but a lot longer.
Displaying interface statistics
If you use an -e switch, netstat displays various protocol statistics, like this:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 672932849 417963911
Unicast packets 1981755 1972374
Non-unicast packets 251869 34585
Discards 0 0
Errors 0 0
Unknown protocols 1829
C:\>
The items to pay attention to in this output are the Discards and Errors. These numbers should be zero, or at least close to it. If they're not, the network may be carrying too much traffic or the connection may have a physical problem. If no physical problem exists with the connection, try segmenting the network to see whether the error and discard rates drop.
You can display additional statistics by using an -s switch, like this:
C:\>netstat -s
IPv4 Statistics
Packets Received = 9155
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 14944
Output Requests = 12677
Routing Discards = 0
Discarded Output Packets = 71
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
IPv6 Statistics
Packets Received = 3
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 345
Output Requests = 377
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0
ICMPv4 Statistics
Received Sent
Messages 6 14
Errors 0 0
Destination Unreachable 6 14
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 0 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0
ICMPv6 Statistics
Received Sent
Messages 3 7
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 6
Router Advertisements 3 0
Neighbor Solicitations 0 1
Neighbor Advertisements 0 0
Redirects 0 0
Router Renumberings 0 0
TCP Statistics for IPv4
Active Opens = 527
Passive Opens = 2
Failed Connection Attempts = 1
Reset Connections = 301
Current Connections = 1
Segments Received = 8101
Segments Sent = 6331
Segments Retransmitted = 301
TCP Statistics for IPv6
Active Opens = 1
Passive Opens = 1
Failed Connection Attempts = 0
Reset Connections = 1
Current Connections = 0
Segments Received = 142
Segments Sent = 142
Segments Retransmitted = 0
UDP Statistics for IPv4
Datagrams Received = 6703
No Ports = 0
Receive Errors = 0
Datagrams Sent = 6011
UDP Statistics for IPv6
Datagrams Received = 32
No Ports = 0
Receive Errors = 0
Datagrams Sent = 200
C:\>
Using the nslookup Command
The nslookup command is a powerful tool for diagnosing DNS problems. You know you're experiencing a DNS problem when you can access a resource by specifying its IP address but not its DNS name. For example, if you can get to www.ebay.com by typing 66.135.192.87 in your browser’s address bar but not by typing www.ebay.com, you have a DNS problem.
Looking up an IP address
The simplest use of nslookup is to look up the IP address for a given DNS name. For example, how did I know that 66.135.192.87 was the IP address for www.ebay.com? I used nslookup to find out:
C:\>nslookup ebay.com
Server: ns1.orng.twtelecom.net
Address: 168.215.210.50
Non-authoritative answer:
Name: ebay.com
Address: 66.135.192.87
C:\>
As you can see, just type nslookup followed by the DNS name you want to look up, and nslookup issues a DNS query to find out. This DNS query was sent to the server named ns1.orng.twtelecom.net at 168.215.210.50. It then displayed the IP address that's associated with ebay.com: namely, 66.135.192.87.
In some cases, you may find that using an nslookup command gives you the wrong IP address for a host name. To know that for sure, of course, you have to know with certainty what the host IP address should be. For example, if you know that your server is 203.172.182.10 but nslookup returns a completely different IP address for your server when you query the server's host name, something is probably wrong with one of the DNS records.
Using nslookup subcommands
If you use nslookup without any arguments, the nslookup command enters a subcommand mode. It displays a prompt character (>) to let you know that you're in nslookup subcommand mode rather than at a normal Windows command prompt. In subcommand mode, you can enter various subcommands to set options or to perform queries. You can type a question mark (?) to get a list of these commands. Table 7-2 lists the subcommands you'll use most.
TABLE 7-2 The Most Commonly Used nslookup Subcommands
Subcommand
What It Does
name
Queries the current name server for the specified name.
server name
Sets the current name server to the server you specify.
root
Sets the root server as the current server.
set type=x
Specifies the type of records to be displayed, such as A, CNAME, MX, NS, PTR, or SOA. Specify ANY to display all records.
set debug
Turns on Debug mode, which displays detailed information about each query.
set nodebug
Turns off Debug mode.
set recurse
Enables recursive searches.
set norecurse
Disables recursive searches.
exit
Exits the nslookup program and returns you to a command prompt.
Displaying DNS records
One of the main uses of nslookup is to examine your DNS configuration to make sure that it's set up properly. To do that, follow these steps:
At a command prompt, type nslookup without any parameters.
nslookup displays the name of the default name server and displays the > prompt.
C:\>nslookup
Default Server: ns1.orng.twtelecom.net
Address: 168.215.210.50
>
Type the subcommand set type=any.
nslookup silently obeys your command and displays another prompt:
> set type=any
>
Type your domain name.
nslookup responds by displaying the name servers for your domain:
> lowewriter.com
Server: ns1.orng.twtelecom.net
Address: 168.215.210.50
Non-authoritative answer:
lowewriter.com nameserver = NS000.NS0.com
lowewriter.com nameserver = NS207.PAIR.com
lowewriter.com nameserver = NS000.NS0.com
lowewriter.com nameserver = NS207.PAIR.com
>
Use a server command to switch to one of the domain's name servers.
For example, to switch to the first name server listed in Step 3, type server NS000.NS0.com. nslookup replies with a message that indicates the new default server:
> server ns000.ns0.com
Default Server: ns000.ns0.com
Address: 216.92.61.61
>
Type your domain name again.
This time, nslookup responds by displaying the DNS information for your domain:
> lowewriter.com
Server: ns000.ns0.com
Address: 216.92.61.61
lowewriter.com
primary name server = ns207.pair.com
responsible mail addr = root.pair.com
serial = 2001121009
refresh = 3600 (1 hour)
retry = 300 (5 mins)
expire = 604800 (7 days)
default TTL = 3600 (1 hour)
lowewriter.com nameserver = ns000.ns0.com
lowewriter.com nameserver = ns207.pair.com
lowewriter.com MX preference = 50, mail exchanger = sasi.pair.com
lowewriter.com internet address = 209.68.34.15
>
Type exit to leave the nslookup program.
You return to a command prompt.
> exit
C:\>
Wasn't that fun?
Locating the mail server for an email address
If you’re having trouble delivering mail to someone, you can use nslookup to determine the IP address of the user’s mail server. Then, you can use the ping command to see whether you can contact the user's mail server. If not, you can use the tracert command to find out where the communication breaks down. (See “Using the tracert Command” later in this chapter for more information.)
To find a user's mail server, start nslookup and enter the command set type=MX. Then, enter the domain portion of the user’s email address. For example, if the user’s address is Doug@LoweWriter.com, enter LoweWriter.com. nslookup will display the MX (Mail Exchange) information for the domain, like this:
C:\>nslookup
Default Server: ns7.attbi.com
Address: 204.127.198.19
> set type=mx
> lowewriter.com
Server: ns7.attbi.com
Address: 204.127.198.19
lowewriter.com MX preference = 50, mail exchanger = sasi.pair.com
lowewriter.com nameserver = ns000.ns0.com
lowewriter.com nameserver = ns207.pair.com
ns000.ns0.com internet address = 216.92.61.61
ns207.pair.com internet address = 209.68.2.52
>
Here, you can see that the name of the mail server for the LoweWriter.com domain is sasi.pair.com.
Taking a ride through DNS-Land
Ever find yourself wondering how DNS really works? I mean, how is it that you can type a DNS name like www.disneyland.com into a web browser and you're almost instantly transported to the Magic Kingdom? Is it really magic?
Nope. It isn’t magic; it’s DNS. In Book 2, Chapter 6, I present a somewhat dry and theoretical overview of DNS. After you have the nslookup command in your trusty TCP/IP toolbox, take a little trip through the Internet’s maze of DNS servers to find out how DNS gets from www.disneyland.com to an IP address in just a matter of milliseconds.
DNS does its whole name resolution thing so fast that it's easy to take it for granted. If you follow this little procedure, you’ll gain a deeper appreciation for what DNS does literally tens of thousands of times every second of every day.
At a command prompt, type nslookup without any parameters.
nslookup displays the name of the default name server and displays the > prompt.
C:\>nslookup
Default Server: ns1.orng.twtelecom.net
Address: 168.215.210.50
>
Type root to switch to one of the Internet's root servers.
nslookup switches to one of the Internet’s 13 root servers and then displays the > prompt.
nslookup sends a query to the root server to ask whether it knows the IP address of www.disneyland.com. The root server answers with a referral, meaning that it doesn't know about www.disneyland.com, but you should try one of these servers because they know all about the com domain.
Type server followed by the name or IP address of one of the com domain name servers.
It doesn't really matter which one you pick. nslookup switches to that server. (The server may spit out some other information besides what I show here; I left it out for clarity.)
nslookup sends a query to the com server to ask whether it knows where the Magic Kingdom is. The com server's reply indicates that it doesn’t know where www.disneyland.com is, but it does know which server is responsible for disneyland.com.
Once again, nslookup sends a query to the name server to find out whether it knows where the Magic Kingdom is. Of course, huey.disney.comdoes know, so it tells us the answer:
Type Exit, and then shout like Tigger in amazement at how DNS queries work.
And be glad that your DNS resolver and primary name server do all this querying for you automatically.
Okay, maybe that wasn't an E Ticket ride, but it never ceases to amaze me that the DNS system can look up any DNS name hosted anywhere in the world almost instantly.
Using the pathping Command
pathping is an interesting command that’s unique to Windows. It’s sort of a cross between the ping command and the tracert command, combining the features of both into one tool. When you run pathping, it first traces the route to the destination address much the way tracert does. Then, it launches into a 25-second test of each router along the way, gathering statistics on the rate of data loss to each hop. If the route has a lot of hops, this can take a long time. However, it can help you to spot potentially unreliable hops. If you're having intermittent trouble reaching a particular destination, using pathping may help you pinpoint the problem.
The following command output is typical of the pathping command. Using an -n switch causes the display to use numeric IP numbers only, instead of DNS host names. Although fully qualified host names are convenient, they tend to be very long for network routers, which makes the pathping output very difficult to decipher.
ping is probably the most basic TCP/IP command line tool. Its main purpose is to determine whether you can reach another computer from your computer. It uses Internet Control Message Protocol (ICMP) to send mandatory ECHO_REQUEST datagrams to the specified host computer. When the reply is received back from the host, the ping command displays how long it took to receive the response.
You can specify the host to ping by using an IP address, as in this example:
C:\>ping 192.168.168.10
Pinging 192.168.168.10 with 32 bytes of data:
Reply from 192.168.168.10: bytes=32 time<1ms TTL=128
Reply from 192.168.168.10: bytes=32 time<1ms TTL=128
Reply from 192.168.168.10: bytes=32 time<1ms TTL=128
Reply from 192.168.168.10: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.168.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>
By default, the ping command sends four packets to the specified host. It displays the result of each packet sent. Then it displays summary statistics: how many packets were sent, how many replies were received, the error loss rate, and the approximate round-trip time.
You can also ping by using a DNS name, as in this example:
Pinging lowewriter.com [209.68.34.15] with 32 bytes of data:
Reply from 209.68.34.15: bytes=32 time=84ms TTL=53
Reply from 209.68.34.15: bytes=32 time=84ms TTL=53
Reply from 209.68.34.15: bytes=32 time=84ms TTL=53
Reply from 209.68.34.15: bytes=32 time=84ms TTL=53
Ping statistics for 209.68.34.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 84ms, Maximum = 84ms, Average = 84ms
C:\>
The ping command uses a DNS query to determine the IP address for the specified host, and then pings the host based on its IP address.
The ping command has a number of other switches that you'll use rarely, if ever. Some of these switches are available only for some operating systems. To find out which switches are available for your version of Ping, type ping /? (Windows) or man ping (Unix/Linux).
You can find a very interesting story about the creation of the ping command written by the command’s author, Mike Muus, at his website at http://ftp.arl.mil/~mike/ping.html. (Sadly, Mr. Muus was killed in an automobile accident in November 2000.)
Using the route Command
Using the route command displays or modifies the computer's routing table. For a typical computer that has a single network interface and is connected to a local area network (LAN) that has a router, the routing table is pretty simple and isn’t often the source of network problems. Still, if you’re having trouble accessing other computers or other networks, you can use the route command to make sure that a bad entry in the computer’s routing table isn’t the culprit.
For a computer with more than one interface and that’s configured to work as a router, the routing table is often a major source of trouble. Setting up the routing table properly is a key part of configuring a router to work.
Displaying the routing table
To display the routing table (both IPv4 and IPv6) in Windows, use the route print command. In Unix/Linux, you can just use route without any command line switches. The output displayed by the Windows and Unix/Linux commands are similar. Here's an example from a typical Windows client computer:
For each entry in the routing table, five items of information are listed:
The destination IP address
Actually, this is the address of the destination subnet, and must be interpreted in the context of the subnet mask.
The subnet mask that must be applied to the destination address to determine the destination subnet
The IP address of the gateway to which traffic intended for the destination subnet will be sent
The IP address of the interface through which the traffic will be sent to the destination subnet
The metric, which indicates the number of hops required to reach destinations via the gateway
Each packet that’s processed by the computer is evaluated against the rules in the routing table. If the packet’s destination address matches the destination subnet for the rule, the packet is sent to the specified gateway via the specified network interface. If not, the next rule is applied.
The computer on which I ran the route command in this example is on a private 192.168.1.0 subnet. The computer's IP address is 192.168.1.100, and the default gateway is a router at 192.168.1.1.
Here's how the rules shown in this example are used. Notice that you have to read the entries from the bottom up:
The first rule is for packets sent to 255.255.255.255, with subnet mask 255.255.255.255. This special IP address is for broadcast packets. The rule specifies that these broadcast packets should be delivered to the local network interface (192.168.1.100).
The next rule is for packets sent to 192.168.1.255, again with subnet mask 255.255.255.255. These are also broadcast packets and are sent to the local network interface.
The next rule is for packets sent to 192.168.1.100, again with subnet mask 255.255.255.255. This is for packets that the computer is sending to itself via its own IP address. This rule specifies that these packets will be sent to the local loopback interface on 127.0.0.1.
The next rule is for packets sent to 192.168.1.0, with subnet mask 255.255.255.0. These are packets intended for the local subnet. They're sent to the subnet via the local interface at 192.169.1.100.
The next rule is for packets sent to the loopback address (127.0.0.1, subnet mask 255.0.0.0). These packets are sent straight through to the loopback interface, 127.0.0.1.
The last rule is for everything else. All IP addresses will match the destination IP address 0.0.0.0 with subnet mask 0.0.0.0 and will be sent to the default gateway router at 192.168.1.1 via the computer's network interface at 192.168.1.100.
One major difference between the Windows version of route and the Unix/Linux version is the order in which they list the routing table. The Windows route command lists the table starting with the most general entry and works toward the most specific. The Unix/Linux version is the other way around: It starts with the most specific and works toward the more general. The Unix/Linux order makes more sense — the Windows route command displays the routing list upside down.
Modifying the routing table
Besides displaying the routing table, the route command also lets you modify it by adding, deleting, or changing entries.
Don't try this unless you know what you’re doing. If you mess up the routing table, your computer may not be able to communicate with anyone.
The syntax for the route command for adding, deleting, or changing a route entry is
route [-p] command dest [mask subnet] gateway [-if interface]
The following list describes each of the route command's parameters:
–p: Makes the entry persistent. If you omit -p, the entry will be deleted the next time you reboot. (Use this only with add commands.)
command: Add, delete, or change.
dest: The IP address of the destination subnet.
masksubnet: The subnet mask. If you omit the subnet mask, the default is 255.255.255.255, meaning that the entry will apply only to a single host rather than a subnet. You usually want to include the mask.
gateway: The IP address of the gateway to which packets will be sent.
ifinterface: The IP address of the interface through which packets will be sent. If your computer has only one network interface, you can omit this.
Suppose that your network has a second router that serves as a link to another private subnet, 192.168.2.0 (subnet mask 255.255.255.0). The interface on the local side of this router is at 192.168.1.200. To add a static route entry that sends packets intended for the 192.168.2.0 subnet to this router, use a command like this:
Notice that I specify the mask again. If you omit the mask from a route change command, the command changes the mask to 255.255.255.255!
Finally, suppose that you realize that setting up a second router on this network wasn't such a good idea after all, so you want to just delete the entry. The following command will do the trick:
C:\>route delete 192.168.2.0
Using the tracert Command
The tracert command (traceroute in Unix/Linux implementations) is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where tracert is run to any other computer on the Internet. Each one of these routers is called a hop, presumably because the original designers of the IP protocol played a lot of hopscotch when they were young. If you can't connect to another computer, you can use tracert to find out exactly where the problem is occurring.
tracert makes three attempts to contact the router at each hop and displays the response time for each of these attempts. Then, it displays the DNS name of the router (if available) and the router's IP address.
To use tracert, type the tracert command followed by the host name of the computer to which you want to trace the route. For example, suppose that you're having trouble sending mail to a recipient at wiley.com. You’ve used nslookup to determine that the mail server for wiley.com is xmail.wiley.com, so now you can use tracert to trace the routers along the path from your computer to xmail.wiley.com:
C:\>tracert xmail.wiley.com
Tracing route to xmail.wiley.com [208.215.179.78]
over a maximum of 30 hops:
1 27 ms 14 ms 10 ms 10.242.144.1
2 11 ms 43 ms 10 ms bar01-p5-0-0.frsnhe4.ca.attbb.net [24.130.64.125]
3 9 ms 14 ms 12 ms bar01-p4-0-0.frsnhe1.ca.attbb.net [24.130.0.5]
4 25 ms 30 ms 29 ms bic01-p6-0.elsgrdc1.ca.attbb.net [24.130.0.49]
5 25 ms 29 ms 43 ms bic02-d4-0.elsgrdc1.ca.attbb.net [24.130.0.162]
6 21 ms 19 ms 20 ms bar01-p2-0.lsanhe4.ca.attbb.net [24.130.0.197]
7 37 ms 38 ms 19 ms bic01-p2-0.lsanhe3.ca.attbb.net [24.130.0.193]
8 20 ms 22 ms 21 ms 12.119.9.5
9 21 ms 21 ms 22 ms tbr2-p012702.la2ca.ip.att.net [12.123.199.241]
10 71 ms 101 ms 62 ms tbr2-p013801.sl9mo.ip.att.net [12.122.10.13]
11 68 ms 77 ms 71 ms tbr1-p012401.sl9mo.ip.att.net [12.122.9.141]
12 79 ms 81 ms 83 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
13 83 ms 107 ms 103 ms tbr1-p012201.n54ny.ip.att.net [12.122.10.17]
14 106 ms 85 ms 105 ms gbr6-p30.n54ny.ip.att.net [12.122.11.14]
15 104 ms 96 ms 88 ms gar3-p370.n54ny.ip.att.net [12.123.1.189]
16 98 ms 86 ms 83 ms 12.125.50.162
17 85 ms 90 ms 87 ms xmail.wiley.com [208.215.179.78]
Trace complete.
Wow, when I send mail to my editors at Wiley, the mail travels through 17 routers along the way. No wonder I'm always missing deadlines!
The most likely problem that you’ll encounter when you use tracert is a timeout during one of the hops. Timeouts are indicated by asterisks where you’d expect to see a time. For example, the following tracert output shows the fourth hop timing out on all three attempts:
C:\>tracert xmail.wiley.com
Tracing route to xmail.wiley.com [208.215.179.78]
over a maximum of 30 hops:
1 27 ms 14 ms 10 ms 10.242.144.1
2 11 ms 43 ms 10 ms bar01-p5-0-0.frsnhe4.ca.attbb.net [24.130.64.125]
3 9 ms 14 ms 12 ms bar01-p4-0-0.frsnhe1.ca.attbb.net [24.130.0.5]
4 * * * Request timed out.
Sometimes, timeouts are caused by temporary problems, so you should try the tracert again to see if the problem persists. If you keep getting timeouts at the same router, the router could be having a genuine problem.
Recognizing tools and commands
ARP is sometimes useful when diagnosing duplicate IP assignment problems. For example, suppose you can't access a computer that has an IP address of 
This command won't work if you configured the computer to use a static IP address.
The items to pay attention to in this output are the Discards and Errors. These numbers should be zero, or at least close to it. If they're not, the network may be carrying too much traffic or the connection may have a physical problem. If no physical problem exists with the connection, try segmenting the network to see whether the error and discard rates drop.
It figures that Disney's name server is