Network Tools

You won't use them often if your LAN and your Internet connection are working properly, but you should know about a handful of troubleshooting tools that allow you to examine the innards of your network and its Internet connection.

All of these tools are simple text commands that you can use with just about any operating system. When you type a command, the system will display the results in the same window or screen. In Microsoft Windows, you can open a Command Prompt window after selecting Start▸ Programs or by selecting Start▸ Run and then typing cmd. In Mac OS X, select Applications▸ Utilities and the Terminal program. If you're using Linux or Unix, use a command prompt or an XTerminal.

IPConfig

The IPConfig tool displays detailed information about your computer's current LAN and Internet connection, as shown in Example 4-1.

Example 4-1. The IPConfig tool displays the status of a computer's network configuration.

C:\>IPConfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . : domain.actdsltmp
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1

In this example, Connection-specific DNS Suffix is an address assigned by a DHCP host. This address is often an arbitrary name used internally within the network, but if your computer is connected directly to the Internet, it might be your computer's DNS address. If you try to connect to a domain name without a suffix (such as "example" rather than "example.net"), the network will assign this suffix to the address when it sends it to a DNS server.

The IP Address is the numeric address of this computer within the LAN or WAN. The Subnet Mask tells the network which parts of the numeric address identify individual computers, and the Default Gateway is the numeric address within the LAN of the gateway router that connects your LAN to the Internet.

For more details about your network connection, add /all to the command, as shown in Example 4-2.

Example 4-2. The IPConfig /all command displays additional information about your connection.

C:\>IPConfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : desktop
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.actdsltmp
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
        Physical Address. . . . . . . . . : 00-0C-F1-AA-BF-BF
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 198.137.231.1
                                            206.63.63.1
        Lease Obtained. . . . . . . . . . : Wednesday, April 08, 2009 3:11:22 PM
        Lease Expires . . . . . . . . . . : Friday, April 10, 2009 3:11:22 PM

Obviously, this command produces a lot more information. The Host Name is the name that this computer uses on the LAN. The Description identifies the type of network interface adapter that connects this computer to the network. The Physical Address is the MAC address—the unique hardware identifier—of the network adapter. The DHCP Server is the address of the device that assigns IP addresses to other devices on the LAN (in this case, this device is the same as the Default Gateway), and the DNS Servers are the computers that this network consults to convert DNS addresses into numeric IP addresses. The Lease Obtained and Lease Expires lines show the date and time that this computer obtained its IP address from the DHCP server and the time the computer will give up that address; the host automatically renews the lease long before it expires, so you don't have to worry about the expiry time.

ifconfig

The ifconfig command is available in Macinstosh OS X and in Unix and Linux. This command displays information about the current network interface, including the connection type and the connection's current status. The format of the information display, however, varies in different operating systems. Therefore, the best place to find a detailed explanation of the ifconfig display produced by your own system is the man page for the ifconfig command.

ping

The ping command is an echo request. When you type ping target address, your computer sends a series of "please answer" messages to the target address, and that computer sends you a reply, as shown in Example 4-3. Your computer measures the amount of time for each roundtrip and displays the duration in milliseconds.

Example 4-3. The ping command sends a series of echo requests to a designated address.

C:\>ping nostarch.com

Pinging nostarch.com [72.32.92.4] with 32 bytes of data:

Reply from 72.32.92.4: bytes=32 time=140ms TTL=48
Reply from 72.32.92.4: bytes=32 time=99ms TTL=48
Reply from 72.32.92.4: bytes=32 time=99ms TTL=48
Reply from 72.32.92.4: bytes=32 time=97ms TTL=48

Ping statistics for 72.32.92.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 97ms, Maximum = 140ms, Average = 108ms

Many books and people will tell you that ping is an acronym for Packet InterNet Groper, but Mike Muuss, who wrote the original program, always insisted that he chose the name to imitate the sound of a sonar system aboard a submarine; the sonar system makes an audible "ping" when an echo pulse returns from a target.

ping has several uses. It can confirm that the distant computer is alive, and that your computer's connection is working properly. It can also provide a rough idea of the network's performance (less time means higher speed). ping is also useful for finding a DNS problem; if you get a successful ping echo when you enter the target's numeric IP address, but not when you enter the domain name, the glitch is almost certainly someplace in the DNS system.

In Example 4-3, it took about one-tenth of a second (100 ms) for each test to go from Seattle to San Francisco and back. That's a perfectly reasonable amount of time. But if one or more of the attempts had taken around 500 milliseconds or more, that would indicate some kind of problem.

Ping has also become a verb in computer jargon. You'll hear a technician at a help desk ask you to "ping me" at a specific address, meaning that you should send a ping request to that address. Some people have extended that usage beyond computer networks: They'll talk about "pinging" somebody when they intend to get that person's attention, either by email, telephone, or even poking their head into the recipient's office.

Many large commercial Internet sites, such as yahoo.com and microsoft.com, have chosen to block ping requests from outside their own network. If you get a no reply response to a ping request, try another address before you assume the problem is with your own Internet connection.

TraceRoute

The TraceRoute tool measures and displays the amount of time it takes for your computer to receive an echo from each network device between your computer and the target. As a result, a TraceRoute display can show you the route between your computer and any other computer on the Internet and pinpoint the segment of that route where a problem is occurring. In Windows, the command is tracert; in OS X, Linux and Unix, it's traceroute. TraceRoute sends three requests to each intermediate node, and shows the timing for each request.

Example 4-4 shows a TraceRoute from my office in Seattle to No Starch Press in San Francisco.

Example 4-4. TraceRoute shows the path to a distant computer through the Internet.

C:\>tracert nostarch.com

Tracing route to nostarch.com [72.32.92.4]
over a maximum of 30 hops:

❶   1     4 ms     3 ms     3 ms  192.168.0.1
❶   2     3 ms     3 ms     3 ms  192.168.0.1
❷   3    71 ms    63 ms    64 ms  --..blv.nwnexus.net [206.63..]
❸   4    57 ms    53 ms    48 ms  fe000.cr1.sea.nwnexus.net [206.63.74.1]
    5     *       44 ms    42 ms  fe000.br4.sea.nwnexus.net [206.63.74.20]
    6    45 ms    43 ms    41 ms  204.181.35.197
    7    42 ms    42 ms    43 ms  sl-bb20-sea-4-0-0.sprintlink.net [144.232.6.121]
❹   8    86 ms    85 ms    87 ms  sl-bb25-chi-5-0.sprintlink.net [144.232.20.84]
    9    96 ms    97 ms    97 ms  sl-bb20-kc-2-0.sprintlink.net [144.232.20.108]
   10   108 ms   109 ms   107 ms  sl-crs1-fw-0-4-0-1.sprintlink.net [144.232.20.56]
❺  11   110 ms   110 ms   108 ms  sl-st20-dal-1-0.sprintlink.net [144.232.9.136]
   12    99 ms    98 ms    97 ms  sl-racks-5-0.sprintlink.net [144.223.244.138]
   13   101 ms    98 ms    97 ms  vlan903.core3.dfw1.rackspace.com [72.3.128.53]
   14   101 ms   100 ms    98 ms  aggr115a.dfw1.rackspace.net [72.3.129.109]
   15    97 ms   100 ms    99 ms  squid14.laughingsquid.net [72.32.92.4]

  Trace complete.

In this case, it took 15 hops to complete the connection:

❶ The first two lines show the very fast response from the router sitting on the same table as the computer through a 6-foot cable. Line 2 repeats line 1 because of a software problem in the router.

❷ Line 3, whose domain name and IP address I have hidden, is my Internet service provider's WAN, a couple of miles away in downtown Seattle. Completing that echo takes longer, but it's still pretty fast.

❸ Lines 4 to 7 show the packets moving through various routers in the same switching center in Seattle.

❹ Starting at line 8, the route apparently jumps through routers in Chicago, Kansas City, Fort Worth, and Dallas, which increases the response times.

❺ The path moves around a routing center in Dallas at lines 11 through 15 until it ends up at the Laughing Squid web host that houses the No Starch web server.

This connection goes from origin to destination with several thousand miles of detours. However, the whole thing takes only about a tenth of a second, so those detours don't really matter.

TraceRoute can help identify several possible problems:

• If a TraceRoute report ends with one or more lines of asterisks (***), that usually isolates the problem to either the router named in the preceding line or the connection from that router to the next one.

• If the report shows a very long path that includes router addresses that don't seem to be a on a reasonable route (such as a path from New York to Philadelphia by way of Singapore), one of the network routers is not configured correctly.

• If the route shows that a pair of routers are passing the signal back and forth until TraceRoute times out, that usually indicates that one of those routers has lost a connection and is returning the signal back to the previous router. That router still thinks the best path is through the other one, so it tries again.

• If the report shows a long delay that always begins at the same router, it could indicate a problem with that router or very high demand for service through that part of the Internet.

Unless you're a network manager, you probably won't have to analyze TraceRoute reports very often. But if you're having a connection problem, they can sometimes help you to understand why you're not getting through to a website or instant message recipient.