TCP/IP Tools and Tricks TCP/IP: Tools and tricks of the trade

The development of TCP/IP (Transmission Control Protocol/Internet Protocol) was due largely to funding by the U.S. government's Advanced Research Projects Agency (ARPA). In the 1970s, ARPA continued to research and fund packet switching technologies, ultimately interconnecting their research facilities via the Network Control Protocol (NCP). The Transmission Control Protocol (TCP) wasn't a published Request for Comment (RFC) until 1981 (RFC 793). RFCs are documents of the Internet Engineering Task Force (IETF) that detail the standards for the Internet. That's right—this was the birth of ARPANET! This is when the collective started forming—basically, the first incarnation of the Internet.

In 1981, RFC 791 was published. This standardized IP. By 1982, ARPA was establishing the TCP/IP suite and, the following year, standardized ARPANET on it. Eventually, other government agencies—most notably, the Department of Defense—standardized on TCP/IP as well. From there, the Internet Architecture Board (IAB) was formed to oversee Internet standards, and every dot com you can think of started jumping on the bandwagon.


TCP/IP suite
The TCP/IP suite is composed of several protocols, as noted in the TCP/IP stack model:


Application layer

  • FTP (File Transfer Protocol)
  • HTTP (Hypertext Transfer Protocol)
  • SMTP (Simple Mail Transfer Protocol)
  • Telnet

Transport layer

  • TCP (Transmission Control Protocol)
  • UDP (User Datagram Protocol)

Internet layer

  • ARP (Address Resolution Protocol)
  • RARP (Reverse Address Resolution Protocol)
  • IP (Internet Protocol)
  • ICMP (Internet Control Message Protocol)
  • IGMP (Internet Group Membership Protocol)
  • RIP (Routing Information Protocol)

Network Access layer

  • Physical Transmission Layer (Cat 5, etc.)
  • Framing Protocols (Ethernet, etc.)

The Application layer
Let's start at the top. The Application layer runs its services via the layer immediately below it—the Transport layer. In essence, it exploits TCP and UDP to deliver its goods. The Application layer is no slouch, however, as it functions to infiltrate and interact. DNS (Domain Name System) and FTP perform at this level, as does HTTP, Telnet, SMTP, SNMP (Simple Network Management Protocol), and a myriad of other applications. Windows Sockets operate here in the Microsoft scheme.

The Transport layer
The Transport layer provides communication between host computers for data delivery that's dependent on either of the two Transport protocols: TCP or UDP.

TCP is the antithesis of IP. It's like the yin to the yang of IP, providing guaranteed delivery of its packets—but at a cost of speed. Comparatively speaking, there's a bit of overhead because it goes through the steps of establishing a connection—reducing a file into manageable packets, reconstructing these packets at the recipient's end, and generating the "return receipt required" or acknowledgement (ACK) that the packet was received in a useable form. FTP and Telnet come into play here, but we'll discuss those later.

UDP is like IP in that it doesn't guarantee delivery of packets, but it does have very low overhead. No acknowledgement of receipt is required, no retransmission, and so on. If you've used streaming media technology—RealNetworks' RealPlayer, for example—you've experienced the best UDP has to offer. UDP is fast, but performance suffers because of skips and gaps in the data transmissions.

The Internet layer
The Internet layer isn't responsible only for routing packets and datagrams, it's also responsible for letting the Network Access layer know where to route them. In order to do this, it utilizes ARP to grab MAC (Media Access Control) addresses to deliver to and from and RARP to provide delivery to diskless computers.

ICMP relays all information relating to bad delivery, problems, and errors to the host computers. IGMP provides data to just about everyone willing to listen—multicasting is the "shout-out" of the suite.

RIP takes care of routing across networks. It finds out how to deliver packets to its recipient. IP addresses and routes packets to and from host computers. It doesn't guarantee delivery; however, it will do whatever it can to deliver its packets.

The Network Access layer
The Network Access layer is the equivalent of a loading dock, where the data frames are put on the 10Base-T (or media of your choice) by token ring (or Ethernet, etc.) and taken off.

TCP/IP tools and utilities
TCP/IP is rather practical, but it isn't fail-safe. On the upswing, there are many tools and utilities available beyond simply surfing and grabbing pages off the Internet via HTTP.

Essentially, TCP/IP tools and utilities can be broken into four groups: Diagnostic, Data Transfer, Remote Execution, and Printing. Within each of these are subsets of utilities specific to each. I'll explore some of the more common ones.

Diagnostic utilities
Every good mechanic has a toolbox; if you're going to fix a problem, you need to know what root it lies at in order to troubleshoot it. TCP/IP is no exception.

PING (Packet Internet Groper) is perhaps the simplest and most commonly used diagnostic tool of all. Run at the command line (as all of these tools are), PING basically sends out four ICMP packets that are directed at a particular host; it requests an echo reply from this host. The syntax is as follows (where is the IP address and is the recipient):

If successful, you'll get a reply. If not, you'll get the message "Request timed out" for each packet that failed along the way. Several common PING switches are shown in Table A.

Table A


Resolves addresses to host names.


PINGs a specific host until you tell it to quit. Referred to as the "Ping of Death."


Specifies the number of echo packets to send out (default 4).


Indicates the size of the echo packets (default 64 bytes).

Here are some common PING switches.

The most underused aspect of PING is its ability to diagnose the local machine. To do this, type either ping or ping localhost at the command prompt. This will send a packet down the loopback address and back up without sending it out on the network. A successful response will verify that TCP/IP is successfully installed on your local machine.

As you may have guessed, IPCONFIG is short for IP Configuration. It's used almost exclusively in DHCP (Dynamic Host Configuration Protocol) networks. DHCP is the way to manage and administer IP addressing among your clients on your network.

IPCONFIG (and to an extent, its Windows 9x cousin, WINIPCFG) will provide the vitals of a TCP/IP configuration:
 IP Address
 Subnet Mask
 Default Gateway

You can also use the switches shown in Table B, (where (x) is your adapter):

Table B


Displays everything about your IP configuration.

/release (x)

On a DHCP network, lets go of its IP address lease, disabling TCP/IP communications.

/renew (x)

Again, on a DHCP network, regains a dynamically assigned IP address lease.

Here are some common IPCONFIG switches.

On Windows 9x boxes, WINIPCFG will perform these functions in a neat little GUI package.

ROUTE tells you everything you want to know about routes and routing at the local level. Not only does it provide you with data to view, it also allows route modification. Some of the most common switches are shown in Table C.

Table C


Add, change, delete, and print.


Specifies the host's end.


Deletes gateway entries.


Specifies gateway.


Displays the network mask ( by default).


Forces a persistent route.

Here are some common ROUTE switches.

TRACERT is my personal favorite. As the name implies, it discovers, or TRACE ROUTEs the path from your local host to your destination host. It helps designate failed or slow links and provides information about where all your packets travel on their way to a particular destination. Common TRACERT commands are shown in Table D.

Table D


If you need fast tracing, use this switch to exclude the resolution of IP addresses to host names.


Followed by your specified number, this switch provides routing information via the number of hops that it takes to reach a particular destination.


Waiting time for replies.

Here are some common TRACERT switches.

The Address Resolution Protocol will resolve IP addresses to MAC addresses. It's useful in discovering network configurations on the fly. Common ARP switches are shown in Table E.

Table E

-a, -g

Displays the cached entries of IP to MAC addresses; add the inet_addr for a certain host.


Deletes the inet_addr specified in the ARP list.


Provides the IP address.


Provides the MAC address in hex.

Here are some common ARP switches.

HOSTNAME provides your local host's name, which is useful to know if you're going to PING from it.

NETSTAT provides Network (protocol) statistics and their current state. This can encapsulate details for the following protocols: TCP, IP, ICMP, and UDP. Several commands you can use for NETSTAT are shown in Table F.

Table F


Displays all connections and open ports.


Same as –a, but shows connections and open ports numerically.


Displays designated protocol information for either of the Transport layer protocols (TCP, UDP).
Add the –s command for ICMP or IP (Internet layer protocols).


Displays statistics for TCP, IP, UDP, and ICMP.


Displays active connections and routes.

Here are some common NETSTAT switches.

As with NETSTAT, NBTSTAT provides network protocol statistics; however, it will also provide NetBIOS over TCP/IP statistics. It's also useful for updating the LMHOSTS cache. Common NBTSTAT switches are shown in Table G.

Table G


Provides a remote computer's name table via its computer name.


Provides a remote computer's name table via its IP address.


Provides host's name table.


Provides IP address and name table of a remote cache.


Provides name resolution statistics of names broadcast or by WINS (only if WINS is enabled).


Purges and reloads a remote cache name table; these are taken from the LMHOSTS file (only if LMHOSTS lookup is enabled).

Here are some common NBTSTAT switches.

Basically, NSLOOKUP (Name Server Lookup) looks up entries from DNS databases. Table H shows a limited list of common NSLOOKUP switches.

Table H

option -

Used to specify commands, such as the ones below.


Displays remote host information. Very informative.


Takes you to the domain name space's root server.


Switches a specified DNS from the default server.


Displays DNS domain records.


Changes settings for various NSLOOKUP commands.

Here are some common NSLOOKUP switches.


Data transfer tools
This is what networking is all about—the sharing of data. Of course, you have to move data from point A to point B and back again. Throwing a floppy disk across the office is not acceptable. Across a TCP/IP connection, FTP is the way to go. FTP allows for the transfer of information when you either download it from or upload it to a remote host. The data transfer commands are shown in Table I.

Table I

?, help

Lists FTP commands.


By default, file transfer is set to this.


Changes file transfer to binary.


Lists files and subdirectories in a directory.


Changes directories.


Deletes files.


Retrieves and copies files from a host to your local computer.


Copies/uploads your file to the remote host.


Shows the file transfer type.

bye, quit

Logs you off from an FTP session.

Here are some common data transfer commands.

TFTP (Trivial File Transfer Protocol) is similar to FTP; however, while FTP demands authentication from the user, TFTP does not. TFTP simply transfers data.

Remote execution tools
In order to control or merely to interact with a remote host, you'll need to work from an interface. Telnet is perhaps the best known and most widely used protocol. Its flexibility can provide access across server ports. RSH (Remote Shell) provides access to run commands on UNIX hosts. REXEC allows remote execution on remote hosts. By default, Windows NT doesn't provide services for UNIX, but Microsoft offers the Windows NT Services for UNIX package separately. (It was introduced in the fourth quarter of 1998.)

Printing utilities
The commands shown in Table J are used primarily to interact with line printers.

Table J


Line Printer Remote: Prints at a remote host.


Line Printer Daemon: The host handling LPR print jobs. Sends them out to the device.


Line Printer Queue: Provides print queue information.

Here are some commands used to interact with line printers.


New frontiers
As you can see, the TCP/IP protocol is full of possibilities. Broken down, it helps detail its starring role in the development of the Internet. It will be interesting to see the results of IPv6—basically TCP/IP, The Next Generation—when the IAB agrees on its standards and the dust finally settles. So stay tuned, stay wired, and drink more caffeine—there's more to come.