TCP/IP Tools and Tricks
TCP/IP: Tools and tricks
of the trade
The development
of TCP/IP (Transmission Control Protocol/Internet Protocol) was due
largely to funding by the U.S. government's Advanced Research
Projects Agency (ARPA). In the 1970s, ARPA continued to research and
fund packet switching technologies, ultimately interconnecting their
research facilities via the Network Control Protocol (NCP). The
Transmission Control Protocol (TCP) wasn't a published Request for
Comment (RFC) until 1981
(RFC 793). RFCs
are documents of the Internet
Engineering Task Force (IETF) that detail the standards for the
Internet. That's right—this was the birth of ARPANET! This is when
the collective started forming—basically, the first incarnation of
the Internet.
In 1981, RFC 791
was published. This standardized IP. By 1982, ARPA was establishing
the TCP/IP suite and, the following year, standardized ARPANET on
it. Eventually, other government agencies—most notably, the
Department of Defense—standardized on TCP/IP as well. From there,
the Internet Architecture Board
(IAB) was formed to oversee Internet standards, and every dot com
you can think of started jumping on the bandwagon.
TCP/IP suite
The
TCP/IP suite is composed of several protocols, as noted in the
TCP/IP stack model:
TCP/IP STACK MODEL
Application layer
- FTP (File
Transfer Protocol)
- HTTP
(Hypertext Transfer Protocol)
- SMTP
(Simple Mail Transfer Protocol)
- Telnet
Transport
layer
- TCP
(Transmission Control Protocol)
- UDP (User
Datagram Protocol)
Internet layer
- ARP
(Address Resolution Protocol)
- RARP
(Reverse Address Resolution Protocol)
- IP
(Internet Protocol)
- ICMP
(Internet Control Message Protocol)
- IGMP
(Internet Group Membership Protocol)
- RIP
(Routing Information Protocol)
Network Access
layer
- Physical
Transmission Layer (Cat 5, etc.)
- Framing
Protocols (Ethernet, etc.)
The
Application layer
Let's
start at the top. The Application layer runs its services via the
layer immediately below it—the Transport layer. In essence, it
exploits TCP and UDP to deliver its goods. The Application layer is
no slouch, however, as it functions to infiltrate and interact. DNS
(Domain Name System) and FTP perform at this level, as does HTTP,
Telnet, SMTP, SNMP (Simple Network Management Protocol), and a
myriad of other applications. Windows Sockets operate here in the
Microsoft scheme.
The
Transport layer
The
Transport layer provides communication between host computers for
data delivery that's dependent on either of the two Transport
protocols: TCP or UDP.
TCP is the antithesis of IP. It's like the yin to the yang of IP,
providing guaranteed delivery of its packets—but at a cost of speed.
Comparatively speaking, there's a bit of overhead because it goes
through the steps of establishing a connection—reducing a file into
manageable packets, reconstructing these packets at the recipient's
end, and generating the "return receipt required" or acknowledgement
(ACK) that the packet was received in a useable form. FTP and Telnet
come into play here, but we'll discuss those later.
UDP is like IP in that it doesn't guarantee delivery of packets, but
it does have very low overhead. No acknowledgement of receipt is
required, no retransmission, and so on. If you've used streaming
media technology—RealNetworks' RealPlayer, for example—you've
experienced the best UDP has to offer. UDP is fast, but performance
suffers because of skips and gaps in the data transmissions.
The
Internet layer
The
Internet layer isn't responsible only for routing packets and
datagrams, it's also responsible for letting the Network Access
layer know where to route them. In order to do this, it utilizes ARP
to grab MAC (Media Access Control) addresses to deliver to and from
and RARP to provide delivery to diskless computers.
ICMP relays all information relating to bad delivery, problems, and
errors to the host computers. IGMP provides data to just about
everyone willing to listen—multicasting is the "shout-out" of the
suite.
RIP takes care of routing across networks. It finds out how to
deliver packets to its recipient. IP addresses and routes packets to
and from host computers. It doesn't guarantee delivery; however, it
will do whatever it can to deliver its packets.
The
Network Access layer
The
Network Access layer is the equivalent of a loading dock, where the
data frames are put on the 10Base-T (or media of your choice) by
token ring (or Ethernet, etc.) and taken off.
TCP/IP tools and utilities
TCP/IP is rather practical, but it isn't fail-safe. On the upswing,
there are many tools and utilities available beyond simply surfing
and grabbing pages off the Internet via HTTP.
Essentially, TCP/IP tools and utilities can be broken into four
groups: Diagnostic, Data Transfer, Remote Execution, and Printing.
Within each of these are subsets of utilities specific to each. I'll
explore some of the more common ones.
Diagnostic utilities
Every good mechanic has a toolbox; if you're going to fix a problem,
you need to know what root it lies at in order to troubleshoot it.
TCP/IP is no exception.
PING
PING
(Packet Internet Groper) is perhaps the simplest and most commonly
used diagnostic tool of all. Run at the command line (as all of
these tools are), PING basically sends out four ICMP packets that
are directed at a particular host; it requests an echo reply from
this host. The syntax is as follows (where xxx.xxx.xxx.xxx is the IP
address and Name.com is the recipient):
PING xxx.xxx.xxx.xxx
or
PING Name.com
If successful, you'll get a reply. If not, you'll get the message
"Request timed out" for each packet that failed along the way.
Several common PING switches are shown in Table A.
Table A |
-a |
Resolves addresses to host names. |
-t |
PINGs a specific host until you
tell it to quit. Referred to as the "Ping of Death." |
-n |
Specifies the number of echo
packets to send out (default 4). |
-l |
Indicates the size of the echo
packets (default 64 bytes). |
Here are some common PING switches.
The most underused aspect of PING is its ability to diagnose the
local machine. To do this, type either ping 127.0.0.1 or
ping localhost at the command prompt. This will send a packet
down the loopback address and back up without sending it out on the
network. A successful response will verify that TCP/IP is
successfully installed on your local machine.
IPCONFIG
As you
may have guessed, IPCONFIG is short for IP Configuration. It's used
almost exclusively in DHCP (Dynamic Host Configuration Protocol)
networks. DHCP is the way to manage and administer IP addressing
among your clients on your network.
IPCONFIG (and to an extent, its Windows 9x cousin, WINIPCFG) will
provide the vitals of a TCP/IP configuration:
 IP Address
 Subnet Mask
 Default Gateway
You can also use the switches shown in Table B, (where (x) is
your adapter):
Table B |
/all |
Displays everything about your IP
configuration. |
/release (x) |
On a DHCP network, lets go of its
IP address lease, disabling TCP/IP communications. |
/renew (x) |
Again, on a DHCP network, regains a
dynamically assigned IP address lease. |
Here are some common IPCONFIG
switches.
On Windows 9x boxes, WINIPCFG will perform these functions in a neat
little GUI package.
ROUTE
ROUTE
tells you everything you want to know about routes and routing at
the local level. Not only does it provide you with data to view, it
also allows route modification. Some of the most common switches are
shown in Table C.
Table C |
command |
Add, change, delete, and print. |
destination |
Specifies the host's end. |
-f |
Deletes gateway entries. |
gateway |
Specifies gateway. |
MASK |
Displays the network mask
(255.255.255.255 by default). |
-p |
Forces a persistent route. |
Here are some common ROUTE
switches.
TRACERT
TRACERT
is my personal favorite. As the name implies, it discovers, or TRACE
ROUTEs the path from your local host to your destination host. It
helps designate failed or slow links and provides information about
where all your packets travel on their way to a particular
destination. Common TRACERT commands are shown in Table D.
Table D |
-d |
If you need fast tracing, use this
switch to exclude the resolution of IP addresses to host
names. |
-h |
Followed by your specified number,
this switch provides routing information via the number
of hops that it takes to reach a particular destination. |
-w |
Waiting time for replies. |
Here are some common TRACERT
switches.
ARP
The
Address Resolution Protocol will resolve IP addresses to MAC
addresses. It's useful in discovering network configurations on the
fly. Common ARP switches are shown in Table E.
Table E |
-a, -g |
Displays the cached entries of IP
to MAC addresses; add the inet_addr for a certain host. |
-d |
Deletes the inet_addr specified in
the ARP list. |
inet_addr |
Provides the IP address. |
ether_addr |
Provides the MAC address in hex. |
Here are some common ARP switches.
HOSTNAME
HOSTNAME provides your local host's name, which is useful to know if
you're going to PING from it.
NETSTAT
NETSTAT
provides Network (protocol) statistics and their current state. This
can encapsulate details for the following protocols: TCP, IP, ICMP,
and UDP. Several commands you can use for NETSTAT are shown in
Table F.
Table F |
-a |
Displays all connections and open
ports. |
-n |
Same as –a, but shows connections
and open ports numerically. |
-p |
Displays designated protocol
information for either of the Transport layer protocols
(TCP, UDP).
Add the –s command for ICMP or IP (Internet layer
protocols). |
-s |
Displays statistics for TCP, IP,
UDP, and ICMP. |
-r |
Displays active connections and
routes. |
Here
are some common NETSTAT switches.
NBTSTAT
As with
NETSTAT, NBTSTAT provides network protocol statistics; however, it
will also provide NetBIOS over TCP/IP statistics. It's also useful
for updating the LMHOSTS cache. Common NBTSTAT switches are shown in
Table G.
Table G |
-a |
Provides a remote computer's name
table via its computer name. |
-A |
Provides a remote computer's name
table via its IP address. |
-n |
Provides host's name table. |
-c |
Provides IP address and name table
of a remote cache. |
-r |
Provides name resolution statistics
of names broadcast or by WINS (only if WINS is enabled). |
-R |
Purges and reloads a remote cache
name table; these are taken from the LMHOSTS file (only
if LMHOSTS lookup is enabled). |
Here are some common NBTSTAT
switches.
NSLOOKUP
Basically, NSLOOKUP (Name Server Lookup) looks up entries from DNS
databases. Table H shows a limited list of common NSLOOKUP
switches.
Table H |
option -
|
Used to specify commands, such as
the ones below. |
Finger |
Displays remote host information.
Very informative. |
Root |
Takes you to the domain name
space's root server. |
Server |
Switches a specified DNS from the
default server. |
Ls |
Displays DNS domain records. |
Set |
Changes settings for various
NSLOOKUP commands. |
Here are some common NSLOOKUP
switches.
Data transfer tools
This is what networking is all about—the sharing of data. Of course,
you have to move data from point A to point B and back again.
Throwing a floppy disk across the office is not acceptable. Across a
TCP/IP connection, FTP is the way to go. FTP allows for the transfer
of information when you either download it from or upload it to a
remote host. The data transfer commands are shown in Table I.
Table I |
?, help |
Lists FTP commands. |
Ascii |
By default, file transfer is set to
this. |
Binary |
Changes file transfer to binary. |
Dir |
Lists files and subdirectories in a
directory. |
Cd |
Changes directories. |
Delete |
Deletes files. |
Get |
Retrieves and copies files from a
host to your local computer. |
Put |
Copies/uploads your file to the
remote host. |
Type |
Shows the file transfer type. |
bye, quit |
Logs you off from an FTP session. |
Here are some common data transfer
commands.
TFTP (Trivial File Transfer Protocol) is similar to FTP; however,
while FTP demands authentication from the user, TFTP does not. TFTP
simply transfers data.
Remote execution
tools
In order to control or merely to interact with a remote host, you'll
need to work from an interface. Telnet is perhaps the best known and
most widely used protocol. Its flexibility can provide access across
server ports. RSH (Remote Shell) provides access to run commands on
UNIX hosts. REXEC allows remote execution on remote hosts. By
default, Windows NT doesn't provide services for UNIX, but Microsoft
offers the Windows NT Services for UNIX package separately. (It was
introduced in the fourth quarter of 1998.)
Printing utilities
The commands shown in Table J are used primarily to interact
with line printers.
Table J |
LPR |
Line Printer Remote: Prints at a
remote host. |
LPD |
Line Printer Daemon: The host
handling LPR print jobs. Sends them out to the device. |
LPQ |
Line Printer Queue: Provides print
queue information. |
Here are some commands used to
interact with line printers.
New frontiers
As you
can see, the TCP/IP protocol is full of possibilities. Broken down,
it helps detail its starring role in the development of the
Internet. It will be interesting to see the results of
IPv6—basically TCP/IP, The Next Generation—when the IAB agrees on
its standards and the dust finally settles. So stay tuned, stay
wired, and drink more caffeine—there's more to come.
|