Using the Debugging Tools Available in Windows Server 2008 R2 (part 2) - TCP/IP Tools

TCP/IP Tools

TCP/IP forms the backbone of communication and transportation in Windows Server 2008 R2. Before you can communicate between machines, TCP/IP must be configured.

In Windows Server 2008 R2, TCP/IP is installed by default during the OS installation and also makes it impossible to add or remove TCP/IP through the GUI.

If a TCP/IP connection fails, you need to determine the cause or point of failure. Windows Server 2008 R2 includes some dependable and useful tools that can be used to troubleshoot connections and verify connectivity. The tools described in the following ten sections are very useful for debugging TCP/IP connectivity problems. Most of these tools have been updated to include switches for IPv4 and IPv6.

Ping

Ping means Packet Internet Groper. It is used to send an Internet Control Message Protocol (ICMP) echo request and echo reply to verify the availability of a local or remote machine. You can think of Ping as a utility that sends a message to another machine asking: “Are you still there?” By default, in Windows Server 2008 R2, Ping sends out four ICMP packages and waits for responses back in one second. However, the number of packages sent or time to wait for responses can be changed through the options available for Ping.

Besides verifying the availability of a remote machine, Ping can help determine a name resolution problem.

To use Ping, go to a command prompt and type Ping Targetname. Different parameters can be used with Ping. To display them, type Ping /? or Ping (without parameters).

The parameters for the Ping command are as follows:

• -4— Specifies that IPv4 is used to ping. This parameter is not required to identify the target host with an IPv4 address. It is required only to identify the target host by name.

• -6— Specifies that IPv6 is used to ping. Just like –4, this parameter is not required to identify the target host with an IPv6 address. It is required only to identify the target host by name.

• -a— Resolves the IP address to the hostname. The hostname of the target machine is displayed if this command is successful.

• -f— Requests that echo back messages are sent with the Don’t Fragment flag in packets. This parameter is available only in IPv4.

• -i ttl— Increases the timeout on slow connections. The parameter also sets the value of the Time to Live (TTL). The maximum value is 255.

• -j HostList— Routes packets using the host list, which is a series of IP addresses separated by spaces. The host can be separated by intermediate gateways (loose source route).

• -k HostList— Similar to –j but hosts cannot be separated by intermediate gateways (strict source route).

• -l size— Specifies the length of packets in bytes. The default is 32. The maximum size is 65,527.

• -n count— Specifies the number of packets sent. The default is 4.

• -r count— Specifies the route of outgoing and incoming packets. It is possible to specify a count that is equal to or greater than the number of hops between the source and destination. The count can be between 1 and 9 only.

• -R— Specifies that the round-trip path is traced (available on IPv6 only).

• -s count— Sets the time stamp for the number of hops specified by count. The count must be between 1 and 4.

• -S SrcAddr— Specifies the source address to use (available on IPv6 only).

• -t— Specifies that Ping should continue sending packets to the destination until interrupted. To stop and display statistics, press Ctrl+Break. To stop and quit PING, press Ctrl+C.

• -v TOS— Specifies the value of the type of service in the packet sent. The default is zero. TOS is specified as a decimal value between 0 and 255.

• -w timeout— Specifies the time in milliseconds for packet timeout. If a reply is not received within the timeout, the Request Timed Out error message is displayed. The default timeout is four seconds.

• TargetName— Specifies the hostname or IP address of the destination to ping.

Tracert

Tracert is generally used to determine the route or path taken to a destination by sending ICMP packets with varying Time to Live (TTL) values. Each router the packet meets on the way decreases the value of the TTL by at least one; invariably, the TTL is a hop count. The path is determined by checking the ICMP Time Exceeded messages returned by intermediate routers. Some routers do not return Time Exceeded messages for expired TTL values and are not captured by Tracert. In such cases, asterisks are displayed for that hop.

To display the different parameters that can be used with Tracert, open a command prompt and type tracert (without parameters) to display help or type tracert /?. The parameters associated with Tracert are as follows:

• -4— Specifies that tracert.exe can use only IPv4 for the trace.

• -6— Specifies that tracert.exe can use only IPv6 for the trace.

• -d— Prevents resolution of IP addresses of routers to their hostname. This is particularly useful for speeding up results of Tracert.

• -h maximumHops— Specifies the maximum number of hops to take before reaching the destination. The default is 30 hops.

• -j HostList— Specifies that packets use the loose source route option. Loose source routing allows successive intermediate destinations to be separated by one or multiple routers. The maximum number of addresses in the host list is nine. This parameter is useful only when tracing IPv4 addresses.

• -R— Sends packets to a destination in IPv6, using the destination as an intermediate destination and testing reverse route.

• -S— Specifies the source address to use. This parameter is useful only when tracing IPv6 addresses.

• -w timeout— Specifies the time in milliseconds to wait for each reply.

Pathping

Pathping is a route tracing tool that combines both features of Ping and Tracert commands with some more information that neither of those two commands provides. Pathping is most ideal for a network with routers or multiple routes between the source and destination hosts. The Pathping command sends packets to each router on its way to a destination, and then gets results from each packet returned from the router. Because Pathping computes the loss of packets from each hop, you can easily determine which router is causing a problem in the network.

To display the parameters in Pathping, open a command prompt and type Pathping /?. The parameters for the Pathping command are as follows:

• -4— Specifies that tracert.exe can use only IPv4 for the trace.

• -6— Specifies that tracert.exe can use only IPv6 for the trace.

• -g Host-list— Allows hosts to be separated by intermediate gateways.

• -h maximumHops— Specifies the maximum number of hops before reaching the target. The default is 30 hops.

• -i address— Uses the specified source address.

• -n— Specifies that it is not necessary to resolve the address to the hostname.

• -p period— Specifies the number of seconds to wait between pings. The default is a quarter of a second.

• -q num_queries— Specifies the number of queries to each host along the route. The default is three.

• -w timeout— Specifies the timeout for each reply in milliseconds.

Ipconfig

Ipconfig displays all TCP/IP configuration values. It is of particular use on machines running DHCP. It is used to refresh DHCP settings and to determine which TCP/IP configuration values have been assigned by DHCP. If Ipconfig is used without parameters, it displays IP addresses, subnet masks, and gateways for each of the adapters on a machine. The adapters can be physical network adapters or logical adapters such as dial-up connections.

Some of the parameters for Ipconfig are as follows:

• /all— Displays all TCP/IP configuration values.

• /displaydns— Displays the contents of the DNS client resolver cache.

• /flushdns— Resets and flushes the contents of the DNS client resolver cache. This includes entries made dynamically.

• /registerdns— Sets manual dynamic registration for DNS names and IP addresses configured on a computer. This is particularly useful in troubleshooting DNS name registration or dynamic update problems between a DNS server and client.

• /release[Adapter]— Sends a DHCP release message to the DHCP server to discard DHCP-configured settings for adapters. This parameter is available only for DHCP-enabled clients. If no adapter is specified, IP address configuration is released for all adapters.

• /renew[Adapter]— Renews DHCP configuration for all adapters (if an adapter is not specified) and for a specific adapter if the Adapter parameter is included. This parameter is available only for DHCP-enabled clients.

• /setclassid Adapter [classID]— Configures the DHCP class ID for a specific adapter. You can configure the DHCP class ID for all adapters by using the wildcard (*) character in place of Adapter.

• /showclassid Adapter— Displays the DHCP class ID for a specific adapter.

• /allcompartments— Displays information about all compartments.

• /allocmpartments /all— Displays detailed information about all compartments.

Arp

Arp stands for Address Resolution Protocol. Arp enables the display and modification of the Arp table on a local machine, which matches physical MAC addresses of machines to their corresponding IP addresses. Arp increases the speed of connection by eliminating the need to match MAC addresses with IP addresses for subsequent connections.

Some of the parameters for Arp are as follows:

• -a[InetAddr] [-N IfaceAddr]— Displays the Arp table for all adapters on a machine. Use Arp –a with the InetAddr (IP address) parameter to display the ARP cache entry for a specific IP address.

• -dInetAddr [IfaceAddr]— Deletes an entry with a specific IP address (InetAddr). Use the IfaceAddr parameter (IP address assigned to the interface) to delete an entry in a table for a specific interface. Use the wildcard character in place of InetAddr to delete all entries.

• -g[InetAddr] [-N IfaceAddr]— Similar to the –a parameter.

• -sInetAddr EtherAddr [IfaceAddr]— Adds a static entry to the ARP cache that resolves the IP address (InetAddr) to a physical address (EtherAddr). To add a static ARP cache entry to the table for a specific interface, use the IP address assigned to the interface (IfaceAddr).

Netstat

As its name implies, Netstat (or Network Statistics) is used to display protocol statistics for any active connections, monitor connections to a remote host, and monitor IP addresses or domain names of hosts with established connections.

The parameters for Netstat are as follows:

• -a— Displays all connections and listening ports by hostname.

• -b— Displays the executable involved in creating each connection.

• -e— Displays Ethernet packets and bytes to and from the host.

• -n— Displays address and port numbers without resolving the address to the hostname.

• -o— Displays TCP connections and includes the corresponding process ID (PID). Used in combination with –a, -n, and –p. Not available in previous Windows versions.

• -p protocol— Displays statistics based on the protocol specified. Protocols that can be specified are TCP, UDP, TCPv6, or UDPv6. It can be used with –s to display TCP, UDP, ICMP, IP, TCPv6, UDPv6, ICMPv6, or IPv6.

• -s— Displays statistics on a protocol-by-protocol basis. Can be used with the –p parameter to specify a set of protocols.

• -t— Displays the current connection offload state.

• -r— Displays the route table. Information displayed includes network destination, netmask, gateway, interface, and metric (number of hops).

• [Parameter] Interval— Displays the information at every interval specified. Interval is a numeral in seconds. Press Ctrl+C to stop the intervals.

Route

Route is particularly useful for troubleshooting incorrect static routes or for adding a route to a route table to temporarily bypass a problem gateway. Static routes can be used in place of implicit routes specified by a default gateway. Use Route to add static routes to forward packets going to a gateway specified by default to avoid loops, improve traffic time, and so on.

The parameters for Route are as follows:

• -add— Adds a route to a table. Use –p to make the route persistent for subsequent sessions.

• -Delete— Deletes a route from the table.

• -Print— Prints a route.

• -change— Modifies an existing route.

• -destination— Specifies the host address.

• -gateway— Specifies the address of gateway for Route.

• IF interface— Specifies the interface for the routing table to modify.

• -mask Netmask— Uses the subnet mask specified by Netmask. If mask is not used, it defaults to 255.255.255.255.

• -METRIC Metric— Specifies the metric, or cost, for the route using the value Metric.

• -f— Clears the routing table of all gateway entries.

• -p— Used with -add to create a persistent route.

Nslookup

Nslookup is used to query DNS. You can think of Nslookup as a simple diagnostic client for DNS servers. It can operate in two modes: Interactive and Noninteractive. Use Noninteractive mode to look up a single piece of data. To look up more than one piece of data, use Interactive mode. To stop Interactive mode at any time, press Ctrl+B. To exit from the command, type exit. If Nslookup is used without any parameters, it uses the default DNS name server for lookup.

The parameters for Nslookup are as follows:

• -ComputerToFind— Looks up information for the specified ComputerToFind. By default, it uses the current default DNS name server.

• -Server— Specifies the server as the DNS name server.

• -SubCommand— Specifies one or more Nslookup subcommands as a command-line option. Type a question mark (?) to display a list of subcommands available.

DCDiag

The Domain Controller Diagnostic (DCDiag) tool analyzes the state of domain controllers and services in an Active Directory forest. It is installed when the Active Directory Domain Services (AD DS) role is added to a Windows Server 2008 R2 installation. This is a great general-purpose test tool for checking the health of an Active Directory infrastructure.

Tests include domain controller connectivity, replication errors, permissions, proper roles, and connectivity, and other general Active Directory health checks. It can even run non-domain controller-specific tests, such as whether a server can be promoted to a domain controller (the dcpromo test), or register its records properly in DNS (RegisterInDNS test).

DCDiag is run on domain controllers exclusively, with the exception of the dcpromo and RegisterInDNS tests.

When run without any parameters, the tests will be run against the current domain controller. This runs all the key tests and is usually sufficient for most purposes.

The parameters for DCDiag are as follows:

• /s:DomainController— Uses the domain controller as the home server.

• /n:NamingContext— Uses the specified naming context (NetBIOS, FQDN, or distinguished name) to test.

• /u:Domain\UserName /p:{*|Password|""}— Uses the supplied credentials to run the tool.

• /a— Tests all domain controllers in the site.

• /e— Tests all domain controllers in the enterprise.

• /q— Displays quiet output (errors only).

• /v— Displays verbose output.

• /I— Ignores minor error messages.

• /fix— Fixes minor problems.

• /f:LogFile— Logs to the specified log file.

• /ferr:ErrorLogFile— Logs errors to the specified log file.

• /c— Comprehensively runs all tests.

• /test:TestName— Runs the specified tests only.

• /skip:TestName— Skips the specified tests.

When specifying tests to run or to skip, nonskippable tests will still be run.