Troubleshooting Network Problems (part 2) - Troubleshooting TCP/IP Problems

3. Troubleshooting TCP/IP Problems

Transmission Control Protocol/Internet Protocol (TCP/IP) is the default communications protocol of the internet; in Windows 7, it's installed and configured automatically and cannot be removed. Most of the time, your TCP/IP connection should just work, without requiring any manual configuration. When you encounter problems with TCP/IP-based networks, such as an inability to connect with other computers on the same network or difficulty connecting to external websites, the problems might be TCP/IP related. You'll need at least a basic understanding of how this protocol works before you can figure out which tool to use to uncover the root of the problem.

3.1. Checking for Connection Problems

Anytime your network refuses to send and receive data properly, your first troubleshooting step should be to check for problems with the physical connection between the local computer and the rest of the network. Assuming your network connection uses the TCP/IP protocol, your most potent weapon is the Ping utility. When you use the Ping command with no parameters, Windows sends four echo datagrams, small Internet Control Message Protocol (ICMP) packets, to the address you specify. If the machine at the other end of the connection replies, you know that the network connection between the two points is alive.

Note:

Where does the name Ping come from? Some claim that it's short for Packet Internet Groper. However, the author of this utility, which was written for BSD UNIX in 1983, says it was originally named after the sound a submarine's sonar system makes when it sends out pulses looking for objects in the sea.

To use the Ping command, open a Command Prompt window (Cmd.exe) and type the command ping target_name (where target_name is an IP address or the name of another host machine). The return output looks something like this:

C:\>ping www.example.com

Pinging www.example.com [192.0.34.166] with 32 bytes of data:

Reply from 192.0.34.166: bytes=32 time=31ms TTL=48
Reply from 192.0.34.166: bytes=32 time=30ms TTL=48
Reply from 192.0.34.166: bytes=32 time=30ms TTL=48
Reply from 192.0.34.166: bytes=32 time=33ms TTL=48

Ping statistics for 192.0.34.166:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 33ms, Average = 31ms

If all the packets you send come back properly in roughly the same time, your TCP/IP connection is fine and you can focus your troubleshooting efforts elsewhere. If some packets time out, a "Request timed out" message appears, indicating that your network connection is working but one or more hops between your computer and the target machine are experiencing problems. In that case, repeat the Ping test using the –n switch to send a larger number of packets; ping –n 30 192.168.1.1, for example, sends 30 packets to the computer or router at 192.168.1.1.

Note:

The –n switch is case-sensitive; don't capitalize it.

A high rate of timeouts, also known as packet loss, usually means the problems are elsewhere on the network and not on the local machine. (To see the full assortment of switches available for the Ping command, type ping with no target specified.)

If every one of your packets return with the message "Request timed out," the problem might be the TCP/IP connection on your computer or a glitch with another computer on that network. To narrow down the problem, follow these steps, in order, stopping at any point where you encounter an error:

If either of the two final steps in this process fails, your problem might be caused by DNS problems. To eliminate this possibility, ping the numeric IP address of a computer outside your network instead. (Of course, if you're having DNS problems, you might have a hard time finding an IP address to ping!) If you can ping a website using its IP address but not by using its name, DNS problems are indicated.

If you suspect that there's a problem on the internet between your computer and a distant host or server, use the Traceroute utility (Tracert.exe) to pinpoint the problem. Like the Ping command, this utility works from a command line. You specify the target (a host name or IP address) using the syntax tracert target_name, and the utility sends a series of packets out, measuring the time it takes to reach each "hop" along the route. Timeouts or unusually slow performance indicate a connectivity problem. If the response time from your network to the first hop is much higher than the other hops, you might have a problem with the connection to your internet service provider (ISP); in that case, a call to your ISP's support line is in order. Problems farther along in the traceroute might indicate congestion or hardware problems in distant parts of the internet that are out of your ISP's hands and that might disappear when you check another URI that follows a different path through the internet.

If your testing produces inconsistent results, rule out the possibility that a firewall program or Network Address Translation (NAT) device (such as a router or residential gateway) is to blame. If you're using a third-party firewall program, disable it temporarily. Try bypassing your router and connecting directly to a broadband connection such as a DSL or cable modem. (Use this configuration only for testing and only very briefly because it exposes your computer to various attacks.)

If the Ping test works with the firewall or NAT device out of the picture, you can rule out network problems and conclude that the firewall software or router is misconfigured. After you complete your testing, be sure to enable the firewall and router again!

3.2. Diagnosing IP Address Problems

On most networks, IP addresses are assigned automatically by Dynamic Host Configuration Protocol (DHCP) servers; in some cases, you need to use static IP addresses, which are fixed numeric addresses. Problems with DHCP servers or clients can cause network connections to stop working, as can incorrectly assigned static IP addresses.

To see details of your current IP configuration, follow these steps:

You can also get details of your IP configuration by using the IP Configuration utility, Ipcon-fg.exe, in a Command Prompt window. Used without any parameters, typing ipconfig at a command prompt displays the DNS suffix, IPv6 and/or IPv4 address, subnet mask, and default gateway for each network connection. To see exhaustive details about every available network connection, type ipconfig /all.

The actual IP address you see might help you solve connection problems:

• If the address is in the format 169.254.x.y, your computer is using Automatic Private IP Addressing (APIPA). This means your computer's DHCP client was unable to reach a DHCP server to be assigned an IP address. Check the connection to your network.

• If the address is in one of the blocks of IP addresses reserved for use on private networks , make sure that a router or residential gateway is routing your internet requests to a properly configured public IP address.

• If the address of your computer appears as 0.0.0.0, the network is either disconnected or the static IP address for the connection duplicates an address that already exists on the network.

• Make sure you're using the correct subnet mask for computers on your local network. Compare IP settings on the machine that's having problems with those on other computers on the network. The default gateway and subnet mask should be identical for all network computers. The first one, two, or three sets of numbers in the IP address for each machine should also be identical, depending on the subnet mask. A subnet mask of 255.255.255.0 means the first three IP address numbers of computers on your network must be identical—192.168.0.83 and 192.168.0.223, for instance, can communicate on a network using this subnet mask, but 192.168.1.101 will not be recognized as belonging to the network. Likewise, with a subnet mask of 255.255.0.0, the first two numbers in each address must match—172.16.2.34, 172.16.4.56, and 172.16.83.201 are all valid addresses on a subnet with this mask. In every case, the gateway machine must also be a member of the same subnet. (If you use a router, switch, or residential gateway for internet access, the local address on that device must be part of the same subnet as the machines on your network.)

Note:

Are you baffled by subnets and other related technical terms? For an excellent overview of these sometimes confusing topics, read Knowledge Base article 164015, "Understanding TCP/IP Addressing and Subnetting Basics" (w7io.com/1908), which offers information about IPv4. For comparable details about IPv6, see the "Introduction to IPv6" white paper at TechNet (w7io.com/1909).

3.3. Repairing Your TCP/IP Configuration

If you suspect a problem with your TCP/IP configuration, try either of the following repair options:

• Use the automated repair option. Right-click the connection icon in Network Connections and click Diagnose.

• Renew your IP address. Use the ipconfig /renew command to renew your IPv4 address from the DHCP server; use ipconfig /renew6 to renew the IPv6 address.

Note:

If these methods don't work, you can use the Netsh utility to restore the TCP/IP stack to its original configuration when Windows was first installed. The utility restores all registry settings relating to the TCP/IP stack to their original settings, which is effectively the same as removing and reinstalling the protocol. The utility records a log of the changes it makes. For details about this drastic, but effective, solution, see Microsoft Knowledge Base article 299357 (w7io.com/299357).

3.4. Resolving DNS Issues

The Domain Name System (DNS) is a crucial part of the internet. DNS servers translate host names (www.microsoft.com, for instance) into numeric IP addresses so that packets can be routed properly over the internet. If you can use the Ping command to reach a numeric address outside your network but are unable to browse websites by name, the problem is almost certainly related to your DNS configuration.

Here are some questions to ask when you suspect DNS problems:

• Do your TCP/IP settings point to the right DNS servers? Inspect the details of your IP configuration, and compare the DNS servers listed there with those recommended by your internet service provider. (You might need to call your ISP to get these details.)

• Is your ISP experiencing DNS problems? A misconfigured DNS server (or one that's offline) can wreak havoc with your attempts to use the internet. Try pinging each DNS server to see whether it's available. If your ISP has multiple DNS servers and you encounter problems accessing one server, remove that server from your TCP/IP configuration temporarily and use another one instead.

• Have you installed any "internet accelerator" utilities? Many such programs work by editing the Hosts file on your computer to match IP addresses and host (server) names. When Windows finds a host name in the Hosts file, it uses the IP address listed there and doesn't send the request to a DNS server. If the owner of the server changes its DNS records to point to a new IP address, your Hosts file will lead you to the wrong location.

Temporary DNS problems can also be caused by the DNS cache, which Windows maintains for performance reasons. If you suddenly have trouble reaching a specific site on the internet and you're convinced there's nothing wrong with the site, type this command to clear the DNS cache: ipconfig /flushdns.

Inside Out: Translate names to IP addresses and vice versa