Windows Server 2008 R2 Unleashed (271 page)

2008 R2. Before you can communicate between machines, TCP/IP must be configured.

In Windows Server 2008 R2, TCP/IP is installed by default during the OS installation and

also makes it impossible to add or remove TCP/IP through the GUI.

If a TCP/IP connection fails, you need to determine the cause or point of failure. Windows

Server 2008 R2 includes some dependable and useful tools that can be used to trou-

bleshoot connections and verify connectivity. The tools described in the following ten

sections are very useful for debugging TCP/IP connectivity problems. Most of these tools

have been updated to include switches for IPv4 and IPv6.

Ping

Ping means Packet Internet Groper. It is used to send an Internet Control Message Protocol

(ICMP) echo request and echo reply to verify the availability of a local or remote machine.

You can think of Ping as a utility that sends a message to another machine asking: “Are

you still there?” By default, in Windows Server 2008 R2, Ping sends out four ICMP pack-

Using the Debugging Tools Available in Windows Server 2008 R2

1373

ages and waits for responses back in one second. However, the number of packages sent or

time to wait for responses can be changed through the options available for Ping.

Besides verifying the availability of a remote machine, Ping can help determine a name

resolution problem.

To use Ping, go to a command prompt and type Ping Targetname. Different parameters

can be used with Ping. To display them, type Ping /? or Ping (without parameters).

The parameters for the Ping command are as follows:

. -4—Specifies that IPv4 is used to ping. This parameter is not required to identify the

33

target host with an IPv4 address. It is required only to identify the target host by name.

. -6—Specifies that IPv6 is used to ping. Just like –4, this parameter is not required to

identify the target host with an IPv6 address. It is required only to identify the target

host by name.

. -a—Resolves the IP address to the hostname. The hostname of the target machine is

displayed if this command is successful.

. -f—Requests that echo back messages are sent with the Don’t Fragment flag in

packets. This parameter is available only in IPv4.

ptg

. -i ttl—Increases the timeout on slow connections. The parameter also sets the

value of the Time to Live (TTL). The maximum value is 255.

. -j HostList—Routes packets using the host list, which is a series of IP addresses

separated by spaces. The host can be separated by intermediate gateways (loose

source route).

. -k HostList—Similar to –j but hosts cannot be separated by intermediate gateways

(strict source route).

. -l size—Specifies the length of packets in bytes. The default is 32. The maximum

size is 65,527.

. -n count—Specifies the number of packets sent. The default is 4.

. -r count—Specifies the route of outgoing and incoming packets. It is possible to

specify a count that is equal to or greater than the number of hops between the

source and destination. The count can be between 1 and 9 only.

. -R—Specifies that the round-trip path is traced (available on IPv6 only).

. -s count—Sets the time stamp for the number of hops specified by count. The

count must be between 1 and 4.

. -S SrcAddr—Specifies the source address to use (available on IPv6 only).

. -t—Specifies that Ping should continue sending packets to the destination until

interrupted. To stop and display statistics, press Ctrl+Break. To stop and quit PING,

press Ctrl+C.

1374

CHAPTER 33

Logging and Debugging

. -v TOS—Specifies the value of the type of service in the packet sent. The default is

zero. TOS is specified as a decimal value between 0 and 255.

. -w timeout—Specifies the time in milliseconds for packet timeout. If a reply is not

received within the timeout, the Request Timed Out error message is displayed. The

default timeout is four seconds.

. TargetName—Specifies the hostname or IP address of the destination to ping.

NOTE

Some remote hosts can be configured to ignore Ping traffic as a method of preventing

acknowledgment as a security measure. Therefore, your inability to ping a server might

not necessarily mean that the server is not operational, just that the server is not

responding for some reason.

Tracert

Tracert is generally used to determine the route or path taken to a destination by sending

ICMP packets with varying Time to Live (TTL) values. Each router the packet meets on the

way decreases the value of the TTL by at least one; invariably, the TTL is a hop count. The

ptg

path is determined by checking the ICMP Time Exceeded messages returned by intermedi-

ate routers. Some routers do not return Time Exceeded messages for expired TTL values

and are not captured by Tracert. In such cases, asterisks are displayed for that hop.

To display the different parameters that can be used with Tracert, open a command

prompt and type tracert (without parameters) to display help or type tracert /?. The

parameters associated with Tracert are as follows:

. -4—Specifies that tracert.exe can use only IPv4 for the trace.

. -6—Specifies that tracert.exe can use only IPv6 for the trace.

. -d—Prevents resolution of IP addresses of routers to their hostname. This is particu-

larly useful for speeding up results of Tracert.

. -h maximumHops—Specifies the maximum number of hops to take before reaching

the destination. The default is 30 hops.

. -j HostList—Specifies that packets use the loose source route option. Loose source

routing allows successive intermediate destinations to be separated by one or multi-

ple routers. The maximum number of addresses in the host list is nine. This parame-

ter is useful only when tracing IPv4 addresses.

. -R—Sends packets to a destination in IPv6, using the destination as an intermediate

destination and testing reverse route.

. -S—Specifies the source address to use. This parameter is useful only when tracing

IPv6 addresses.

. -w timeout—Specifies the time in milliseconds to wait for each reply.

Using the Debugging Tools Available in Windows Server 2008 R2

1375

NOTE

Tracert is a good utility to determine the number of hops and the latency of communi-

cations between two points. Even if an organization has an extremely high-speed con-

nection to the Internet, if the Internet is congested or if the route a packet must follow

requires forwarding the information between several routers along the way, the perfor-

mance and, ultimately, the latency (or delay in response between servers) will cause

noticeable communications delays.

33

Pathping

Pathping is a route tracing tool that combines both features of Ping and Tracert

commands with some more information that neither of those two commands provides.

Pathping is most ideal for a network with routers or multiple routes between the source

and destination hosts. The Pathping command sends packets to each router on its way to

a destination, and then gets results from each packet returned from the router. Because

Pathping computes the loss of packets from each hop, you can easily determine which

router is causing a problem in the network.

To display the parameters in Pathping, open a command prompt and type Pathping /?.

The parameters for the Pathping command are as follows:

ptg

. -4—Specifies that tracert.exe can use only IPv4 for the trace.

. -6—Specifies that tracert.exe can use only IPv6 for the trace.

. -g Host-list—Allows hosts to be separated by intermediate gateways.

. -h maximumHops—Specifies the maximum number of hops before reaching the target.

The default is 30 hops.

. -i address—Uses the specified source address.

. -n—Specifies that it is not necessary to resolve the address to the hostname.

. -p period—Specifies the number of seconds to wait between pings. The default is a

quarter of a second.

. -q num_queries—Specifies the number of queries to each host along the route. The

default is three.

. -w timeout—Specifies the timeout for each reply in milliseconds.

Ipconfig

Ipconfig displays all TCP/IP configuration values. It is of particular use on machines

running DHCP. It is used to refresh DHCP settings and to determine which TCP/IP

configuration values have been assigned by DHCP. If Ipconfig is used without parameters,

it displays IP addresses, subnet masks, and gateways for each of the adapters on a

machine. The adapters can be physical network adapters or logical adapters such as dial-

up connections.

1376

CHAPTER 33

Logging and Debugging

Some of the parameters for Ipconfig are as follows:

. /all—Displays all TCP/IP configuration values.

. /displaydns—Displays the contents of the DNS client resolver cache.

. /flushdns—Resets and flushes the contents of the DNS client resolver cache. This

includes entries made dynamically.

. /registerdns—Sets manual dynamic registration for DNS names and IP addresses

configured on a computer. This is particularly useful in troubleshooting DNS name

registration or dynamic update problems between a DNS server and client.

. /release[Adapter]—Sends a DHCP release message to the DHCP server to discard

DHCP-configured settings for adapters. This parameter is available only for DHCP-

enabled clients. If no adapter is specified, IP address configuration is released for

all adapters.

. /renew[Adapter]—Renews DHCP configuration for all adapters (if an adapter is not

specified) and for a specific adapter if the Adapter parameter is included. This para-

meter is available only for DHCP-enabled clients.

. /setclassid Adapter [classID]—Configures the DHCP class ID for a specific

adapter. You can configure the DHCP class ID for all adapters by using the wildcard

ptg

(*) character in place of Adapter.

. /showclassid Adapter—Displays the DHCP class ID for a specific adapter.

. /allcompartments—Displays information about all compartments.

. /allocmpartments /all—Displays detailed information about all compartments.

NOTE

Ipconfig displays the assigned configuration for a system such as the default gateway,

DNS servers, local IP address, subnet mask, and so on. When you’re debugging net-

work problems, you can use Ipconfig to validate that the proper TCP/IP settings have

been set up for a system so that a server properly communicates on the network.

Arp

Arp stands for Address Resolution Protocol. Arp enables the display and modification of

the Arp table on a local machine, which matches physical MAC addresses of machines to

their corresponding IP addresses. Arp increases the speed of connection by eliminating the

need to match MAC addresses with IP addresses for subsequent connections.

Some of the parameters for Arp are as follows:

. -a[InetAddr] [-N IfaceAddr]—Displays the Arp table for all adapters on a

machine. Use Arp –a with the InetAddr (IP address) parameter to display the ARP

cache entry for a specific IP address.

. -dInetAddr [IfaceAddr]—Deletes an entry with a specific IP address (InetAddr). Use

the IfaceAddr parameter (IP address assigned to the interface) to delete an entry in a

Using the Debugging Tools Available in Windows Server 2008 R2

1377

table for a specific interface. Use the wildcard character in place of InetAddr to

delete all entries.

. -g[InetAddr] [-N IfaceAddr]—Similar to the –a parameter.

. -sInetAddr EtherAddr [IfaceAddr]—Adds a static entry to the ARP cache that

resolves the IP address (InetAddr) to a physical address (EtherAddr). To add a static

ARP cache entry to the table for a specific interface, use the IP address assigned to

the interface (IfaceAddr).

33

Netstat

As its name implies, Netstat (or Network Statistics) is used to display protocol statistics for

any active connections, monitor connections to a remote host, and monitor IP addresses

or domain names of hosts with established connections.

The parameters for Netstat are as follows:

. -a—Displays all connections and listening ports by hostname.

. -b—Displays the executable involved in creating each connection.

. -e—Displays Ethernet packets and bytes to and from the host.

ptg

. -n—Displays address and port numbers without resolving the address to the hostname.

. -o—Displays TCP connections and includes the corresponding process ID (PID). Used

in combination with –a, -n, and –p. Not available in previous Windows versions.

. -p protocol—Displays statistics based on the protocol specified. Protocols that can

be specified are TCP, UDP, TCPv6, or UDPv6. It can be used with –s to display TCP,

UDP, ICMP, IP, TCPv6, UDPv6, ICMPv6, or IPv6.

. -s—Displays statistics on a protocol-by-protocol basis. Can be used with the –p para-

meter to specify a set of protocols.

. -t—Displays the current connection offload state.

. -r—Displays the route table. Information displayed includes network destination,

netmask, gateway, interface, and metric (number of hops).

. [Parameter] Interval—Displays the information at every interval specified.

Other books

Dinosaurs Without Bones by Anthony J. Martin
Enough! (A Travesty and Ordo) by Donald E Westlake
A Good Day To Die by Simon Kernick
Begin Again by Evan Grace
Woes of the True Policeman by Bolaño, Roberto
Son of a Serial Killer by Jams N. Roses
Ultimate Weapon by Ryan, Chris
Along Came A Prince by Carlyn Cade
True Evil by Greg Iles