Networking Command Line Tools

a lesson on networking command-line tools and I will tell you that in this lesson well we're gonna do just that we are going to go through a list of command-line tools and make sure that you understand what they do and then I'll even go in and demonstrate some of them for you so the first couple of commands that I want to go over with you are very similar in nature not only are they named similarly but the functionality is pretty much the same these two commands are IP config and then I F config now both are used to view tcp/ip configuration the difference is IP config is for the Windows operating system whereas ifconfig you will find in things like Unix Linux and Macintosh we will take a look at the IP config utility in just a few minutes now this next utility I will tell you is one that is the most powerful yet most simplistic utility out there and the name of this utility is ping okay it's just simply the ping command and this is something that many people have heard of because well you hear it used all the time you'll hear people say can you ping this can you ping that and this is something that is simply used to check for connectivity between networking devices so when somebody comes to me and says I can't see the such-and-such server or I can't get to this or I can't get to that the first thing I will ask is can you ping it and we'll see in a few minutes here when we go in and and see the utility in action exactly what that means when I say can you ping something now the next command is the ARP command and you may recall from another lesson where we talked about ARP being a protocol writes the address resolution protocol and that protocol has to do with the resolution between IP addresses and MAC addresses well I mentioned that ARP was not only a protocol but it's also a utility and the art utility is something that is used to view and manage something called the ARP cache and this is a memory location where we have recently resolved IP and MAC addresses now here's another couple of commands just like we saw before with the IP config and the ifconfig they're very similar in name and they are also similar in function and they both I would refer to them both really as traceroute whereas one is trace RT and then the other one is spelled out trace route now the trace RT command is what we would use in Windows whereas the full spelled out trace route command is what you would see in the other operating environments like Unix Linux and Macintosh now what does this command do well basically it will lay out the full path that is being taken from point A to point Z in other words if I want to see exactly how I'm getting from my computer to some server that's maybe in another office through the enterprise or maybe I want to see how I get from my individual computer to a web server out on the internet I can use the trace route command to do this this is also a great way to troubleshoot if you're not getting to somewhere right maybe if I have a client who says I can't see a certain server in our enterprise well as much as I told you the first words out of my mouth will be can you ping it if we're also not able to ping it the next step from there would be to do a trace route and see where between that client and that server the breakdown comes into play now there's another couple of commands that are not similar a name but they are similar in functionality and they are nslookup which is used in Windows and Digg di G which is used in Unix Linux and Macintosh now one thing that I will point out to you is that nslookup can also be used in those other operating environments but Digg is considered to be more powerful and therefore the preferred utility for those operating environments now if we jump back to nslookup for a minute which we would use in the Windows operating system it is used to troubleshoot DNS name resolution issues okay so anything that has to do with host names and DNS things there like that if we're trying to troubleshoot that form of name resolution we're gonna use an S lookup now one key thing that I want you to know about the nslookup utility is that it has both an interactive and a non interactive mode what this means is you can go to your command line in a Windows environment and just type and us look up and we'll take you into the nslookup prompt ok you won't be in a normal command prompt anymore and then from there you can type different commands that work within the utility or you could type out an entire command where you have nslookup and then various switches that follow the command to get a result just from that one command and that's something that you would do if you were scripting your nslookup command you would just want to put the entire command with the switches so you can just get your result whereas the interactive is more if you were sitting at the computer and you wanted to work your way through this troubleshooting process that said I will tell you that where I I mentioned that nslookup can be used in other operating environments the one drawback is that you do not have that interactive mode you only have the non interactive mode if you're working in Unix Linux or Macintosh now the next command that we'll talk about is something called net stat which does pretty much what it sounds like it is used to display Network statistics ok we're more specifically tcp/ip Network statistics and connections ok so if you are trying to trouble a network problem it can come in handy to see certain statistical information about what's going on with the network and then we have another statistical based utility it's also a utility that's not used so much in today's networks and I'll explain why in just a moment here but it's nbtstat and this is used to display something called NetBIOS statistics and this has to do with statistics revolving around your NetBIOS names which is why you don't see it used too much anymore is because NetBIOS names are not used that much anymore but if you are in an environment that uses NetBIOS names NBC stat can help you in trouble shooting those NetBIOS name resolution issues and before we jump over to a demonstration of some of these tools there's one last command and I will tell you I'm not really gonna go into much detail nor am I gonna demo this command because we do so in another lesson on routing but it is the route command and this is a command that is used to manage the routing table from a command prompt ok so now that we have gone over all the various Network command line tools I would like to show you how a few of them work so let's go take a look alright so here we are looking at my desktop and the first thing I need to do if I want to show you command line utilities is well we need to know how to get to the command line now this is Windows 7 that we're looking at here and in this operating system you click on the Start menu and there's a number of different ways you can get to the command line and by the way it's actually called the command prompt which you'll see that right here it's here because I've accessed it recently and or often so window 7 will put up the things that you've looked at recently right there on your Start menu you can also find it through all programs and accessories and there's your command prompt or what I like to do is just right down here in the search box just type in CMD and then there it is that's your command prompt from here the first command I'd like to show you is IP config so let's type in IP config and hit enter and you get some basic IP configuration information you'll see that I have my IP address my subnet mask and my default gateway yes there is some other information first of all I'll point out that there is an ipv6 address I'm going to skip over pretty much everything ipv6 in this demonstration because it's not that ipv6 doesn't matter it does but just to get through showing you the utility and to stay simple and consistent with it I'm just going to show you the ipv4 stuff I'm also just not going to always talk about every single item because you'll see in just a moment here there's a lot of extra information that comes with some of these utilities and I could literally spend hours going through every nook and cranny of these utilities and some of this you're gonna have to find out on your own but I'm gonna hit the high-level stuff that you should be looking for all the time and to give you an example of how you can go through and learn this stuff on your own one of the really cool things about command-line tools is that you can type in the utility so I'll type in ipconfig and then you can go ahead and put in forward slash question mark and this is not just for IP config this is for pretty much every command-line utility there is and when you do that you get help and there's a lot of help and in fact I have to scroll back up here to see everything ok so you'll notice here they here are all the different options that I can do with IP config some of the common ones are slash all for displaying full configuration information if you've ever heard anyone say hey can you do a release and renew you're talking about doing an IP config slash release and slash renew and that has to do with releasing your IP information from the DHCP server and then renewing it there are also some DNS related it commands and these do come in very handy when troubleshooting DNS and they have to do with flushing the DNS cache which is a locally cached copy of recent name resolutions registering with the DNS server and displaying the cache so again as I mentioned can't go through every single tiny little detail but the good news is you can on your own it's all laid out for you in great detail okay you get the full syntax of everything they give you the options and they give you some examples of how these things can be used now one that I am going to show you right now is I'm gonna do an IP config flash all and you'll notice I get a lot more information and I'm gonna scroll up until we can see the ipconfig /all there we go I get a lot more information listed here to be specific let's look at some of these here's our physical MAC address I can see whether I'm a DHCP client or not if I scroll down I still have my standard ipv4 address as well as my subnet mask and my default gateway I see information about my DHCP lease since I am a DHCP client I see who my DHCP server is and then down here this is probably the next most important information my DNS servers the reason this is a very important piece of information is because if you're ever troubleshooting name resolution well you're going to need to know who your DNS servers are that you're getting that name resolution from I'm not gonna go into detail on that we have a whole lesson on DNS servers I just want to point out that this is where you can see what you're connected to so that's basically the IP config command now the next command I'm going to type in is C LS now that's not part of this lesson but I just want to point out that CLS let me in enter boom great way to clear the screen get to all the clutter off the screen so you can start without you'll be distracted by everything else so moving on to the next network command line tool that would be the art command I want to show you are and the first thing I want to do with any command is put in a slash question mark so that I can see all the various information about the different options and the syntax and all of that the very first one here you'll notice are - a it's to display the art cache ok display your ARP entries so let's actually do that I'm gonna type in ARP dash a and there you go you have a bunch of entries and by the way I never know what this is going to show me and the reason why is because it is dynamic nodes it has to do with what IP addresses have I communicated with recently that I still have stored in this cache so let me give you an example let me go ahead and I'm gonna open up Internet Explorer and let's do something like either just go to Google now why am I doing this I'm doing this just because they closed this I just wanted to make connectivity outside of my network and when I want to show you here if I come back and do the ARP - a command again no I don't get an entry for Google or for Google's IP address that's because I'm on an internal network what I did get was the IP address of my router because that's what my computer communicates with via MAC address only things on my network ok so apparently I had not communicated with my router in a while and so it wasn't on the list whereas now it is you notice it's dynamic now another thing that I can do here is if I were to type in ARP - D that's for delete and I can put in you know what let's use the same one the IP address of the router one nine two dot one sixty eight dot 10.1 watch what happens here I actually get an error and this is something very important to pay attention to because once you get to vista and windows 7 and windows 8 and other server based operating systems as well certain commands are protected because they don't want you to cause damage or at least I don't want an average person to cause damage and they required elevated privileges so in order to be able to use these elevated privileges I'm going to close the command prompt and this time when I go to open it I'm gonna right-click on it and select run as administrator now I am an administrator so it's just gonna say are you sure and I'll say yes if I was not an administrator on this computer it would prompt me for credentials at this point I'm going to go ahead and put ARP - a just to show that the table is still the same and now I'm gonna put in ARP - d1 ninety two dot one sixty eight dot 10.1 hit enter and look at that it looks like nothing happened right you don't get a confirmation you don't get in there but something did happen because if I put in ARP - a again you'll notice that 10.1 is gone now you may remember that when I typed in this command the first time 10.1 was not there these dynamic entries will disappear if I don't have communication with them the point behind using the - D command and manually deleting an entry is if you saw something that was just wrong and you didn't want to wait a certain amount of time to let it disappear on its own now I'm not gonna go into any more detail here on the ARP command because I will tell you that this is somewhat you know kind of a thing of the past I mean the command is still valid the tool still has the same purpose it's just the way things have moved into such an overall dynamic environment it's very rare that you'd have to come in here and manually manage the ARP cache now the next command I'm going to show you and then I'm gonna actually come back to art for just a quick moment and the next command I want to show you is the ping command so I'm gonna just type in ping and then an IP address and guess which one I'm gonna do the router okay I'm gonna put in one ninety two dot one sixty eight dot 10.1 I'll hit enter and you'll see I get these replies remember I said this is the like most simplistic yet most important tool and most powerful tool there is okay because this is showing connectivity this is proving with these replies that I have connectivity with my router when it comes to troubleshooting connectivity it's all about doing the ping command it's all about saying do I have that ability to connect with that particular device I just want to show you before we go any further into ping and if I do ARP slash a guess what's gonna show up again that's right you guessed it 10.1 I just wanted to show you that having something put into that ARP table really has to do with any form of communication I showed you by opening up an internet browser and going out to an internet website which means I have to go to my router and then I also showed you through a simple ping command alright so back to the ping command if I do paying slash question mark you will see that there's a number of different options here and they have a lot to do with forcing specific connectivity type scenarios one of the switches that I've used many times is the dash T command right up at the top and you'll see that this says it'll keep pinging until stopped okay because remember when I did ping one ninety two dot one sixty eight dot 10.1 how many replies that I get I got four of them and then it's done if I were to put in the same command ping this time put dash T and put in the IP address you'll see here that this is going to be a constant stream of replies it's never going to stop until I tell it to you'll either stop if I close the window and actually they're closed my command prompt and that would make it stop or I could hit control C which is a way of breaking into the current command now why if I use this and why does this come in handy well very often if I cannot connect with something rather than try to do something to fix it then try to ping and it fails and I try to do something else and then try to ping and it fails and then do something else and pinging it fails what I find is it comes in handy sometimes to just say ping - tee and by the way let me go ahead and ping a bogus IP address I'm just gonna put in one night shoot out one sixty eight dot n dot - I don't believe exists on my network there we go and it just nothing happens now in this case I'm getting destination host unreachable the other option that you sometimes get depending on and what it is exactly that you're looking for is you'll get a timeout but either way I go ahead and do that with a dash T it would just keep giving me the air again and again and again until I have fixed the problem so sometimes is a great way to sit somebody down in front of a computer and say give me a holler when it's fixed or even you yourself may be looking at the computer and rather than having to just keep going back and type in the ping command you'll know once it's fixed now again there are many more things you can do with ping you can change the size and the delay and things like that but really when it comes down to it using ping and it's just simplistic fashion sometimes it's better than anything else now one other thing I will point out that ping can help you with is it can help you to see if you have a name resolution problem okay so if I were to go ahead and ping google.com look what happens the very first thing it does is it resolves the IP address it shows me the IP address for Google if I were to have a problem where somebody says I can't get out to a certain website what you could do is you could ping the name and it doesn't your websites it could be an internal server it could be anything if you ping the name and it gives you an error saying can't find that name then you know you have a name resolution issue if you see an IP address but then you don't get these replies then you know that it's not a name resolution issue you know that it's an actual connectivity issue okay so that is the difference so again ping really has the capability of being a very powerful utility even though again it's simplistic as they come ping name or IP address do I have connectivity yes or no let me go ahead and clear the screen and let's take a look at trace route so I'm gonna put in trace and because this is Microsoft it's just trace rt4 trace route and what I'm gonna do with the trace route command is I'm going to put in the name or an IP address of somewhere that I want to look at the entire path so the example that I'll use here is we were just using Google so let's do it again I'm gonna putting google.com and when I hit enter you'll notice that there are a series of entries that I'm going to get here it starts off once again with some name resolution okay it resolves that IP address but then instead of just getting replies I'm going to see a series of entries here and there's quite a few as I'm talking through this you'll see them up here there's a series of entries that will be made and what this is showing me is this is showing me exactly how we're getting from this computer that I'm at right now out to one of the Google web servers so you'll notice the first hop was 10.1 that's my router right my computer said it's outside my network I have to go to my router then from there I can tell you that one not 253 and one dot 254 are a couple more routers out in train signals Network ok so once we leave my office in the train signal Network we have a couple more routers that we can go through so it goes to 253 and I will tell you this one dot 253 address is actually a switch not a router and that switch has then been configured to pass it along if it's meant for the internet out to a router that's at 1.2 54 then from there all the rest of this that you see is all internet stuff that's stuff that I don't really know anything about and when I say no I don't know about I don't mean I don't know the technology I do know the technology what I don't know is what you know I have no control over these routers these are just Internet routers okay so it's hopping through all these Internet routers and so eventually look where it ends up it ends up at Google's web server this is a great way to troubleshoot if you ping something and you don't get a reply this is a great way to figure out where's the breakdown meaning if you look at the obvious stuff and you say well everything looks good on the computer and it looks like the router that this computer is looking to is okay and maybe the server that I'm trying to get to yeah that server looks okay and you trying to figure out well I'm a little confused everything looks okay at the client everything looks good okay at the server there's gotta be a breakdown in between traceroute can help you with that now I will also tell you that even though for demonstration purposes I took us to Google the reality is that you would not typically use this utility for an external internet website because again what am I going to do if I see a breakdown in any of these areas nothing I have no control over it this is something you would use in your own enterprise environment so let me go ahead and clear this out and then the next command I want to show you is net stat I'm gonna do slash question mark here just because I want to show you that this is a utility where we can look at well network statistics okay so when it comes to troubleshooting you look at a bunch of statistics about things going on in the network so you'll see there's a lot of different options available although this top one here - a which talks about displaying all the connections and listening ports so let's go ahead and do that net stat - a yeah you can see and by the way this right here it says video - PC that is a proper name meaning that is the name of this computer so anywhere you see that that's what you're looking at okay and this just shows a bunch of ports that's listening on ok so that's one thing good to know you want if you want to know that the computer is listening on various ports and it will tell you at this point it's gonna be really difficult to go into great detail on all of this information because unless you've already learned about specific ports and protocols and things like that a lot of this is going to just look like foreign information one of the key things we can notice here is if under Pro it shows either TCP or UDP okay that's from the tcp/ip protocol lesson we learned about the transport layer protocols TCP and UDP I can also do a net stat - oh and you'll notice that showing me active connections and it's blank because I'm not currently connected to anybody so if I were to do something simple like open up a web browser and go to Google go ahead and come back to my command prompt and do the same command again net stat - oh ah look at that now I have a couple of entries and if I were to open up another tab over here on my browser and let's say I go to Train Signal come back here to my command prompt do the same command again whoo look at that I have a lot more entries and really you know when it determines how many entries it depends on what exactly the websites doing and how much activity there is how much information there is where else things are linked out to okay so you know there's not a whole lot again that I can go into in much more detail here without you know including other lessons in with it but I will tell you that overall netstat is a great way of just seeing what's going on with the network and taking a look at the connections that this computer is either making or is available to make so let me go ahead and close the browser in the background here just close all my tabs and clear the screen and one last utility that I'd like to talk to you about is the nslookup command and remember there's both an interactive and a non interactive mode so let's start off with non interactive where I just type in US lookup and then I'm going to add some information to it so I'll say google since we've been picking on them the entire demonstration here calm and I'll hit enter and you'll see here that first of all there's nothing within my own local network here my own DNS servers are not authoritative for google.com ok meaning the information for where the google.com servers as you know that stuff's not listed in my own local DNS server and that's why I here it's a server unknown it's pointing to my DNS server like that's where it's gonna at least go to but it's not authoritative so the non authoritative information is that you'll see that Google com resolves to a number of IP addresses right and we know that because Google is a large enough site that there's not just one server out there there's many servers out there maverick there's more than just what I even see listed here these just happen to be some of them that are probably in my local proximity so they're being sent back to my local DNS server when it checks in with others now if I want to do this from an interactive perspective I just type NS lookup all by itself and hit enter and you'll notice that instead of getting back to a regular command prompt I have a slightly different command prompt here and that is the Annis lookup prompt from here I could go ahead and type help and I get information about all kinds of different things that I can do within and has look up now I'm not going to spend a lot of time on this because again I want you to understand what the command is you know you can do an entire lesson and in fact I could do an entire course on everything that you can do with an S lookup now what I do want to show you is that from this interactive prompt if I once again just type google.com I get the same information but now I'm doing it from within the nslookup prompt now that's not necessarily significant as far as whether I did this interactively or not I mostly just want to demonstrate the fact that you can do it from either direction typically if you are sitting at the computer and you are trying to troubleshoot something you are going to go into the interactive prompt and work your way through and us look up looking up all sorts of different DNS based activity whereas if you were trying to script using the nslookup command you would go ahead and do it non interactively so you can just enter it as a command now to get out of this prompt I just simply type exit and that brings me back to my regular command prompt and speaking of the command exit if I go ahead and type exit from here that's gonna exit me out of the command prompt window altogether because that is pretty much it for this demonstration now I do want to emphasize one additional thing and that is that even though you only saw it happen with the ARP command when I went to delete an entry remember I was in an administrative command prompt the rest of the way through this demonstration there are many different commands that are going to require elevated privileges I don't have them memorized matter of fact I get burnt by it all the time okay I will be in a regular command prompt and I will go to do some command some networking command line tool and I'll get that error and then I have to go back in with elevated privileges for that reason what some people choose to do is if you know you're an administrator and you know what you're doing you just by default always open the command prompt with elevated privileges and then you don't have that problem okay but other than that those are some of the more commonly used commands and again even though I didn't go through every detail you have the ability to put in a slash question mark or help and learn anything and everything that you need to know about the command ok so that's pretty much it we've gone through a series of commonly used and quite frankly handy networking command line tools to find what most of them were and how they work and showed you a few of them and I want you to practice and play with all of them and I want you to experiment in different networks and see what these tools really can do for you because they can come in quite handy when troubleshooting different network problems so while you're doing that I'm going to go ahead and take a break and I will see you in