Network Command Line Tools( Comptia Objective 1.4)

Question 1

What well known command is a go to to troubleshoot issues related to the network and find out IP address information as well as local router/gateway, and Subnet mask

Answer 1

• ” ipconfig”
• Will determine TCP/IP and network adapter information and some additional IP details
• This also allows additional configuration details

Question 2

If we want to get more detailed information than what the “ipconfig” command provides what command can we use instead?

Answer 2

• ” ipconfig /all” this will display all of the info as ipconfig but will also provide info such as the DHCP servers that provided the system with it’s IP address as well as the address for the DNS servers etc

Question 3

What command can be used to confirm if a network device is responding to you and that the packets are going through?

Answer 3

• “ping” will test reachability and determine round-trip time.
• Uses Internet Control message protocol( ICMP)
• This is one of the go to tools for network troubleshooting( Very powerful)
• Written by Mike Muuss in 1983.
• By default the “ping” command will run 4 pings before it stops and then display information on screen about the results. and will show the total amount of packets sent and received as well as the TTL(Time To Live) stats.
• Note that by adding the -t extension after the ping command it will tell the system to keep pinging until you stop it by pressing Control-c.
• To tell the system to ping a certain number of times you would use the -n extension followed by the number of pings e.g. ping -n 10 google.com
• To specify the packet size of the ping being sent you would use the -l extension e.g. ping -l 1000(bytes) google.com

Question 4

If you ever wanted to determine the route a packet takes along to it’s destination IP and wanted to map the entire path showing every router it reached along the way what command would you use?

Answer 4

• “tracert” will accomplish this. For example if you wanted to find out all the routers and paths the packets took on there way to googles DNS servers you would type “ tracert 8.8.8.8”
• Takes advantage ICMP Time To Live Exceeded error message. The time in TTL refers to number of hops through routers, not seconds or minutes . E.G. TTL=1 is the first router, TTL=2 is the second router etc. When a tracert is requested it will increate the TTL by 1 after each routers response time is displayed this means that after each result is shown it increases the TTL by 1 to move farther and farther up the chain until it reaches the destination. TTL is decreased by 1 per stop at each router on it’s way to it’s destination. So the first TTL is set to 1 it then hits the first router and decreases to 0 which in turn triggers a TTL exceeded message which in turn displays the router which caused the TTL to be exceeded to be displayed on screen and the round trip time. To then get to the next router along the path the TTL will be increased from 1 to 2 and so on.
• • Note not all devices will reply with ICMP Time Exceeded messages as some firewalls filter ICMP. ICMP is low priority for many devices.
• Windows commonly sends ICMP echo requests. Receives ICMP time exceeded messages. An ICMP echo replay from the final/destination device. Unfortunately outgoing ICMP is commonly filtered.
• Some operating systems such as Linux, Unix and MACOS allow you to specify the protocol used be it TCP or UDP. IOS devices send UDP datagrams over port 33434. ** Note the port number can be changed with extended options.

Question 5

Why is the tracert so useful for determining where along a network connection there was an issue?

Answer 5

• Because “tracert” will display each router the signal reached along it’s way to a destination and if for some reason there is an error code when trying to send out the signal it will display on screen the device where an issue occurred this is the last device shown on screen after the tracert is performed.

Question 6

If you wanted to determine what type of network connections are occurring inbound or outbound on a local computer what command could you use?

Answer 6

• “netstat”
• Provides network statistics.
• Available in many different OS’s including Windows, MACOS, Linux etc.
• “netstat -a” will show you all of the connections which are inbound or outbound on your computer
• “netstat -b” will show which binaries(Executables/programs) in Windows are sending or receiving information. However you must be running cmd in Administrator mode.
• “netstat -n” will tell command prompt not to resolve DNS information so will display IP info instead.

Question 7

What command would allow you to find out what domain name an IP address is using( If any), and what can also allow you to lookup an IP address from a domain name?

Answer 7

• “nslookup”
• Lookup Information from DNS servers( Canonical names, IP addresses, cache timers, etc.
• Lookup names and IP addresses( many different options)

Question 8

What is a network related command that is specific for Windows devices that will display various network info such as viewing network resources, mapping a network share and viewing user account info etc?

Answer 8

• “net”
• You can use the “net view” command to view Network resources such as “ net view \(servername). If you wanted to view a workgroups network resources you would type “ net view /workgroup:(Workgroup Name)
• If you wanted to map a network share to a drive letter you would use the “net use” command. E.G.:
  “ net use h: \(servername(sharename)”
• To view user account information and reset password you would use the “net user” command. E.G. “ net user username”. to view information on a user that is part of a domain you would type “ net user username * /domain”