Table of contents
3. Experimental environment and requirements
8. Netsh command (network configuration tool)
9. FTP command (file transfer protocol utility)
10. Net command (network management command)
1. Purpose of the experiment
- Understand the functions and usage methods of common network tools such as ping and traceroute, and use these tools to discover or verify faults in the network.
- Learn to install and use protocol analysis software, and master basic datagram capture, filtering and protocol analysis skills.
2. Experimental content
- Practice using 10 common network commands
- Installation and use of protocol analysis software
3. Experimental environment and requirements
- Use Windows operating system
- Internet connection available
4. Experimental steps
1. Ping command
Ping is a test program used to determine whether a local host can exchange (send and receive) datagrams with another host. If the Ping runs correctly, you can eliminate the faults in the network access layer, network card, Modem I/O lines, cables, and routers.
By default, when running the Ping command, send 4 ICMP (Internet Control Message Protocol) "echo requests", each with 32 bytes of data; if it is normal, you should get 4 echo responses.
Ping can display the amount of time in milliseconds between sending an Echo Request and returning an Echo Reply. If the response time is short, it means that the datagram does not have to pass through too many routers or network connections, and the speed is relatively fast.
Ping can also display the TTL (Time To Live existence time value. Calculate how many routers the data packet has passed through the TTL value:
TTL starting value of the source location (that is, a power of 2 slightly larger than the return TTL) - TTL value at the time of return. Let's take the official website of Shenzhen University as an example:
Among them, 210.39.4.1 is the IP address of the server, and the return message received by the local host is specifically: 32 bytes, shared milliseconds, and the TTL return value is 41. It can be seen that the initial value of TTL is 64 , and the source point to the target point needs to pass through 23 router network segments. A total of 4 data packets were sent, 4 were recovered, and 0 were lost, accounting for 0% of the total. The fastest recovery time is 81ms, the slowest recovery time is 93ms, and the average is 87ms.
A typical sequence for detecting network failures via Ping :
1)ping 127.0.0.1
This Ping command is sent to the IP software of the local computer. If an error occurs, it means that there are some basic problems with the installation or operation of TCP/IP. The result of the operation is as follows:
2) ping local IP
This command is sent to the configured IP address of this computer. If you get an error, there is a problem with your local configuration or installation. (The local IP can be queried through ipconfig, and the local IP queried is 192.168.3.38)
The results of the Ping operation on the local IP are as follows.
3) Ping other IPs in the LAN
This command travels through the local computer's network card and network cable to other computers, and back again. If an echo reply is received, the network card and bearer of the local network are functioning correctly. However, if you receive 0 echo replies, it means that the subnet mask is incorrect or the network card configuration is wrong or there is a problem with the cable system. The gateway IP is 172.31.225.27, then we randomly select another IP in the same LAN for Ping operation, for example, we choose 172.31.225.31.
4) ping gateway IP
If this command is answered correctly, it means that the gateway router in the LAN is running and able to respond. (The gateway IP can be queried through ipconfig, and the queried gateway IP is 172.31.225.33).
Ping it, the result is as follows.
5) ping remote IP
If you receive 4 replies, it means the default gateway has been successfully used. For dial-up Internet users, it means that they can successfully access the Internet (but it does not rule out that there may be problems with the ISP's DNS). For example:
It can be seen that 4 responses were successfully received.
6) Ping a domain name
To execute a Ping command for a domain name, the local computer must first convert the domain name into an IP address through the DNS server. If it fails, it means that the IP address of the DNS server is incorrectly configured or the DNS server is faulty. Use this command to realize the conversion function of domain name to IP address. Let's take Tencent Video as an example. Baidu's domain name is baidu.com, and we ping it. The results are as follows.
The returned TTL value is 48, so it can be seen that the initial value of TTL is 64, and then the source point to the destination point needs to pass through 16 router network segments.
7) Common parameter options of the Ping command:
①Ping IP –t Execute the Ping command to the IP address continuously until it is interrupted by the user with Ctrl+C. Take Baidu’s domain name as an example.
②Ping IP -l m Specify the data length in the Ping command as m bytes, the default is 32 bytes, modify the data length in the Ping command to 128 bytes, the running results are as follows.
③Ping IP -n Execute the Ping command for a specific number of times, the default is 4 times. Change the number of executions to 9 times, and the running results are as follows.
8) Parameter usage query of Ping command:
Enter Ping directly in the window, and the usage of Ping and the meaning of each option will be displayed.
2. Ipconfig command
The IPConfig utility (and WinIPCfg) can be used to display the current TCP/IP configuration settings.
These values are used to verify that the manually configured TCP/IP settings are correct.
If the local computer and the local area network use the dynamic host configuration protocol, through IPConfig, you can know whether the computer has successfully leased an IP address, and if so, you can know what address it is currently assigned. Knowing the computer's current IP address, subnet mask, and default gateway is actually a necessary item for testing and fault analysis.
The most common options for IPConfig:
1)ipconfig
When IPConfig is used without any options, it displays the IP address, subnet mask, and default gateway values for each configured interface. The result is as follows.
As shown in the figure, the local IP is 172.31.225.27, the subnet mask is 255.255.255.0, and the default gateway IP is 172.31.225.33.
2)ipconfig /all
When using the all option, IPConfig can display additional information (such as IP addresses) for DNS and WINS servers that it has been configured to use, and display the physical address (MAC) built into the local network card. If the IP address is leased from a DHCP server, IPConfig will display the IP address of the DHCP server and the date when the leased address is expected to expire.
Compared with the ipconfig command without options, the information displayed after adding the all option will be more complete, and it will display the complete TCP/IP configuration of all network adapters. For example, IP host information, DNS information, physical address information, DHCP server information and so on. An adapter can represent a physical interface such as an installed network adapter or a logical interface such as a dial-up connection or a virtual machine NIC. The information is more complete. The result is as follows.
3)ipconfig /release和ipconfig /renew
These are two additional options that only work on computers that lease their IP addresses from a DHCP server.
If you enter ipconfig /release, the leased IP addresses of all interfaces will be re-delivered to the DHCP server (return the IP address). The result is as follows.
If you enter ipconfig/renew, the local computer will try to get in touch with the DHCP server and lease an IP address. In most cases the NIC will be reassigned the same IP address as it was previously assigned.
3. Netstat command
Netstat is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and to check the network connection status of each port of the machine.
Some common options for Netstat:
(1) netstat –s This option can display the statistical data of each protocol separately. If the application program (such as a Web browser) runs slowly, or cannot display data such as Web pages, then you can use this option to view the displayed information. You need to go through the rows of the stats to find the keywords that are wrong to pinpoint the problem.
The running results are as follows.
The results show IPv4/IPv6 statistics, ICMPv4/ICMPv6 statistics, and IPv4/IPv6 TCP and UDP statistics.
(2) netstat -e This option is used to display statistics about Ethernet. Items it lists include the total number of datagram bytes transmitted, the number of errors, the number of deletions, the number of datagrams, and the number of broadcasts. This option can be used to count some basic network traffic. The result is as follows.
(3) netstat –r This option displays information about the routing table, similar to the information seen when the route print command is used. In addition to displaying active routes, it also displays currently active connections.
The result is as follows.
The visible result shows the interface list, IPv4 routing table and IPv6 routing table.
(4) netstat –a This option displays a list of valid connection information, including established connections (Eetablished), and those connections that are listening for connection requests (Listening), disconnected (CLOSE_WAIT) or in an online waiting state (TIME_WAIT) )wait.
The result is as follows.
Let's take one line as an example:
This line indicates the protocol: TCP (transport layer communication protocol); the local IP is 127.0.0.1, the port opened locally and used for connection: 10804; the external address is 172.31.225.27, the remote port is 49801; the status is ESTABLISHED (the connection has been established Case).
It can be seen that all established valid connections are displayed.
4. Tracert command
The Tracert command can be used to trace the route (path) used by a datagram and list the time spent on each router it passes through. Therefore, Tracert is generally used to detect the location of the fault.
The path traced by this utility is a path from the source computer to the destination computer, but there is no guarantee or assumption that datagrams will always follow this path.
Tracert usage: Just follow tracert with an IP address or URL, and Tracert will convert the corresponding domain name. like:
Tracert www.yahoo.com
We simply use this command to test the time to reach Baidu baidu.com and the passing IP address, the results are as follows.
Looking at the information, we know that we have passed 18 IP nodes and the time used. The first one is generally that our machine goes out from this IP, the second one is the route passed, and the last one is the target machine, that is to say, there are 16 routes passed.
Ping baidu.com. The result is as follows.
As can be seen from the figure, the TTL return value is 48, so the initial TTL value is 64, and 16 router network segments have passed. Comparing the results of tracert just now, the two are consistent.
5. Route command
Route is used to display, manually add and modify routing table items.
Most hosts reside on network segments connected to only one router. Since there is only one router, there is no question of which router to use to publish the datagram to the remote computer. The IP address of the router can be entered as the default gateway of all computers on the network segment.
However, when you have two or more routers on the network, you may want to have some remote IP addresses pass through a particular router, while other remote IPs pass through another router.
In this case, entries must be manually added to the routing tables on routers and hosts.
Route uses options:
- route print This command is used to display the current items in the routing table.
The result is as follows.
(2) route add This command can add routing items to the routing table.
For example, if you want to set a route to the destination network 172.255.255.255, you need to go through 5 router network segments, first you need to go through a router on the local network (the IP of the connected port is 192.168.3.1, and the subnet mask is 255.255 .255.255, you should enter the following command:
route add 172.255.255.255 mask 255.255.255.255 192.168.3.1 metric 5
The result is as follows.
Then use route print to see if the addition is successful. The result is as follows.
It can be seen that the addition was successful!
(3) route change This command is used to modify the data transmission route.
But this command cannot be used to change the data destination. Taking the above IP address as an example, change the gateway IP from 192.168.3.1 to 192.168.3.100.
route change 172.255.255.255 mask 255.255.255.255 192.168.3.100 metric 5
Enter the above command, the result is as follows.
Then use route print to see if the change is successful. The result is as follows.
It can be seen that the gateway IP has been successfully changed.
(4) route delete
This command can delete a route from the routing table. To delete the routing table added above, enter the following command:
route delete 172.255.255.255
The result is as follows.
Then use route print to see if the deletion is successful. The result is as follows.
It can be seen from the figure that the route is deleted successfully.
6. ARP command
ARP is used to determine the physical address of the network card corresponding to the IP address.
The ARP command is able to view the current contents of the local computer or another computer's ARP cache.
In addition, using the ARP command, you can also manually enter the static NIC physical/IP address pair. This can be used for common hosts such as default gateways and local servers, and helps reduce the amount of information on the network.
Common ARP command options:
(1) arp -a or arp -g is used to view all items in the cache.
The results of arp -a are as follows.
arp–g results are as follows.
(2) arp -a IP If there are multiple network cards, use arp -a plus the interface IP address to display only the ARP cache items related to the interface.
For example: arp -a 224.0.0.22
The result only shows ARP for that ip.
(3) arp -s IP physical address
Adds an associated entry for the Internet address physical address, where the physical address is 6 hexadecimal bytes separated by hyphens.
A static entry can be manually entered into the ARP cache. This entry will remain valid as long as the computer is booting, or if an error occurs, the manually configured physical address will automatically update the entry.
For example: arp -s 172.255.255.255 01-02-03-04-05-06
Enter the above command, the result is as follows.
Then use arp -a to check whether the addition is successful, the results are as follows.
It can be seen that the addition was successful.
(4) arp -d IP Use this command to manually delete a static item.
For example, to delete the Internet address 172.255.255.255 we just added, enter the following command:
arp -d 172.255.255.255
Then use the Arp -a command to check whether the deletion is successful.
It can be seen that the deletion was successful.
7. Nslookup command
The function of the nslookup command is to query the IP address of a machine and its corresponding domain name. Usually, it can monitor whether the DNS server in the network can correctly resolve the domain name. Its operation requires a domain name server to provide domain name services. If the user has set the domain name server, you can use this command to view the domain names corresponding to the IP addresses of different hosts.
The general format of this command is: nslookup [IP address/domain name]
If you use the nslookup command on the local machine to query v.qq.com, the execution is as follows:
Or you can first enter the nslookup mode and then enter the [domain name/IP] to be searched:
The result is as follows.
If you want to exit the command, enter exit and press Enter.
8. Netsh command (network configuration tool)
A powerful network configuration command line tool provided under the windows system, which allows displaying or modifying the currently running host network configuration locally or remotely. The tool can be run interactively from the command line, where commands are entered manually, or it can be used in a script to run a set of commands in batch mode.
First use netsh? The display parameter list is as follows.
The usage is:
用法: netsh [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Password | *] [Command | -f ScriptFile]
Where -a returns to the netsh command prompt after running AliasFile. AliasFile specifies the name of a text file containing one or more netsh commands; -c changes to the specified netsh context. Context specifies the netsh context.
9. FTP command (file transfer protocol utility)
The FTP tool provided by the Windows system allows client users to connect to a remote FTP server to realize file sharing and transfer, download FTP server resource files, or upload client files.
Enter ftp, press Enter and enter '? ', the result is as follows.
Continue to enter lcd to find the current local directory.
Enter ftp -h to display the operation of each parameter. The result is as follows.
10. Net command (network management command)
The Net command is a command line command, through which you can view and manage network environment, services, users, login and other information. To get the help of Net commands, enter NET /? in the command line console to get a list of all Net commands. The result is as follows.
The result of entering net accounts is as follows.
The result of entering net config is as follows.
5. Experimental results
1. Ping is used to determine whether the local host can exchange (send and receive) datagrams with another host.
2. ipconfig is used to display the setting value of the current TCP/IP configuration, and check whether the manually configured TCP/IP setting is correct.
3. netstat is used to display the statistical data related to IP, TCP, UDP and ICMP protocols, and check the network connection status of each port of the machine.
4. tracert is used to track the route used by the datagram and list the time required for each router it passes through.
5.Route is used to display, manually add and modify routing table items.
6. ARP is used to determine the physical address of the network card corresponding to the IP address.
7. nslookup is used to query the IP address of a machine and its corresponding domain name.
8.netsh network configuration tool
9. ftp file transfer protocol utility
10.net network management commands
6. Experience
1) When doing the route add operation, when I enter the command, the window displays: The requested operation needs to be promoted. as follows.
When I tried several different commands, I still got the same result, so I checked it online, and ran the cmd window as an administrator as said on the Internet, and the result returned to normal after doing so, and other commands about route were also Run it in cmd run as administrator. Several commands behind the Route are also operated as an administrator.
2) When doing the ftp command, I don't know how to query the functions corresponding to each parameter. By searching the information on the Internet, it is found that the command that can query the parameter function is ftp -h , and the query results are as follows.
