106 | Lesson 5 other hosts on the same network, ultimately ending up with the router. Next, try pinging hosts on other networks.

9. Ping a computer with a larger packet size:

a. Select another computer to ping; it could be a partner’s computer, a secondary

computer, or a router. Make note of its IP address. For this example, we will use the address 10.254.254.1. b. Type the command ping –1 1500 [IP address]. For example, ping –1 1500 10.254.254.1. The results should be similar to Figure 5-9. Notice that each of the replies equals 1,500 bytes instead of the standard 32 bytes. The –1 option allows you to modify the packet size of the ICMP echoes that are sent. The most bytes that you can send in this fashion is 65,500; however, this will create fragmented packets. This ping option can help simulate network traffic to a particular host. Figure 5-9 Ping –l

10. Ping a computer X amount of times:

a. Use the same computer you pinged in step 9.

b. Type the command ping –n 10 [IP address]. For example, ping –n 10 10.254.254.1. The results should be similar to Figure 5-10. Notice that there were a total of 10 ICMP echo replies. The –n option allows you to ping with as many ICMP packets as you wish. This particular option works well if you are creating a performance baseline. By running a command such as ping –n 1000 10.254.254.1 every day, you could compare the results to see whether the destination computer is performing better or worse than usual. Figure 5-10 Ping –n Implementing TCPIP in the Command Line | 107 11. Ping a computer continuously:

a. Use the same computer you pinged in steps 9 and 10.

b. Type the command ping –t [IP address]. For example, ping –t 10.254.254.1. This command option sends pings endlessly to a destination IP address. This can only be stopped by pressing Ctrl + C on the keyboard or by closing the command prompt altogether. This option works well if you need to test whether a network connection is being made. For example, if you aren’t sure which patch cable to use or which RJ45 port to connect to, you could run this command, then test one connection at a time, checking the results on the screen each time until you get replies. By the way, most of the time, an option can be typed after an IP address as well. However, it is a good habit to place options directly after the command they are modifying. These are just a few of the ping options, but they are some of the more commonly used ones. Do your best to memorize the various switches we employed during this exercise. ■ Working with Advanced TCPIP Commands Advanced TCPIP commands like netstat, nbtstat, and tracert allow you to analyze more facets of a TCPIP connection than ipconfig and ping can. Also, FTP, Telnet, netsh, and route allow you to do more than just analyze a system—they can help you configure the system. THE BOTTOM LINE In the following exercises, we will be showing results from two computers. One is a server computer; its command prompt windows will be displayed with a black background. The other is a client computer; its command prompt windows will be displayed with a white background. The results work basically the same way on both types of computers; however, a server computer will often have more results because it generally has more networking connections. ANALYZE THE TCPIP CONFIGURATION WITH NETSTAT AND NBTSTAT GET READY. In this exercise, we will analyze our system with the netstat and nbtstat commands. Both show statistics of the network connection, but netstat centers on the local computer, whereas nbtstat can also show statistics for remote machines:

1. Type the command netstat and view the results. They may take up to a minute to

appear, depending on your network configuration and number of current network connections. Your results should be similar to Figure 5-11, although you may have fewer line items of information. The netstat command is used to display active TCP or UDP connections, as well as a host of other statistics that we will cover later in the exercise. Note that there are four columns. The Proto column shows the transport layer protocol being used for the connection. The netstat command by itself only shows TCP connections in this column. The Local Address column displays the local computer by name server2003, followed by the outbound port number. The Foreign Address column shows the remote computer that is being connected to; in some cases, this can be the same computer. The State column shows what the status of the connection is for example, CERTIFICATION READY How do you configure TCPIP commands with TCPIP? 3.6 108 | Lesson 5 Established, Close_Wait, Closed, Listen, and so on. These are pretty self-explanatory, but let’s look at another example of an established session.

2. Open Internet Explorer and connect to www.google.com. Move to step 3 right away.

3. Type the netstat command again. Now you should see additional entries, as shown in

Figure 5-12. Figure 5-11 Netstat Figure 5-12 Netstat with additional entries In the figure, notice the two extra entries in the Foreign Address column that start with the letters “lga.” This is part of the domain name called 1e100.net, which is controlled by four name servers at google.com. These two connections were made when the computer browsed to www.google.com; they are established connections. Implementing TCPIP in the Command Line | 109 The host names are followed by the inbound port called http, which is the equivalent of port 80. The local computer is making connections to Google on outbound ports 2472 and 2473. Note that the ports used by your computer will be different because they are dynamically assigned. This command and the following two commands can be helpful when tracking applications and the network connections they make.

4. Type the command netstat –a. This displays TCP and UDP connections.

5. Type the command netstat –an. This displays TCP and UDP connections in numeric for-

mat. For many administrators, being able to view IP addresses and port numbers is easier than going by name. Netstat –n produces numerical results but for TCP connections only.

6. Type the command netstat –e. This displays Ethernet statistics such as the number of

packets and bytes sent and received, as shown in Figure 5-13. Figure 5-13 Netstat –e

7. Type the command netstat –r. This displays the route table, which is the same result

you would get if you were to type the route print command that we describe later. 8. Type the command netstat –s. This displays statistics per protocol, such as TCP, UDP, ICMP, IP, and so on. Check out the rest of the options for netstat. You will note that you can fine tune the results of the netstat command in several ways. Now, let’s move on to nbtstat.

9. Type the command nbtstat. This displays the help file for the command. Nbtstat will

display NetBIOS over TCPIP statistics for local and remote computers. NetBIOS was developed in the 1980s to allow applications to communicate over a network via the session layer of the OSI model. NetBIOS over TCPIP sends the NetBIOS protocol within TCP and UDP sessions. 10. Type the command nbtstat –a [local computername]; for example: nbtstat –a desktop-lamp1, as shown in Figure 5-14. The same results can also be achieved by typing nbtstat –n. Figure 5-14 Nbtstat –a