The Essential IP Toolkit
By Ed Tittel
Date: Jul 19, 2002
Learn how you can benefit from a collection of powerful command line and GUI utilities that will help you interact with TCP/IP, the protocol of the Internet and most modern networks. Explore how network administrators address platform incompatibility posed by Windows technology.
Once upon a time, operating system and networking vendors touted their abilities to juggle multiple networking protocols with a certain degree of pride and enthusiasm. For Windows, this meant NetBEUI, IPX/SPX (a.k.a. NWLink or "NetWare-compatible protocol"), AppleTalk, and TCP/IP. For the Macintosh, this meant AppleTalk and TCP/IP, with other add-ins available. For NetWare, it meant IPX/SPX, NetBEUI, AppleTalk, and ultimately TCP/IP. For UNIX and Linux, TCP/IP has always come first, but it too has offered its share of add-ins for the protocols already mentioned (as well as other exotica).
Those days are gone, if not forgotten. Today's networks are invariably linked to the Internet, which virtually mandates TCP/IP. And be it for simplicity's sake (a single protocol is easier to manage than multiple protocols) or other reasons, TCP/IP pretty much rules the networking world as we know it today. If all protocols are theoretically equal, TCP/IP is definitely more equal than all other protocols in practice.
This means that network administrators need to know and understand TCP/IP, and be familiar with a basic set of commands and utilities to help them configure, inspect, and troubleshoot this ubiquitous networking protocol suite. In this article, you'll inspect the contents of a toolkit that most administrators should be ready to open up and rummage around inside whenever the need arises. Because of the prevalence of Windows on desktops worldwide, this story focuses primarily on Windows; where platform differences may intrude, we mention various alternatives as needed.
Toolkit Layout
Generally speaking, useful IP tools come in at least three categories:
Built-in tools and utilities. These come as part of the operating system (or its normal networking portion or add-ins). These are basic, free, and essential to learn and understand, no matter what platform you use.
Freeware or shareware add-ins. These are readily available for download and use on the Internet, and can easily find a slot in a savvy network administrator's IP toolkit.
Commercial toolsets and applications. These items cost money but when budgets permit, can add useful and powerful capabilities to an IP administrator's toolbox. You may have to justify the need for such items, but they can tell you things you might not otherwise be able to learn (and at a minimum, should enhance your productivity to justify their cost).
We'll visit each of these categories in the sections that follow.
Basic Built-in Tools
Although the names of some commands may vary for other platforms, most of them include the kind of functionality you'll find in this set of built-in Windows IP and networking utilities (which we present in alphabetical order in Table 1 for easy reference).
Table 1: Built-in Windows IP Commands
|
Name |
Explanation |
Command Help |
|
arp |
Shows known IP to physical address mappings. |
arp /? |
|
ipconfig |
Displays current IP configuration data; use also to manage IP address leases from DHCP (use on Windows NT, 2000, XP). |
ipconfig /? |
|
nbtstat |
Shows NetBIOS over TCP/IP sessions, names, and other statistics. |
nbtstat /? |
|
netdiag |
Use to operate a whole battery of network diagnostics, most of which are IP-related. |
netdiag /? |
|
netsh |
Powerful, general-purpose administrative tool to manage network services and protocols (see Microsoft Knowledge Base article Q242468 for syntax). |
netsh /? |
|
netstat |
Network statistics monitor and reporting tool. |
netstat /? |
|
nslookup |
DNS lookup and diagnostic utility. |
nslookup /? |
|
pathping |
Performs sequential ping to all hosts between source and destination machines; follows the route and reports the link transit time statistics. |
pathping /? |
|
ping |
Traces basic reachability (and round-trip time) between current and target IP name or address. |
ping /? |
|
route |
Use to inspect or update local routing table (for static IP routes only). |
route /? |
|
tracert |
Traces route from source to destination name or address; shows IP address and DNS names (where available) plus three ICMP transit times. |
tracert /? |
|
winipcfg |
Displays current IP configuration data (use with Windows 9x, Me). |
winipcfg |
Notes: ipconfig, nbtstat, netdiag, netsh, pathping, and winipcfg are Windows specific commands; arp, netstat, nslookup, ping, route, and tracert (aka traceroute) are general IP commands.
All of the preceding commands can come in handy for IP diagnostics and troubleshooting, but the following commands are likely to be among the most often used on Windows machines:
arp. Shows information about connections on the local (or virtual local) cable segment; use it to troubleshoot low-level connectivity problems.
ipconfig. Use this to check a Windows machine's IP address and general configuration data.
netstat. Use this to check active TCP and UDP services, plus Ethernet and protocol statistics; useful to see what's active and working IP-wise.
nslookup. Essential for diagnosing DNS information, especially when troubleshooting DNS accessibility or name resolution problems.
ping. The most important and basic tool in this kit, you can use it for everything from checking your local TCP/IP stack (ping localhost or ping <your-IP-address>), checking gateway accessibility (ping <gateway-IP-address> or ping <gateway-name>), and checking reachability of remote hosts (ping <remote-IP address> or ping <remote-domain-name>). Most often used in tandem with ipconfig.
route. Not just handy for managing static routes (which you'll use only in SOHO or branch offices), but also for displaying known networks, broadcast, and multicast addresses.
tracert. Use this to display intermediate hosts between a local and a remote machine, and to determine where connectivity may be breaking down.
Working with these commands takes a little TCP/IP knowledge and some basic troubleshooting skills. If you're unfamiliar with this kind of information and activity, please consult the excellent TechNet article entitled "Basic Steps to Troubleshooting TCP/IP" (by Ron Nutter, originally for TechRepublic). That's it for the basic built-in tools; in the next section we move on to some easily accessible shareware and freeware add-ons that belong in the "nice to have around" category.
Freeware/Shareware IP Tools
My source of information and inspiration here comes in part from many years of experience working with TCP/IP. I also draw from IP expert and protocol analysis maven, Laura Chappell (who also happened to co-author a college textbook we wrote entitled A Guide to TCP/IP). Her excellent article for Network World in 2000: "Top 10 TCP/IP Tools No Network Pro Should Be Without" is another valuable source of information on this topic, too.
To the list in Table 1, let's adds the utilities from Table 2.
Table 2: Good Shareware/Freeware IP Utilities, By Name or Function
|
Name/Function |
Explanation |
|
DNS dig (n) |
Provides DNS server lookup in more readable form than nslookup. |
|
finger (n) |
Provides publicly accessible host and user information (where available; because of security problems, finger is often blocked). |
|
port scanner (f) |
Checks a target address for all open UDP and TCP port addresses; useful for configuration and security checks. Nmap, nlog, and other tools are highly recommended. |
|
protocol analyzer (f) |
Captures and decodes all IP-based traffic on a particular cable segment or network interface. Ethereal is highly recommended. |
|
reverse lookup (f) |
As ARP maps from IP address to physical address, RARP maps from physical address to IP address. |
|
SMTP email address |
Determines if an e-mail address is valid and current validation (f). |
|
SMTP relay check (f) |
Checks the path e-mail messages take from source to target. |
|
vulnerability scanner (f) |
Scans a computer for known network exposures and vulnerabilities (particularly IP-based). Nessus is highly recommended. |
|
whois (n) |
Provides public information about domain names, registrars, name servers, and name currency. |
Notes: (n) indicates name of command, (f) indicates function performed (additional searching will be necessary to locate a suitable utility of that type).
These functions expand (or improve on) basic built-in lookup capabilities, especially for domain names, IP hosts, and e-mail addresses. DNS dig can be particularly helpful for those who work regularly with domain name servers and related databases, as the SMTP functions will be useful for those who manage e-mail servers and related databases. Also, there are two outstanding sources for freeware and shareware IP tools that you can treat as clearinghouses for the preceding tools and functions, and as excellent sites to prospect for other tools and utilities of potential interest or use:
High-end or Commercial IP Toolsets
This last category is kind of a grab bag and can be approached in two ways. For one, Table 3 lists some highly regarded commercial IP toolkits. For another, any of the functions, utilities, or categories mentioned earlier in this article are probably also the focus of specific commercial implementations. Thus, instead of using the Open Source Ethereal protocol analyzer, for example, you might choose instead to purchase WildPacket's Etherpeek or Network Associates Sniffer products, either of which is a more fully featured, easier to use tool that does more or less the same things that Ethereal does. We invite you to investigate such offerings to your heart's content above and beyond what's presented in Table 3.
Table 3: Commercial IP Toolkits
|
Name |
Description |
URL |
|
IP-tools |
A collection of 15 highly useful IP tools. |
|
|
EssentialNetTools |
The "Swiss Army Knife" IP toolkit. |
|
|
NetScan Tools |
A collection of various useful IP tools. |
By no coincidence whatsoever, these kits include versions of some (if not most) of the basic IP tools and the recommended shareware/freeware add-ins mentioned in the two preceding sections of this article. A bit of creative search engine manipulation can turn up numerous similar offerings (use "commercial IP tools" or "IP tools" to drive your inquiries).
No matter whether you stick to the basics or add to that collection with an appropriate set of extra tools (commercial or not), time spent learning to use these tools and perform related troubleshooting tasks will be amply repaid in helping you to manage your IP-based networks.