Activities 3: TCP/IP Network
Monitoring and Management
1. TCP/IP Network
Management Tasks
TCP/IP
network management tasks include
·
Traffic monitoring
·
Troubleshooting network access
·
Adding new hosts (also known as nodes or stations) to the
network
·
Mounting remote disks and exporting local disks with Network
File System (NFS)
Large
networks probably need a commercial network analyzer, or at least a hardware
tester such as a time domain refelctometer (TDR). But many smaller networks can
get by with publicly available free tools.
A list of diagnostic service functions for helping network monitoring,
management, and troubleshooting are as shown below.
·
Testing the network connection: ping command (for both Windows and UNIX)
·
Troubleshooting Network Access using: winipcfg command (Windows), ifconfig
(UNIX), netstat, and arp command
·
Configure the network interface: winipcfg command (Windows), and ifconfig (UNIX)
·
Network monitoring: netstat
command (for both Windows and UNIX)
·
Display active network connections: netstat command (for both Windows and UNIX)
·
Display interface statistics: netstat command (for both Windows and UNIX)
·
Display active routes of connections: route command (for both Windows and UNIX)
·
Manipulate static routing tables: route command (for both Windows and UNIX)
·
Tracing routes: tracert
command (Windows), traceroute
command (UNIX)
For
Windows 95/98/2000-based PC, these commands are located in the C:\Windows
subdirectory and they are designed as MS-DOS programs so that we can only run
them under the MSDOS prompt.
2. Network Management
Commands
WINIPCFG
Command
To
detect bad IP addresses, incorrect subnet masks, and improper broadcast
addresses, the winipcfg command can
be used to obtain a copy of basic configuration of the interface.
The
winipcfg command can also be used for changing setup of the network adapter. We
note that if the LAN consists of a single Ethernet network, no explicit routing
is usually needed.
Ping
Command
The
ping command verifies whether a remote host can be reached. It also shows
statistic about packet loss and delivery time. The ping command is design for troubleshooting and tracking a
single-point hardware or software failure in the Internet. When called, the
ping command sends one datagram per second and print one line of output for
every ECHO_RESPONSE returned; it sends a message to the designated host and
then informs you whether the message was successfully transmitted.
This
command is designed for use in network testing, measurement, and management. It
was originally used in the UNIX-based networks to see if a remote host is up
and responding, and for manual fault isolation. However, it is also found in
the Windows 95/98/2000 and Windows NT-based systems. The Windows version of
ping command is as listed below:
C:\WINDOWS>ping
Usage: ping
[-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j
host-list] | [-k host-list]]
[-w timeout] destination-list
Options:
-t Ping the specified host until
interrupted.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each
reply.
The
LINUX version of ping command can be obtained by typing the command at the
command line.
[lin@paullinux
lin]$ ping
usage:
ping [-LRdfnqrv] [-c count] [-i wait] [-l preload]
[-p pattern] [-s packetsize] [-t ttl] [-I
interface address] host
[lin@paullinux
lin]$ ping -c 10 www.mit.edu
PING
DANDELION-PATCH.MIT.EDU (18.181.0.31): 56 data bytes
64
bytes from 18.181.0.31: icmp_seq=0 ttl=242 time=59.0 ms
64
bytes from 18.181.0.31: icmp_seq=1 ttl=242 time=45.6 ms
64
bytes from 18.181.0.31: icmp_seq=2 ttl=242 time=48.6 ms
64
bytes from 18.181.0.31: icmp_seq=3 ttl=242 time=50.4 ms
64
bytes from 18.181.0.31: icmp_seq=4 ttl=242 time=47.5 ms
64
bytes from 18.181.0.31: icmp_seq=5 ttl=242 time=65.8 ms
64
bytes from 18.181.0.31: icmp_seq=6 ttl=242 time=54.7 ms
64
bytes from 18.181.0.31: icmp_seq=7 ttl=242 time=48.5 ms
64
bytes from 18.181.0.31: icmp_seq=8 ttl=242 time=51.6 ms
64
bytes from 18.181.0.31: icmp_seq=9 ttl=242 time=48.9 ms
---
DANDELION-PATCH.MIT.EDU ping statistics ---
10
packets transmitted, 10 packets received, 0% packet loss
round-trip
min/avg/max = 45.6/52.0/65.8 ms
ARP
Command
The
ARP command provides information about Ethernet/IP address translation. We can
use it to detect systems on the local
network that are configured with the wrong IP address.
C:\WINDOWS>arp
Displays and
modifies the IP-to-Physical address translation tables used by
address
resolution protocol (ARP).
ARP -s
inet_addr eth_addr [if_addr]
ARP -d
inet_addr [if_addr]
ARP -a
[inet_addr] [-N if_addr]
-a
Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and
Physical
addresses for only the
specified computer are displayed. If
more than one network interface
uses ARP, entries for each ARP
table are displayed.
-g
Same as -a.
inet_addr
Specifies an internet address.
-N if_addr
Displays the ARP entries for the network interface specified
by if_addr.
-d
Deletes the host specified by inet_addr.
-s
Adds the host and associates the Internet address inet_addr
with the Physical address
eth_addr. The Physical address is
given as 6 hexadecimal bytes
separated by hyphens. The entry
is permanent.
eth_addr
Specifies a physical address.
if_addr
If present, this specifies the Internet address of the
interface whose address
translation table should be modified.
If not present, the first
applicable interface will be used.
NETSTAT
Command
The
netstat command can be used to check
network configuration and monitor a systems TCP/IP network activity. It will
provide a variety of information on how much and what kind of network activity
is going on. Under Windows 95/98/2000, The netstat
command syntax can be found by entering the following command under the MS-DOS
prompt
C:\WINDOWS>netstat
?
Displays
protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and
listening ports. (Server-side
connections are normally not
shown).
-e
Displays Ethernet statistics.
This may be combined with the -s
option.
-n
Displays addresses and port numbers in numerical form.
-p proto
Shows connections for the protocol specified by proto; proto
may be tcp or udp. If used with the -s option to display
per-protocol statistics, proto
may be tcp, udp, or ip.
-r
Displays the contents of the routing table.
-s
Displays per-protocol statistics.
By default, statistics are
shown for TCP, UDP and IP; the -p option may
be used to specify
a subset of the default.
interval
Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
ROUTE
Command
Static
routing:
It
may be used for small to medium-sized networks not characterized by many
redundant paths to most destinations. This can be setup by issuing explicit route commands. The route command can
be found in both UNIX and Window 95/98/2000 and Windows NT systems. Some
versions of the route command will
also display the current routing tables.
Dynamic
routing:
The
optimal paths to destination are determines at packet transmission time.
C:\WINDOWS>route
Manipulates
network routing tables.
ROUTE [-f]
[command [destination] [MASK netmask] [gateway]]
-f
Clears the routing tables of all gateway entries. If this is
used in conjunction with one of
the commands, the tables are
cleared prior to running the
command.
command
Specifies one of four commands
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination
Specifies the host to send command.
MASK
If the MASK keyword is present, the next parameter is
interpreted as the netmask
parameter.
netmask
If provided, specifies a sub-net mask value to be associated
with this route entry. If not specified, if defaults to
255.255.255.255.
gateway
Specifies gateway.
All symbolic
names used for destination or gateway are looked up in the
network and
host name database files NETWORKS and HOSTS, respectively. If
the command
is print or delete, wildcards may be used for the destination and
gateway, or
the gateway argument may be omitted.
C:\WINDOWS>tracert
Usage:
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to
hostnames.
-h maximum_hops Maximum number of hops to search for
target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each
reply.
3. Testing and
Activities
Testing the
network connection
·
Try the following commands under the MS-DOS Window, and interpret the results:
C:\WINDOWS>ping
www.ipfw.edu
C:\WINDOWS>ping
cs.purdue.edu
C:\WINDOWS>ping
-n 10 cs.purdue.edu
C:\WINDOWS>ping
-n 10 www.mit.edu
Configure the
Network Interface with winipcfg (Windows 95/98/2000/NT) or ifconfig (UNIX)
Use
winipcfg command to obtain a copy of
network interface address information: IP address, default gateway etc.
Display Active
Network Connections
·
Enter the netstat
command, without arguments, to list all active network connections with the
local host (node).
C:\WINDOWS>netstat
·
We then launch a new connection Internet site, then check
the network activities by issuing the netstat command again see what happen.
C:\WINDOWS>netstat
If
you provide the -a flag in addition, sockets that are waiting for a connection
(i.e.
listening) are displayed as well. This will give you a list of all servers that
are currently running on your system. This shows most servers simply waiting
for an incoming connection.
·
Enter the command
C:\WINDOWS>netstat
-a
Displaying
Interface Statistics
When
invoked with the -e flag, netstat will display statistics for the network
interfaces currently configured.
·
Enter the command:
C:\WINDOWS>netstat
-e
Display
Routing Tables
·
Enter the following command to obtain a copy of routing
tables setup for your networked PC:
C:\WINDOWS>netstat
-rn
Manipulate
Routing Tables
·
To display the active routes of your connection, you enter:
C:\WINDOWS>route
print
To
display the active route of the LINUX system, you enter:
[lin@paullinux
lin]$pwd
. See your present working directory
[lin@paullinux lin]$cd /proc/net
. Change to process/network directory
[lin@paullinux
net]$more route
. View the table
[lin@paullinux
lin]$cd /home/lin
Change back to
your working directory not LIN
Tracing Route
The
command for telling us which route packets take going from our system to a
remote system is tracert (Windows) or traceroute
(UNIX). It prints information about each hop.
·
Enter the hollowing commands and obtain tracing route
results:
C:\WINDOWS>tracert
www.microsoft.com
C:\WINDOWS>tracert
www.mit.edu
Ethernet/IP
Address Translation Table: arp command
The
ARP command of current version of Redhat LINUX can be found through the
following commands. We note that ARP command provides information about
Ethernet/IP address translation. We can use it to detect systems on the local
network that are configured with the wrong IP address.
[lin@paullinux
lin]$pwd
. See your
present working directory
[lin@paullinux lin]$cd /proc/net
. Change to process/network directory
[lin@paullinux
net]$more rap
. View the table
[lin@paullinux
lin]$cd /home/lin
Change back to
your working directory not LIN