我想大家不会忘记Windows是从简单的DOS字符界面发展过来的。虽然我们平时在使用Windows操作系统的时候,主要是对图形界面进行操作,但是DOS命令我们仍然非常有用,下面就让我看来看看这些命令到底有那些作用,同时学习如何使用这些命令的技巧。
一、Ping命令的使用技巧
Ping是个使用频率极高的实用程序,用于确定本地主机是否能与另一台主机交换(发送与接收)数据包。根据返回的信息,我们就可以推断TCP/IP参数是否设置得正确以及运行是否正常。需要注意的是:成功地与另一台主机进行一次或两次数 据报交换并不表示TCP/IP配置就是正确的,我们必须执行大量的本地主机与远程主机的数据报交换,才能确信TCP/IP的正确性。
简单的说,Ping就是一个测试程序,如果Ping运行正确,我们大体上就可以排除网络访问层、网卡、MODEM的输入输出线路、电缆和路由器等存在的故障,从而减小了问题的范围。但由于可以自定义所发数据报的大小及无休止的高速发送,Ping也被某些别有用心的人作为DDOS(拒绝服务攻击)的工具,例如许多大型的网站就是被黑客利用数百台可以高速接入互联网的电脑连续发送大量Ping数据报而瘫痪的。
按照缺省设置,Windows上运行的Ping命令发送4个ICMP(网间控制报文协议)回送请求,每个32字节数据,如果一切正常,我们应能得到4个回送应答。 Ping能够以毫秒为单位显示发送回送请求到返回回送应答之间的时间量。如果应答时间短,表示数据报不必通过太多的路由器或网络连接速度比较快。Ping还能显示TTL(Time To Live存在时间)值,我们可以通过TTL值推算一下数据包已经通过了多少个路由器:源地点TTL起始值(就是比返回TTL略大的一个2的乘方数)-返回时TTL值。例如,返回TTL值为119,那么可以推算数据报离开源地址的TTL起始值为128,而源地点到目标地点要通过9个路由器网段(128-119);如果返回TTL值为246,TTL起始值就是256,源地点到目标地点要通过9个路由器网段。
1、通过Ping检测网络故障的典型次序
正常情况下,当我们使用Ping命令来查找问题所在或检验网络运行情况时,我们需要使用许多Ping命令,如果所有都运行正确,我们就可以相信基本的连通性和配置参数没有问题;如果某些Ping命令出现运行故障,它也可以指明到何处去查找问题。下面就给出一个典型的检测次序及对应的可能故障:
·ping 127.0.0.1
这个Ping命令被送到本地计算机的IP软件,该命令永不退出该计算机。如果没有做到这一点,就表示TCP/IP的安装或运行存在某些最基本的问题。
·ping 本机IP
这个命令被送到我们计算机所配置的IP地址,我们的计算机始终都应该对该Ping命令作出应答,如果没有,则表示本地配置或安装存在问题。出现此问题时,局域网用户请断开网络电缆,然后重新发送该命令。如果网线断开后本命令正确,则表示另一台计算机可能配置了相同的IP地址。
·ping 局域网内其他IP
这个命令应该离开我们的计算机,经过网卡及网络电缆到达其他计算机,再返回。收到回送应答表明本地网络中的网卡和载体运行正确。但如果收到0个回送应答,那么表示子网掩码(进行子网分割时,将IP地址的网络部分与主机部分分开的代码)不正确或网卡配置错误或电缆系统有问题。
·ping 网关IP
这个命令如果应答正确,表示局域网中的网关路由器正在运行并能够作出应答。
·ping 远程IP
如果收到4个应答,表示成功的使用了缺省网关。对于拨号上网用户则表示能够成功的访问Internet(但不排除ISP的DNS会有问题)。
·ping localhost
localhost是个作系统的网络保留名,它是127.0.0.1的别名,每台计算机都应该能够将该名字转换成该地址。如果没有做到这一带内,则表示主机文件(/Windows/host)中存在问题。
·ping
www.xxx.com(如
www.yesky.com 天极网)
对这个域名执行Ping
www.xxx.com 地址,通常是通过DNS 服务器 如果这里出现故障,则表示DNS服务器的IP地址配置不正确或DNS服务器有故障(对于拨号上网用户,某些ISP已经不需要设置DNS服务器了)。顺便说一句:我们也可以利用该命令实现域名对IP地址的转换功能。
如果上面所列出的所有Ping命令都能正常运行,那么我们对自己的计算机进行本地和远程通信的功能基本上就可以放心了。但是,这些命令的成功并不表示我们所有的网络配置都没有问题,例如,某些子网掩码错误就可能无法用这些方法检测到。
2、Ping命令的常用参数选项
·ping IP –t
连续对IP地址执行Ping命令,直到被用户以Ctrl+C中断。
·ping IP -l 3000
指定Ping命令中的数据长度为3000字节,而不是缺省的32字节。
·ping IP –n
执行特定次数的Ping命令。
二、Netstat 命令的使用技巧
Netstat用于显示与IP、TCP、UDP和ICMP协议相关的统计数据,一般用于检验本机各端口的网络连接情况。
如果我们的计算机有时候接受到的数据报会导致出错数据删除或故障,我们不必感到奇怪,TCP/IP可以容许这些类型的错误,并能够自动重发数据报。但如果累计的出错情况数目占到所接收的IP数据报相当大的百分比,或者它的数目正迅速增加,那么我们就应该使用Netstat查一查为什么会出现这些情况了。
1、netstat 的一些常用选项
·netstat –s
本选项能够按照各个协议分别显示其统计数据。如果我们的应用程序(如Web浏览器)运行速度比较慢,或者不能显示Web页之类的数据,那么我们就可以用本选项来查看一下所显示的信息。我们需要仔细查看统计数据的各行,找到出错的关键字,进而确定问题所在。
·netstat –e
本选项用于显示关于以太网的统计数据。它列出的项目包括传送的数据报的总字节数、错误数、删除数、数据报的数量和广播的数量。这些统计数据既有发送的数据报数量,也有接收的数据报数量。这个选项可以用来统计一些基本的网络流量)。
·netstat –r
本选项可以显示关于路由表的信息,类似于后面所讲使用route print命令时看到的 信息。除了显示有效路由外,还显示当前有效的连接。
·netstat –a
本选项显示一个所有的有效连接信息列表,包括已建立的连接(ESTABLISHED),也包括监听连接请求(LISTENING)的那些连接。
·netstat –n
显示所有已建立的有效连接。
下面是 netstat 的输出示例:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP CORP1:1572 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1589 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1606 172.16.105.245:nbsession ESTABLISHED
TCP CORP1:1632 172.16.48.213:nbsession ESTABLISHED
TCP CORP1:1659 172.16.48.169:nbsession ESTABLISHED
TCP CORP1:1714 172.16.48.203:nbsession ESTABLISHED
TCP CORP1:1719 172.16.48.36:nbsession ESTABLISHED
TCP CORP1:1241 172.16.48.101:nbsession ESTABLISHED
UDP CORP1:1025 *:*
UDP CORP1:snmp *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
C:\>netstat -s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets
I think everyone won't forget that Windows developed from a simple DOS character interface. Although when we usually use the Windows operating system, we mainly operate on the graphical interface, DOS commands are still very useful to us. Now let's take a look at what functions these commands have and how to use the skills of these commands.
One, Ping command usage skills
Ping is a very frequently used utility program, used to determine whether the local host can exchange (send and receive) data packets with another host. According to the returned information, we can infer whether the TCP/IP parameters are set correctly and whether it is running normally. It should be noted that successfully exchanging one or two data reports with another host does not mean that the TCP/IP configuration is correct. We must perform a large number of data report exchanges between the local host and the remote host to be sure of the correctness of TCP/IP.
Simply put, Ping is a test program. If Ping runs correctly, we can generally rule out the faults of the network access layer, network card, input and output lines of the MODEM, cable, router, etc., thus reducing the scope of the problem. But because the size of the sent data report can be customized and sent at high speed endlessly, Ping is also used by some malicious people as a tool for DDOS (Denial of Service Attack). For example, many large websites are paralyzed by hackers using hundreds of computers that can access the Internet at high speed to continuously send a large number of Ping data reports.
According to the default settings, the Ping command running on Windows sends 4 ICMP (Internet Control Message Protocol) echo requests, each with 32 bytes of data. If everything is normal, we should get 4 echo responses. Ping can display the amount of time from sending the echo request to returning the echo response in milliseconds. If the response time is short, it means that the data report does not need to pass through too many routers or the network connection speed is relatively fast. Ping can also display the TTL (Time To Live) value. We can calculate how many routers the data packet has passed through through the TTL value: the source location TTL start value (that is, a power of 2 slightly larger than the returned TTL) - the returned TTL value. For example, if the returned TTL value is 119, then it can be deduced that the TTL start value of the data report leaving the source address is 128, and the source location to the destination location passes through 9 router segments (128-119); if the returned TTL value is 246, the TTL start value is 256, and the source location to the destination location passes through 9 router segments.
1. Typical order of detecting network faults through Ping
Under normal circumstances, when we use the Ping command to find the problem or check the network operation, we need to use many Ping commands. If all run correctly, we can be confident that the basic connectivity and configuration parameters are no problem; if some Ping commands have running failures, it can also indicate where to find the problem. The following is a typical detection order and corresponding possible faults:
·ping 127.0.0.1
This Ping command is sent to the IP software of the local computer, and this command never exits this computer. If this is not done, it means that there are some basic problems in the installation or operation of TCP/IP.
·ping local IP
This command is sent to the IP address configured by our computer. Our computer should always respond to this Ping command. If not, it means that there is a problem in local configuration or installation. When this problem occurs, LAN users please disconnect the network cable and then resend this command. If this command is correct after the network cable is disconnected, it means that another computer may have configured the same IP address.
·ping other IPs in the LAN
This command should leave our computer, pass through the network card and network cable to other computers, and then return. Receiving an echo response indicates that the network card and carrier in the local network are running correctly. But if 0 echo responses are received, it means that the subnet mask (the code that separates the network part and the host part of the IP address when subnetting) is incorrect or the network card configuration is incorrect or the cable system is problematic.
·ping gateway IP
If this command responds correctly, it means that the gateway router in the LAN is running and can respond.
·ping remote IP
If 4 responses are received, it means that the default gateway is successfully used. For dial-up Internet users, it means that they can successfully access the Internet (but it does not rule out that there may be problems with the ISP's DNS).
·ping localhost
localhost is a network reserved name of the operating system. It is an alias of 127.0.0.1. Each computer should be able to convert this name into this address. If this is not done, it means that there is a problem in the host file (/Windows/host).
·ping
www.xxx.com (such as
www.yesky.com Yesky.com)
Performing a Ping
www.xxx.com address on this domain name is usually through the DNS server. If there is a fault here, it means that the IP address configuration of the DNS server is incorrect or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set the DNS server). By the way: we can also use this command to realize the function of converting domain names to IP addresses.
If all the listed Ping commands can run normally, then we can basically be at ease about the functions of local and remote communication of our computer. However, the success of these commands does not mean that all our network configurations are without problems. For example, some subnet mask errors may not be detected by these methods.
2. Common parameter options of the Ping command
·ping IP –t
Continuously execute the Ping command on the IP address until it is interrupted by the user with Ctrl+C.
·ping IP -l 3000
Specify the data length in the Ping command as 3000 bytes instead of the default 32 bytes.
·ping IP –n
Execute the Ping command a specific number of times.
Two, Netstat command usage skills
Netstat is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and is generally used to check the network connection status of each port of the local machine.
If the data reports received by our computer sometimes cause error data to be deleted or a fault, don't be surprised. TCP/IP can tolerate these types of errors and can automatically resend the data report. But if the cumulative number of error cases accounts for a relatively large percentage of the received IP data reports, or if the number is increasing rapidly, then we should use Netstat to find out why these situations occur.
1. Some common options of netstat
·netstat –s
This option can display its statistical data according to each protocol respectively. If your application (such as a web browser) runs slowly or cannot display data such as web pages, then you can use this option to check the displayed information. You need to carefully check each line of the statistical data, find the wrong keyword, and then determine the problem.
·netstat –e
This option is used to display statistical data about Ethernet. The items it lists include the total number of bytes of transmitted data reports, the number of errors, the number of deletions, the number of data reports, and the number of broadcasts. These statistical data include both the number of sent data reports and the number of received data reports. This option can be used to count some basic network traffic.
·netstat –r
This option can display information about the routing table, similar to the information seen when using the route print command. In addition to displaying valid routes, it also displays current valid connections.
·netstat –a
This option displays a list of all valid connection information, including established connections (ESTABLISHED) and those connection requests that are listening (LISTENING).
·netstat –n
Display all established valid connections.
The following is an example of netstat output:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP CORP1:1572 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1589 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1606 172.16.105.245:nbsession ESTABLISHED
TCP CORP1:1632 172.16.48.213:nbsession ESTABLISHED
TCP CORP1:1659 172.16.48.169:nbsession ESTABLISHED
TCP CORP1:1714 172.16.48.203:nbsession ESTABLISHED
TCP CORP1:1719 172.16.48.36:nbsession ESTABLISHED
TCP CORP1:1241 172.16.48.101:nbsession ESTABLISHED
UDP CORP1:1025 *:*
UDP CORP1:snmp *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
C:\>netstat -s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets
