I think everyone won't forget that Windows developed from a simple DOS character interface. Although when we usually use the Windows operating system, we mainly operate on the graphical interface, DOS commands are still very useful to us. Now let's take a look at what functions these commands have and how to use the skills of these commands.
One, Ping command usage skills
Ping is a very frequently used utility program, used to determine whether the local host can exchange (send and receive) data packets with another host. According to the returned information, we can infer whether the TCP/IP parameters are set correctly and whether it is running normally. It should be noted that successfully exchanging one or two data reports with another host does not mean that the TCP/IP configuration is correct. We must perform a large number of data report exchanges between the local host and the remote host to be sure of the correctness of TCP/IP.
Simply put, Ping is a test program. If Ping runs correctly, we can generally rule out the faults of the network access layer, network card, input and output lines of the MODEM, cable, router, etc., thus reducing the scope of the problem. But because the size of the sent data report can be customized and sent at high speed endlessly, Ping is also used by some malicious people as a tool for DDOS (Denial of Service Attack). For example, many large websites are paralyzed by hackers using hundreds of computers that can access the Internet at high speed to continuously send a large number of Ping data reports.
According to the default settings, the Ping command running on Windows sends 4 ICMP (Internet Control Message Protocol) echo requests, each with 32 bytes of data. If everything is normal, we should get 4 echo responses. Ping can display the amount of time from sending the echo request to returning the echo response in milliseconds. If the response time is short, it means that the data report does not need to pass through too many routers or the network connection speed is relatively fast. Ping can also display the TTL (Time To Live) value. We can calculate how many routers the data packet has passed through through the TTL value: the source location TTL start value (that is, a power of 2 slightly larger than the returned TTL) - the returned TTL value. For example, if the returned TTL value is 119, then it can be deduced that the TTL start value of the data report leaving the source address is 128, and the source location to the destination location passes through 9 router segments (128-119); if the returned TTL value is 246, the TTL start value is 256, and the source location to the destination location passes through 9 router segments.
1. Typical order of detecting network faults through Ping
Under normal circumstances, when we use the Ping command to find the problem or check the network operation, we need to use many Ping commands. If all run correctly, we can be confident that the basic connectivity and configuration parameters are no problem; if some Ping commands have running failures, it can also indicate where to find the problem. The following is a typical detection order and corresponding possible faults:
·ping 127.0.0.1
This Ping command is sent to the IP software of the local computer, and this command never exits this computer. If this is not done, it means that there are some basic problems in the installation or operation of TCP/IP.
·ping local IP
This command is sent to the IP address configured by our computer. Our computer should always respond to this Ping command. If not, it means that there is a problem in local configuration or installation. When this problem occurs, LAN users please disconnect the network cable and then resend this command. If this command is correct after the network cable is disconnected, it means that another computer may have configured the same IP address.
·ping other IPs in the LAN
This command should leave our computer, pass through the network card and network cable to other computers, and then return. Receiving an echo response indicates that the network card and carrier in the local network are running correctly. But if 0 echo responses are received, it means that the subnet mask (the code that separates the network part and the host part of the IP address when subnetting) is incorrect or the network card configuration is incorrect or the cable system is problematic.
·ping gateway IP
If this command responds correctly, it means that the gateway router in the LAN is running and can respond.
·ping remote IP
If 4 responses are received, it means that the default gateway is successfully used. For dial-up Internet users, it means that they can successfully access the Internet (but it does not rule out that there may be problems with the ISP's DNS).
·ping localhost
localhost is a network reserved name of the operating system. It is an alias of 127.0.0.1. Each computer should be able to convert this name into this address. If this is not done, it means that there is a problem in the host file (/Windows/host).
·ping www.xxx.com (such as www.yesky.com Yesky.com)
Performing a Ping www.xxx.com address on this domain name is usually through the DNS server. If there is a fault here, it means that the IP address configuration of the DNS server is incorrect or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set the DNS server). By the way: we can also use this command to realize the function of converting domain names to IP addresses.
If all the listed Ping commands can run normally, then we can basically be at ease about the functions of local and remote communication of our computer. However, the success of these commands does not mean that all our network configurations are without problems. For example, some subnet mask errors may not be detected by these methods.
2. Common parameter options of the Ping command
·ping IP –t
Continuously execute the Ping command on the IP address until it is interrupted by the user with Ctrl+C.
·ping IP -l 3000
Specify the data length in the Ping command as 3000 bytes instead of the default 32 bytes.
·ping IP –n
Execute the Ping command a specific number of times.
Two, Netstat command usage skills
Netstat is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and is generally used to check the network connection status of each port of the local machine.
If the data reports received by our computer sometimes cause error data to be deleted or a fault, don't be surprised. TCP/IP can tolerate these types of errors and can automatically resend the data report. But if the cumulative number of error cases accounts for a relatively large percentage of the received IP data reports, or if the number is increasing rapidly, then we should use Netstat to find out why these situations occur.
1. Some common options of netstat
·netstat –s
This option can display its statistical data according to each protocol respectively. If your application (such as a web browser) runs slowly or cannot display data such as web pages, then you can use this option to check the displayed information. You need to carefully check each line of the statistical data, find the wrong keyword, and then determine the problem.
·netstat –e
This option is used to display statistical data about Ethernet. The items it lists include the total number of bytes of transmitted data reports, the number of errors, the number of deletions, the number of data reports, and the number of broadcasts. These statistical data include both the number of sent data reports and the number of received data reports. This option can be used to count some basic network traffic.
·netstat –r
This option can display information about the routing table, similar to the information seen when using the route print command. In addition to displaying valid routes, it also displays current valid connections.
·netstat –a
This option displays a list of all valid connection information, including established connections (ESTABLISHED) and those connection requests that are listening (LISTENING).
·netstat –n
Display all established valid connections.
The following is an example of netstat output:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP CORP1:1572 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1589 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1606 172.16.105.245:nbsession ESTABLISHED
TCP CORP1:1632 172.16.48.213:nbsession ESTABLISHED
TCP CORP1:1659 172.16.48.169:nbsession ESTABLISHED
TCP CORP1:1714 172.16.48.203:nbsession ESTABLISHED
TCP CORP1:1719 172.16.48.36:nbsession ESTABLISHED
TCP CORP1:1241 172.16.48.101:nbsession ESTABLISHED
UDP CORP1:1025 *:*
UDP CORP1:snmp *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
C:\>netstat -s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets
One, Ping command usage skills
Ping is a very frequently used utility program, used to determine whether the local host can exchange (send and receive) data packets with another host. According to the returned information, we can infer whether the TCP/IP parameters are set correctly and whether it is running normally. It should be noted that successfully exchanging one or two data reports with another host does not mean that the TCP/IP configuration is correct. We must perform a large number of data report exchanges between the local host and the remote host to be sure of the correctness of TCP/IP.
Simply put, Ping is a test program. If Ping runs correctly, we can generally rule out the faults of the network access layer, network card, input and output lines of the MODEM, cable, router, etc., thus reducing the scope of the problem. But because the size of the sent data report can be customized and sent at high speed endlessly, Ping is also used by some malicious people as a tool for DDOS (Denial of Service Attack). For example, many large websites are paralyzed by hackers using hundreds of computers that can access the Internet at high speed to continuously send a large number of Ping data reports.
According to the default settings, the Ping command running on Windows sends 4 ICMP (Internet Control Message Protocol) echo requests, each with 32 bytes of data. If everything is normal, we should get 4 echo responses. Ping can display the amount of time from sending the echo request to returning the echo response in milliseconds. If the response time is short, it means that the data report does not need to pass through too many routers or the network connection speed is relatively fast. Ping can also display the TTL (Time To Live) value. We can calculate how many routers the data packet has passed through through the TTL value: the source location TTL start value (that is, a power of 2 slightly larger than the returned TTL) - the returned TTL value. For example, if the returned TTL value is 119, then it can be deduced that the TTL start value of the data report leaving the source address is 128, and the source location to the destination location passes through 9 router segments (128-119); if the returned TTL value is 246, the TTL start value is 256, and the source location to the destination location passes through 9 router segments.
1. Typical order of detecting network faults through Ping
Under normal circumstances, when we use the Ping command to find the problem or check the network operation, we need to use many Ping commands. If all run correctly, we can be confident that the basic connectivity and configuration parameters are no problem; if some Ping commands have running failures, it can also indicate where to find the problem. The following is a typical detection order and corresponding possible faults:
·ping 127.0.0.1
This Ping command is sent to the IP software of the local computer, and this command never exits this computer. If this is not done, it means that there are some basic problems in the installation or operation of TCP/IP.
·ping local IP
This command is sent to the IP address configured by our computer. Our computer should always respond to this Ping command. If not, it means that there is a problem in local configuration or installation. When this problem occurs, LAN users please disconnect the network cable and then resend this command. If this command is correct after the network cable is disconnected, it means that another computer may have configured the same IP address.
·ping other IPs in the LAN
This command should leave our computer, pass through the network card and network cable to other computers, and then return. Receiving an echo response indicates that the network card and carrier in the local network are running correctly. But if 0 echo responses are received, it means that the subnet mask (the code that separates the network part and the host part of the IP address when subnetting) is incorrect or the network card configuration is incorrect or the cable system is problematic.
·ping gateway IP
If this command responds correctly, it means that the gateway router in the LAN is running and can respond.
·ping remote IP
If 4 responses are received, it means that the default gateway is successfully used. For dial-up Internet users, it means that they can successfully access the Internet (but it does not rule out that there may be problems with the ISP's DNS).
·ping localhost
localhost is a network reserved name of the operating system. It is an alias of 127.0.0.1. Each computer should be able to convert this name into this address. If this is not done, it means that there is a problem in the host file (/Windows/host).
·ping www.xxx.com (such as www.yesky.com Yesky.com)
Performing a Ping www.xxx.com address on this domain name is usually through the DNS server. If there is a fault here, it means that the IP address configuration of the DNS server is incorrect or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set the DNS server). By the way: we can also use this command to realize the function of converting domain names to IP addresses.
If all the listed Ping commands can run normally, then we can basically be at ease about the functions of local and remote communication of our computer. However, the success of these commands does not mean that all our network configurations are without problems. For example, some subnet mask errors may not be detected by these methods.
2. Common parameter options of the Ping command
·ping IP –t
Continuously execute the Ping command on the IP address until it is interrupted by the user with Ctrl+C.
·ping IP -l 3000
Specify the data length in the Ping command as 3000 bytes instead of the default 32 bytes.
·ping IP –n
Execute the Ping command a specific number of times.
Two, Netstat command usage skills
Netstat is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and is generally used to check the network connection status of each port of the local machine.
If the data reports received by our computer sometimes cause error data to be deleted or a fault, don't be surprised. TCP/IP can tolerate these types of errors and can automatically resend the data report. But if the cumulative number of error cases accounts for a relatively large percentage of the received IP data reports, or if the number is increasing rapidly, then we should use Netstat to find out why these situations occur.
1. Some common options of netstat
·netstat –s
This option can display its statistical data according to each protocol respectively. If your application (such as a web browser) runs slowly or cannot display data such as web pages, then you can use this option to check the displayed information. You need to carefully check each line of the statistical data, find the wrong keyword, and then determine the problem.
·netstat –e
This option is used to display statistical data about Ethernet. The items it lists include the total number of bytes of transmitted data reports, the number of errors, the number of deletions, the number of data reports, and the number of broadcasts. These statistical data include both the number of sent data reports and the number of received data reports. This option can be used to count some basic network traffic.
·netstat –r
This option can display information about the routing table, similar to the information seen when using the route print command. In addition to displaying valid routes, it also displays current valid connections.
·netstat –a
This option displays a list of all valid connection information, including established connections (ESTABLISHED) and those connection requests that are listening (LISTENING).
·netstat –n
Display all established valid connections.
The following is an example of netstat output:
C:\>netstat -e
Interface Statistics
Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP CORP1:1572 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1589 172.16.48.10:nbsession ESTABLISHED
TCP CORP1:1606 172.16.105.245:nbsession ESTABLISHED
TCP CORP1:1632 172.16.48.213:nbsession ESTABLISHED
TCP CORP1:1659 172.16.48.169:nbsession ESTABLISHED
TCP CORP1:1714 172.16.48.203:nbsession ESTABLISHED
TCP CORP1:1719 172.16.48.36:nbsession ESTABLISHED
TCP CORP1:1241 172.16.48.101:nbsession ESTABLISHED
UDP CORP1:1025 *:*
UDP CORP1:snmp *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
UDP CORP1:nbname *:*
UDP CORP1:nbdatagram *:*
C:\>netstat -s
IP Statistics
Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets
