Tuesday, August 7, 2012

Network+ Command Line Tools Pt 1

If you're planning on taking the Network+ exam soon, you may want to review the command line tools such as ping and ipconfig used to troubleshoot connectivity. You don't have to know every switch related to these command line tools but you should have a good idea of their overall purpose. This blog doesn't provide all the details about these command line tools, but combined with part 2, it should give you enough for the Network+ exam.

Many people are using the Microsoft Windows Networking Essentials book to help prepare for the Network+ exam. This book was actually written for the MTA 98-366 Networking Fundamentals exam and is helping a lot of people take and pass it. Combined with the CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead) book, many people have told me they have also passed the Network+ exam the first time they took it.
Realistic Practice Test Questions for the Network+ exam.
CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)

Practice Test Questions

Q. Which of the following commands can you use to test connectivity with a remote system?

A. Ping
B. Ipconfig
C. Arp
D. Route

Answer at end

Q. Using ipconfig, you see a computer has an IP address of 169.254.4.23 with a subnet mask of 255.255.0.0. What does this indicate?

A. DNS could not be reached
B. DHCP could not be reached
C. The default gateway could not be reached
D. The computer’s firewall is enabled

Answer at end

Q. A system has an incorrect DNS entry in cache. What can you use to remove this entry?

A. Ipconfig /displaydns
B. Ipconfig /flushdns
C. Nslookup /removedns
D. Nslookup/flushdns

Answer at end
Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

Ping Command Line Tool

Ping is a basic command used to test connectivity for remote systems. You can also use it to verify the TCP/IP stack is installed and  working correctly on a system, test the network interface card (NIC), and verify valid host names can be resolved to IP addresses. Ping works at the network layer of the OSI model.

Use Ping to Check Connectivity with Remote System

If you know the IP address of a remote system, you can use ping to verify connectivity. For example, you can use ipconfig to identify the  default gateway and then use ping to verify that you can reach the default gateway. The basic syntax is:

ping 192.168.1.1

Results:

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms ttl="64</em">
Reply from 192.168.1.1: bytes=32 time<1ms ttl="64</em">
Reply from 192.168.1.1: bytes=32 time<1ms ttl="64</em">

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

On Windows systems, ping sends out four ping requests and if the other system is operational, it receives four replies. On Linux/Unix based systems, the ping will continue until you press the CTRL + C keys. If you want ping to work like the Linux systems, you can use the -t switch like this:

ping -t 192.168.1.1

Check Name Resolution with Ping

You can ping either the hostname of a system, or an IP address. For example, the following two commands will achieve the same result:
  • ping blogs.getcertifiedgetahead.com
  • ping 174.122.52.195
The first command will first resolve the name blogs.getcertifiedgetahead.com to the IP address of 174.122.52.195 and it will then ping the IP address. The primary method used to resolve hostnames is with Domain Name System (DNS) so ping will often query the DNS server.

ping blogs.getcertifiedgetahead.com

Result

Pinging blogs.getcertifiedgetahead.com [174.122.52.195] with 32 bytes of data:
Reply from 174.122.52.195: bytes=32 time=90ms TTL=118
Reply from 174.122.52.195: bytes=32 time=44ms TTL=118
Reply from 174.122.52.195: bytes=32 time=44ms TTL=118
Reply from 174.122.52.195: bytes=32 time=47ms TTL=118
Ping statistics for 174.122.52.195:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 90ms, Average = 53ms

Check TCP/IP Stack

You can ping the loopback address to verify that the TCP/IP stack is functioning. The command is:

ping 127.0.0.1

Result

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms ttl="128</em">
Reply from 127.0.0.1: bytes=32 time<1ms ttl="128</em">
Reply from 127.0.0.1: bytes=32 time<1ms ttl="128</em">
Reply from 127.0.0.1: bytes=32 time<1ms ttl="128</em">

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

If the TCP/IP stack is corrupt, you may be able to rebuild it with this command on Windows systems:

netsh winsock reset

Similarly, you can ping the local host with this command:

ping localhost

Pinging Power-PC [::1] with 32 bytes of data:
Reply from ::1: time<1ms em="em">
Reply from ::1: time<1ms em="em">
Reply from ::1: time<1ms em="em">
Reply from ::1: time<1ms em="em">

Ping statistics for ::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

It will resolve localhost to either the IPv4 loopback address of 127.0.0.1 or the IPv6 loopback address of ::1.

Verify the NIC

You can ping the IP address of the NIC installed in the computer to verify it is functioning. Use ipconfig to identify the IP address and then use ping followed by the IP address.

ping 192.168.1.129

Pinging 192.168.1.129 with 32 bytes of data:
Reply from 192.168.1.129: bytes=32 time<1ms ttl="128</em">
Reply from 192.168.1.129: bytes=32 time<1ms ttl="128</em">
Reply from 192.168.1.129: bytes=32 time<1ms ttl="128</em">
Reply from 192.168.1.129: bytes=32 time<1ms ttl="128</em">

Ping statistics for 192.168.1.129:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Ipconfig/Ifconfig Command Line Tools

The ipconfig command is a valuable basic command used to view the TCP/IP configuration. You can enter it without a switch and view the IP address, the subnet mask, and the default gateway. This allows you to easily verify the system has valid TCP/IP configuration information assigned. If it does, you can follow it up with the ping command to check connectivity.

ipconfig

Partial results

Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : getcertifiedgetahead.com
Link-local IPv6 Address . . . . . : fe80::20d4:3ff7:3f:de62%10
IPv4 Address. . . . . . . . . . . : 192.168.1.129
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

One indication that a computer has a problem is an address starting with 169.254.y.z. This indicates the computer is a Dynamic Host Configuration Protocol (DHCP) client but is not able to reach a DHCP server. Instead, the computer has assigned itself an Automatic Private Internet Protocol Addressing (APIPA) address. APIPA addresses are in the range of 169.254.0.1 to 169.254.255.254.

The ifconfig command is similar to ipconfig except that it is used on is Linux/Unix-based systems. Ifconfig has more capabilities than ipconfig and can be used to configure the NIC in addition to listing the properties of the NIC.

Look At Everything with /All

The /all switch is valuable to identify all the details of the TCP/IP configuration. You can use this to identify the physical address or media access control (MAC) address of the computer, the address(es) of Domain Name System (DNS) servers, and the address if the DHCP server if the system is a DHCP client.

ipconfig /all

Partial results

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : getcertifiedgetahead.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-BA-73-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.129(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 5:13:43 PM
Lease Expires . . . . . . . . . . : Wednesday, August 08, 2012 5:13:42 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 68.105.28.11
68.105.29.11
68.105.28.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Remove DNS Cache Entries with /FlushDNS

The /flushdns is useful if the DNS cache has invalid entries. You can use the following command to view the DNS cache:

ipconfig /displaydns

Partial results

blogs.getcertifiedgetahead.com
----------------------------------------
Record Name . . . . . : blogs.getcertifiedgetahead.com
Record Type . . . . . : 1
Time To Live . . . . : 82644
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 174.122.52.195

If there are invalid entries, use this command to remove them:

ipconfig /flushdns

Results

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Pass the Security+ exam the first time you take it:
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Practice Test Questions with Answers

These practice test questions came from CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead). This resource includes 275 realistic practice test questions and over 175 flash cards to help test your readiness so that you can take and pass the exam the first time you take it. It's available for only $9.99 in the Kindle version and you can download free Kindle apps from Amazon for just about any platform.

Q. Which of the following commands can you use to test connectivity with a remote system?

A. Ping
B. Ipconfig
C. Arp
D. Route

Answer: A is correct. The ping command will check connectivity with remote systems using either the name of the remote system or its IP address. It sends out an Internet Control Message Protocol (ICMP) Echo Request to another system. If the other system is operational and not blocking ICMP, it will respond with an ICMP Echo Reply. If you receive a response, it provides verification that the other system is operational. Many firewalls block ICMP traffic so if you do not receive a response, it doesn’t necessarily mean that the remote system is  not operational. It could be that ICMP was blocked. Try it by pinging a computer in your network.

B is incorrect. Ipconfig will show the TCP/IP configuration information for a system.

C is incorrect. Arp will show the MAC address to IP address mapping for systems in the Address Resolution Protocol (ARP) cache.

D is incorrect. Route allows you to view or manipulate the routing table within a system.

--

Q. Using ipconfig, you see a computer has an IP address of 169.254.4.23 with a subnet mask of 255.255.0.0. What does this indicate?

A. DNS could not be reached
B. DHCP could not be reached
C. The default gateway could not be reached
D. The computer’s firewall is enabled

Answer: B is correct. An address starting with 169.254 is an Automatic Private Internet Protocol Addressing (APIPA) address and is assigned to a Dynamic Host Configuration Protocol (DHCP) client when a DHCP server cannot be reached. Any time you see an APIPA address, you know the computer is a DHCP client and it didn’t receive a DHCP lease.

A is incorrect. Domain Name System (DNS) is used for name resolution and would not cause a system to have an APIPA address.

C is incorrect. The default gateway is assigned by DHCP to a DHCP client and an APIPA address indicates that the client was unable to reach a DHCP server. Also, APIPA addresses do not assign a default gateway.

D is incorrect. Enabling the computer’s firewall would not block DHCP traffic and would not prevent the client from receiving a DHCP address.

--

Q. A system has an incorrect DNS entry in cache. What can you use to remove this entry?

A. Ipconfig /displaydns
B. Ipconfig /flushdns
C. Nslookup /removedns
D. Nslookup/flushdns

Answer: B is correct. The ipconfig /flushdns command will remove any entries in the DNS cache that were resolved from a DNS server. Try it with the following three commands: ipconfig /displaydns, ipconfig /flushdns, ipconfig /displaydns

A is incorrect. The ipconfig /displaydns command shows the entries in the DNS cache.

C and D are incorrect. Nslookup can be used to verify that a DNS server can resolve a host name to an IP address but it does not support /removedns or /flushdns switches.

Summary

You should have a basic understanding of command line tools when preparing for the Network+ exam. This blog covered the ping, ipconfig, and ifconfig commands and part 2 covers tracert, traceroute, nslookup, dig, arp, and route. You may also like to check out these Network+ blogs and other links:
Good Luck!