IPv4 Tools and Settings (TechRef)

Applies To: Windows Server 2008

TCP/IP Tools and Settings

Windows Server® 2008 and Windows Vista® support many TCP/IP diagnostic and remote networking tools that can help you manage and troubleshoot your network.

TCP/IP Tools

The following sections, “TCP/IP Diagnostic Tools” and “TCP/IP Remote Networking Tools,” describe the diagnostic and remote networking tools associated with TCP/IP.

TCP/IP Diagnostic Tools

TCP/IP supports the following diagnostic tools:

• Netstat

• Pathping

• Ping

• Tracert

The following table lists TCP/IP diagnostic tools that you can use to identify and resolve TCP/IP networking problems.

TCP/IP Diagnostic Tools

Tool	Description
Arp	View and manage the Address Resolution Protocol (ARP) cache on the interfaces of the local computer.
Hostname	Display the name of the computer.
Ipconfig	Display current TCP/IP network configuration values, update or release Dynamic Host Configuration Protocol (DHCP)-allocated leases, and display, register, or flush Domain Name System (DNS) names.
Nbtstat	Check the state of current NetBIOS over TCP/IP (NetBT) connections, view and update the NetBIOS name cache, and determine the names registered with Windows Internet Name Service (WINS).
Netdiag	Check the state of a network client to help isolate TCP/IP-related connectivity problems, including verifying that DNS is available and functioning correctly.
Netsh	Provides commands for performing a wide range of network configuration tasks.
Netstat	Display statistics for current TCP/IP connections.
Nslookup	Check records, domain host aliases, domain host services, and operating system information by querying DNS servers.
Pathping	Trace a path to a remote system and report packet losses at each router along the way.
Ping	Send Internet Control Message Protocol (ICMP) Echo messages to verify IP connectivity.
Route	Display the IP routing table, and add, edit, or delete IP routes.
Tracert	Trace a path to a destination.

All of the tools in the previous table are installed with Windows Server 2008.

Arp.exe: Arp

Category

The Arp command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Arp command-line tool to display and modify entries in the local Address Resolution Protocol (ARP) cache. The ARP cache, which is a memory-resident list, contains one or more tables that store IP addresses and the corresponding Ethernet, Token Ring, or wireless LAN physical addresses that have been resolved from other computers on the same subnet. Typically, a physical address is the Media Access Control (MAC) address. A separate table exists for each network adapter installed on the computer.

Hostname.exe: Hostname

Category

The Hostname command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Hostname command-line tool to display the host name of the computer on which you run the command.

Hostname does not display the fully qualified domain name (FQDN) of the computer. You can find the computer name and its FQDN through Control Panel on the computer.

Ipconfig.exe: Ipconfig

Category

The Ipconfig command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Ipconfig command-line tool to display the current configuration of the installed IP stack on a networked computer and to refresh DCHP and DNS settings. The Ipconfig command is often one of the first commands you use to check the status of the connection when you experience communication problems on a TCP/IP network. Ipconfig is most useful for managing computers that obtain an IP address automatically, such as by using DHCP or through alternate configuration.

When used without a parameter, Ipconfig displays the IP address, subnet mask, and default gateway for all adapters on a computer. Ipconfig also displays IPv6 address information.

Nbstat.exe: Nbtstat

Category

The Nbtstat command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Nbtstat command-line tool to troubleshoot NetBIOS name-resolution problems.

When a network is functioning correctly, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. NetBT uses several options for NetBIOS name resolution, including local NetBIOS name cache lookup, WINS server query, broadcast, and LMHOSTS lookup. After NetBT methods are exhausted, Windows TCP/IP converts the NetBIOS name to a host name and attempts host name resolution, including checking the local host name, checking the DNS client resolver cache, and querying DNS servers.

Use Nbtstat to display a variety of information, including:

NetBT protocol statistics.

NetBIOS name tables for both the local computer and for remote computers. The NetBIOS name table is the list of NetBIOS names that corresponds to NetBIOS applications running on that computer.

NetBIOS name cache. The NetBIOS name cache is the table that contains NetBIOS name-to-IP address mappings.

Also use Nbtstat to refresh the NetBIOS name cache and the names registered with WINS.

Netdiag.exe: Netdiag

Category

Netdiag is a command-line tool.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Netdiag command-line tool to help isolate TCP/IP-related connectivity problems.

Netdiag provides tests that report information about a computer and its network configuration, which can help diagnose network problems. Use the Netdiag logging parameter (-l) to capture and store output from Netdiag tests. One use of Netdiag logging is to add the output of Netdiag tests to your network’s baseline documentation and to create updated test logs each time important changes to a computer’s configuration are made.

Netsh.exe: Netsh

Category

The Netsh command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Netsh command-line tool to locally or remotely display or modify the configuration of services or protocols on computers running Windows. In addition, the Netsh command-line interface is scriptable, which lets you perform batch configurations or administration from a centralized location.

For administrative convenience, the Netsh commands are grouped into sets, called contexts. Each context provides commands appropriate for a specific area of networking functionality. A context is implemented through an associated Netsh helper, which is a dynamic link library (DLL) file that provides the capabilities for that context. Netsh directs the context command that you enter to the appropriate helper, and the helper then carries out the command. The Netsh helper DLLs interact with other operating system components, such as WINS or TCP/IP. For example, Winsmon.dll provides the set of commands for managing the WINS service, and Ifmon.dll provides the set of commands for managing IP interfaces.

A context can contain one or more additional contexts, called a subcontext. For example, the IPv6 context contains the 6to4 subcontext, which provides a separate set of commands for managing the 6to4 service (which encapsulates IPv6 traffic with an IPv4 header before it is sent over an IPv4 network) on either a 6to4 host or a 6to4 router.

Netsh is extensible. Developers can create additional contexts to manage networking services in addition to the contexts provided by Windows.

For a complete listing of netsh TCP/IPv4 commands, see: Netsh Commands for Interface (IPv4 and IPv6)

Netstat.exe: Netstat

Category

The Netstat command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Netstat command-line tool to display active TCP/IP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols).

Nslookup.exe: Nslookup

Category

The Nslookup command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Nslookup command-line tool for querying and troubleshooting the DNS infrastructure. For example, Nslookup can provide host-name resolution.

Pathping.exe: Pathping

Category

The Pathping command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use Pathping, a command-line tool that combines features of Ping and Tracert, to obtain additional information that neither of those tools provides. Specifically, you can use Pathping to identify the route to a remote host, then ping the remote host for a period of time to collect and report statistics. Pathping information includes information about the intermediate routers visited on the path, the Round-Trip Time (RTT) value, and link-loss information.

Ping.exe: Ping

Category

The Ping command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Ping command-line tool as your primary tool for troubleshooting IP-level connectivity between two TCP/IP computers. Ping sends ICMP Echo or ICMPv6 Echo Request messages to perform network diagnostics and to test ability to reach a specific destination. Ping can use IPv4 or IPv6 addresses. If a name is specified, Ping uses the address that is resolved.

Ping lets you specify the size of packets to use (the default is 32 bytes), how many to send, whether to record the route used, what Time-To-Live (TTL) value to use, whether or not to set the Don’t Fragment flag, and so on.

Route.exe: Route

Category

The Route command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Route command-line tool to view and modify the local IP routing table.

For two hosts to exchange IP datagrams, they must both have a route to each other, or they must use a default gateway that knows a route between the two. Typically, routers exchange information using a protocol such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF). The RIP Listening service is available for Microsoft Windows XP Professional, and full routing protocols are supported by Windows Server 2008 in the Routing and Remote Access service.

All symbolic names used for the specified network destination of the route are looked up in the network database file NETWORKS. The symbolic names for the gateway are looked up in the host name database file HOSTS. If the command is print or delete, the destination value can be a wildcard value specified by an asterisk ("*"). If the destination specified contains a * or ?, it is treated as a shell pattern and only matching destination routes are printed. The asterisk matches any string, and the question mark matches any one character. For example, 157.*.1, 157.*, 127.*, and *224* are all valid uses of the wildcard asterisk.

Using an invalid combination of a destination and netmask value generates a “The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.” error. This sort of error message appears, for example, when a bitwise logical AND between the destination and mask does not equal the destination value.

Tracert.exe: Tracert

Category

The Tracert command-line tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Tracert command-line route-tracing tool to display the path between the sending host and a destination.

The path that Tracert displays is a list of near-side router interfaces of the routers in the path between the source host and destination. Tracert uses the IP Time-to-Live (TTL) field in Internet Control Message Protocol (ICMP) Echo Requests and ICMP Time Exceeded-TTL Exceeded in Transit messages to determine the path from a source to a destination through an IP internetwork.

Note that some routers silently drop packets with expired TTLs. These routers do not appear in the Tracert display.

Tracert works by incrementing the TTL value by one for each ICMP Echo Request it sends, and then waiting for an ICMP Time Exceeded-TTL Exceeded in Transit message. The TTL values of the Tracert packets start with an initial value of one; the TTL of each trace after the first is incremented by one. A packet sent out by Tracert travels one hop further on each successive trip.

Note

The UNIX version of Tracert performs the same function as the Windows version, except that the IP payload is a UDP packet addressed to a (presumably) unknown destination UDP port. Intermediate routers send back ICMP Time Expired-TTL Exceeded in Transit messages recording the route taken, and the final destination sends back an ICMP Destination Unreachable-Port Unreachable message.

The UDP payload from the UNIX Tracert tool can cross routers and some firewalls, whereas the ICMP Echo Request messages might not, due to ICMP filtering. To avoid this problem, turn off packet filtering and then try using Tracert again.

TCP/IP Remote Networking Tools

Microsoft TCP/IP includes several remote networking tools. The following table lists the tools included with Microsoft TCP/IP that you can use to communicate with remote computers.

TCP/IP Remote Tools

Tool	Description
Finger	Displays information about a user or users on a specified remote computer (typically, a computer running UNIX) that is running the Finger service.
Ftp	Transfers files over the Internet to, and from, a computer running a File Transfer Protocol (FTP) server service, such as the FTP component of Microsoft Internet Information Services (IIS).
Rcp	Copies files between a computer running Windows Server 2008 and a computer running Rshd, the UNIX remote shell service.
Rexec	Runs commands on a remote computer (typically, a computer running UNIX).
Rsh	Runs commands on remote hosts using the Rsh service, the UNIX remote shell service.
Telnet	Starts terminal emulation with a remote host running a Telnet server service.
Tftp	Transfers files to and from a remote computer (typically, a computer running UNIX) that is running the Trivial File Transfer Protocol (TFTP) service.

Note

All passwords used by Windows networking services are encrypted. However, the Ftp, Rexec, and Telnet connectivity tools rely on plaintext password authentication by the remote computer. Plaintext passwords are not encrypted before being sent over the network. This enables another user equipped with a network capture tool such as Network Monitor on the same network to obtain a user’s remote account password. For this reason, choose different passwords from those used for computers running Windows Server 2008 or domains when connecting to non-Microsoft remote computers with the Ftp, Rexec, or Telnet tools. Note that the protocols themselves prohibit encryption; the use of plaintext passwords is not recommended by Microsoft.

Finger.exe: Finger

Category

The Finger connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Finger connectivity tool to display information about a user or users on a specified remote computer (typically, a host computer running UNIX) that is running the Finger service. Output varies based on how the remote host specifies Finger output format.

Ftp.exe: Ftp

Category

The Ftp connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

FTP is a protocol that defines how to transfer files from one computer to another over a TCP/IP network, such as the Internet or a company intranet. Use the Ftp connectivity tool to transfer files to and from a host running an FTP server service, such as the FTP component of Microsoft Internet Information Services (IIS). You can use Ftp interactively or in batch mode to process ASCII text files.

Note

The FTP service is a component of Microsoft Internet Information Services (IIS). However, when you install IIS on a server, FTP is not installed unless you explicitly specify that it be installed. If you install IIS without FTP, you can use Add or Remove Windows Components in Add or Remove Programs in Control Panel to install FTP later.

Typically, users use Ftp to download files from a location on the Internet or to upload files to a location on the Internet. Before a user can log on to an FTP server, the server administrator must grant the user permission to access the inetput\ftproot folder, which is created along with the Default FTP site by default when you install IIS FTP, or a folder for the use of a particular user or group under the ftproot folder. Alternatively, you can create a new FTP site, and you can use folders other than ftproot and its children for FTP files.

Similarly, users can upload a file from the local computer to an FTP server using the put command. However, for users to successfully use the put command, the administrator must grant them write permissions for the FTP folder to which the file will be uploaded.

Rcp.exe: Rcp

Category

The Rcp connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Rcp connectivity tool to copy files between a computer running Windows Server 2008 and a computer running Rshd, the UNIX remote shell server service or daemon. Rshd stands for Rsh daemon; daemon is the UNIX term for service. In addition to running Rsh, the remote computer must also support the Rcp tool.

Also use Rcp for third-party transfer to copy files between two computers running Rsh when the command is issued from computers running Windows Server 2008. The UNIX Rsh server service is not available on computers running Windows Server 2008, but the computer running Windows Server 2008 can participate as the computer from which the commands are issued.

Permitting Network Access

The .rhosts file typically permits network access on UNIX systems. The .rhosts file lists computer names and associated logon names that have access to remote computers. When you run Rcp, Rexec, or Rsh tools remotely with a correctly configured .rhosts file, you do not need to provide logon and password information for the remote computer. The .rhosts file must be in the user’s home directory on the remote computer.

The .rhosts file specifies which remote computers or users can access a local account using the Rcp or Rsh commands (Rsh is described later in this chapter). For you to access the remote computer using Rcp, the .rhosts file (or a file called Hosts.equiv) must exist on the remote computer. Rcp transmits the local user name to the remote computer. The remote computer uses this name and the IP address (usually resolved to a computer name) of the requesting computer to determine whether to grant access. No provision exists for specifying a password to access an account using Rcp.

If the user is logged on to a Windows Server 2008 domain, the domain controller must be available to resolve the currently logged-on name because the logged-on name is not cached on the local computer. Because the user name is required as part of the Rcp protocol, the command fails if it cannot obtain the user name.

The .rhosts file is a text file in which each line is an entry. An entry consists of the local host name, the local user name, and any comments about the entry. Each entry is separated by a tab or space, and comments begin with the number sign (#).

Specifying Computers (Hosts)

Use Host.user to specify a user name other than the current user name. If you use Host.user with Source (which specifies which files to copy), the .rhosts file on the remote computer must contain an entry for user. For example:

Rcp host99.user7:file1 corp7.admin:file2

In this example, the .rhosts file on Corp7 must have an entry for User7 on Host99.

If you type a computer name as a fully qualified domain name (FQDN) containing periods, you must append a user name to the host name. This prevents the last element of the domain name from being interpreted as a user name. For example:

Rcp domain-name1.user:johns domain-name2.user:buddyg

Performing Remote Processing

Remote processing is performed by a command run from the user’s logon shell on most UNIX computers. The user’s .profile or .cshrc file is run before file names are parsed. You can specify that exported shell variables be used in remote file names by using one of the escape characters. The escape characters are the backslash (\), quotation mark ("), and apostrophe (’).

Copying Files

If you try to copy several files to a file rather than to a directory, only the last file is copied. Also, the rcp command cannot copy a file onto itself (Source and Path/Destination cannot be the same).

Rexec.exe: Rexec

Category

The Rexec connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Rexec connectivity tool to run commands on a remote computer that is running the Rexecd service, the UNIX remote execute service. Rexecd stands for Rexec daemon; daemon is the UNIX term for service. Before carrying out the specified command, Rexec authenticates the user name on the remote host by prompting for a password. Windows Server 2008 does not provide the Rexec service.

Rexec copies standard input to the remote command, standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Interrupt, Quit, and Terminate signals are propagated to the remote command. Rexec generally terminates when the remote command completes.

You cannot use Rexec to run most interactive commands. For example, you cannot use Rexec to run vi or emacs commands. Use Telnet to run interactive commands.

Rsh.exe: Rsh

Category

The Rsh connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Rsh connectivity tool to run commands on remote computers that are running the Rsh service, the UNIX remote shell service. For information about the .rhosts file used to enable this tool, see the description of the Rcp tool earlier in this section.

If the user is logged on to a Windows Server 2008 domain, the domain controller must be available to resolve the user name, because it is not cached on the local computer. Because the user name is required as part of the Rsh protocol, the command fails if the user name cannot be obtained.

Rsh copies standard input to the remote command, standard output of the remote command to its standard output, and the standard error of the remote command to its standard error. Rsh generally terminates when the remote command completes.

Telnet.exe: Telnet

Category

The Telnet connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

The Telnet connectivity tool starts terminal emulation with a remote host running a Telnet server service. The remote computer must also be using TCP/IP. Telnet provides DEC VT-100, DEC VT-52, or ANSI emulation, using the connection-based services of TCP.

To provide terminal emulation from a computer running Windows, the remote host must be running TCP/IP and a Telnet Server service. The Windows-based Telnet user must also have a user account on the remote Telnet Server.

Note

Windows Server 2008 and Windows Vista provide the Telnet Client and Telnet Server components. These are built in, but you must use the Services snap-in to start the Telnet service before it can serve Telnet clients.

Tftp.exe: Tftp

Category

The Tftp connectivity tool is installed with the operating system.

Version compatibility

This tool is included with all versions of Windows that include TCP/IP.

Use the Tftp connectivity tool to transfer files over the Internet to and from a remote computer (typically, a computer running UNIX) that is running the Trivial File Transfer Protocol (TFTP) service. This tool is similar to Ftp, but it does not provide user authentication. However, the files you transfer using Tftp do require UNIX read and write permissions. You can use Tftp only for unidirectional transfer of files.