Experiment # 12
TCP/IP Utilities—Part 2
13-1 : Introduction
In this exercise, you continue your study of TCP/IP utilities designed for
troubleshooting, investigating, and analyzing the network. You will revisit the very popular
Ping utility and discover some additional capabilities of this work horse of diagnostic tools. In
addition, you will investigate four new diagnostic tools:
• Tracert, which is to determine the path taken by a data packet from its source to its
• NETSTAT, which displays network statistics and the current TCP/ IP connections.
• Telnet, which is a terminal emulation utility.
• FTP, which is designed for transferring files to or from a remote host on the Internet or
between UNIX systems.
13-2 : Objectives
When you complete this Exercise, you wifi be able to:
• Explain how and when to use the following TCP/IP utilities to test, validate, and
troubleshoot IP connectivity: Ping, Tracert, NETSTAT, Telnet, and FTP.
• Demonstrate how to use the Ping, Tracert, NETSTAT, Telnet and FTP utilities.
13-3 : Materials Required
You will need the client/server network configured as it was at the end of previous
Experiment. And telephone line.
13-4 : Procedure : Revisiting the Ping Command
In prior experiments, you used the Ping command extensively. By now you probably
appreciate its simplicity and usefulness. It is most everyone’s tool of choice for checking
TCP/IP connectivity. However, Ping has some additional capabilities that we have not yet
examined. We will remedy this in this part of the exercise.
Ping and the other utilities covered in this exercise can be very useful even on small local
networks. However, to truly demonstrate their prowess, it helps if you are connected to a very
large network. In this exercise, we will demonstrate them on the largest network of them all,
1. Check the Internet connection to the computer we have been calling Server 1. If you
are using a modem, check to make certain that the appropriate cable is connected
between the modem and a telephone jack. Or, if you are using an NIC, make certain
the appropriate cable is connected between the NIC and the network.
2. Turn on the computer. At the screen that allows you to select the operating system,
choose the Microsoft Windows option so that the computer boots to Windows 98
rather than Windows NT Server.
3. Enter the password when instructed to do so, and click on Yes or Cancel .
4. Double-click the Internet Explorer icon on your Windows screen. Internet Explorer
should now open to the Microsoft home page on the Internet. This verifies that your
Internet connection is working properly.
5. Go to the command prompt and type:
and press Enter. You should see the familiar four-ping return, indicating that Ping has
successfully connected to the remote host.
6. While you have used Ping in this way before, it has several switches that you have not
yet tried. To see what they are, type:
and press Enter. A screen like that shown in Figure1 will appear showing you the
complete syntax of the Ping command.
Figure 13-1 : The syntax of the ping command
7. Let’s try some of the switches to see how they work. Type:
ping -t 127.0.0.1
and press Enter. As described in Figure 1, the -t switch causes the Ping command to
continue pinging until you stop it. Type Ctrl-C.
8. While the -t switch allows you to ping indefinitely, the normal default for the number
of pings is four. But this can be changed with the -n switch. Type:
ping –n 7 127.0.0.1
and press Enter. As you can see, this results in exactly 7 pings.
9. The default setting for the length of the packets transmitted is 32 bytes. But this too
can be changed by using the -l (for length) switch. For example, type:
ping -l 1000 127.0.0.1
and press Enter. As you can see, the packet length is now 1000 bytes. The packet
length can be set as high as 8,192 bytes.
10. Ping can also be used to resolve IP addresses to host names. The
-a switch is used for this purpose. For example, type:
ping -a 220.127.116.11
and press Enter. In addition to the normal ping information, notice that the host name
that corresponds to the IP address is returned as well. In this case, it is
11. Time-to-live (TTL) is an important Internet concept. In order to keep packets from
being forwarded indefinitely or in circles, each datagram is given only a short time to
complete its journey. This is called its time to live (TTL). The TTL for the packets
generated by the ping command might be 32. If so, a count in the datagram is set to 32
before the datagram leaves your computer. Now each router along the path will
decrement this count by 1 as it forwards the packet. In addition, if the router is busy
and the datagram must wait for a few seconds before being forwarded, the router will
decrement the TTL count by the number of seconds it had to wait. When the TTL
count reaches 0, the datagram is discarded.
The -i switch is used to set the TTL field. For example, to change the TTL of each
ping packet to 50, you would type:
ping-i 50 127.0.0.1
12. Sometimes it is handy to know the route taken by a packet to its destination. The -r
switch allows you to record the route . You can specify from I to 9 hosts by the count.
For example type:
ping -r 9 18.104.22.168
and press Enter. Our system returned the IP addresses of nine routers, as shown in
Figure 13-2. Only the last two pings are shown in their entirety. The first two scrolled
off the display. Notice that although the last two packets were sent within a fraction of
a second of each other, they went by slightly different routes.
Figure 13-2 : The route taken by the packet can be recorded.
13. Occasionally you will get a reply that says: Request timeout . A time-out is different
from the time-to-live. It allows you to set a reasonable time in milliseconds for the
packet to complete its journey. If it does not complete the journey in the time allotted,
you get the time-out message. The default time-out is 1000 milliseconds or 1 second.
The time-out is controlled by the -w switch. Figure 13-3 shows a situation in which
the original ping timed out after the default time of 1 second. The second time around
the time-out was reset to 3000 milliseconds (3 seconds) but it still timed out. Finally
the time-out is set for 10,000 milliseconds (10 seconds) but the ping request still timed
out. It looks as if Microsoft was just not home that day, or the Internet was extremely
Figure 13-3 : Increasing the time-out interval in
an attempt to find www.microsoft.com.
13-4-1 : Discussion
In this part of the exercise you revisited the Ping command and examined several of the
switches that increase its flexibility and usefulness. The Ping command is perhaps the most
used of the TCP/IP utilities. The echo request and its reply tell you immediately if a remote
host is reachable and responding. Just as important, it tells you that major pieces of the
transport system are working properly. Since Ping works with datagrams, a successful ping
tells you that the IP software on the source computer is routing the datagram properly. And
since you are receiving the datagram echo, the remote host’s IP software is routing properly
as well. Finally the routers between the source and destination must be operating and routing
the datagram properly.
13-5 : Procedure : The Trace Route (TRACERT) Command
As you have seen, ping can be used to record the route that the echo request takes as it
traverses the Internet or network. However, the number of intermediate addresses is limited to
nine and the information reported is very sparse. Fortunately, there is a much better TCP/ IP
utility for tracing the route to a remote host. Trace Route (or Tracert) is a command-line
utility designed especially for this purpose.
1. At the command prompt on Serverl type:
and press Enter. Here we are tracing the route to our own computer, so we would
expect it to be short and it is, a single hop.
2. At the command prompt, type:
and press Enter. This time you are tracing a somewhat longer route, from wherever
you are to the Heathkit website in Chicago, Illinois. It will probably require a dozen or
so hops to make it here.
We tried the same command from an office in Benton Harbor, Michigan. The reply is shown
in Figure 13-4. It required 11 hops and was routed as shown.
Figure 13-4 : The route to www.heathkit.com
3. Like the Ping command, Tracert sends out echo request packets but with varying time-
to-live (TTL) values. Recall that each router along the way decreases the TTL field by
1. If the count reaches 0 before the packet reaches its destination, the packet is
discarded. However, the host that decrements the TTL to 0 sends back a response to
the original source of the packet.
4. In the example shown in Figure 4, the first packet has a TTL value of 1. Therefore the
default gateway of the source host decrements the TTL field to 0 and replies with its
IP address. That is the first entry.
5. Tracert sends out a second packet with a TTL of 2. Our default gateway decrements
the TTL field to 1 and sends the packet on to our Internet Service Provider (ISP). The
router at the ISP decrements the TTL field to 0 and discards the packet, but not before
responding with its address—which is the Kalamazoo, Michigan Ameritech Network
shown as the second entry. The process continues with ever-increasing values of TTL,
until one of three things happens:
• a packet eventually makes it all the way to the remote host. This is what
happened in Figure 13-4. Notice that the last entry is the remote host we were looking
• the maximum number of hops is reached. Here, the default value for the
maximum number of hops is 30, but this can be changed.
• you get an error message saying: destination un-reachable . Strangely enough,
this is often what you are looking for with Tracert, because when you see this message
it tells you where the problem lies. If the location is in your network, you can fix it. If
it is in someone else’s network you can notify them, and they can fix it.
6. Another very useful piece of information is the time of each hop. Here, you can spot
bottlenecks or overworked routers.
7. Tracert has several switches. Type:
and press Enter to see the syntax. Read over the options shown.
8. These options are self-explanatory except for the -j switch. The loose source routing
option is used to force the outbound packets to pass through a specific router and then
back again. This enables you to trace the round trip route to and from a specific router.
13-6 : Procedure : The NETSTAT Utility
In the previous exercise, you studied a utility called NBTSTAT. Recall that this was a
Microsoft-specific utility used to determine what NetBIOS over Tcp/IP connections exist.
NETSTAT is the TCP/IP equivalent of this utility. It is used to determine what TCP/IP
connections exist in the local host. As the name implies, NETSTAT can also be used to give
you network statistics such as the number of packets transmitted or received and the number
of errors encountered.
1. First, let’s look at the syntax of NETSTAT. At the command prompt, type:
and press Enter. A screen like that shown in Figure 13-5 appears. Read over the
purpose, syntax and options.
2. Let’s begin by making a connection for NETSTAT to report. Double- click on the
Internet Explorer icon and open your home page. To make sure we are all at the same
location, highlight the Address line and type:
and press Enter.
3. At the command prompt, type:
and press Enter. A screen similar to that shown in Figure 13-6 opens.
Figure 13-5 : The syntax of the netstat command.
Figure 13-6 : Output of the netstat command.
4. When used without switches, NETSTAT returns important information about the
connection. For one thing, it shows that in our case there are actually two connections
between our local machine and the MSN website. The protocol is TCP since this is a
Web connection. The local address shown here is the name of our Internet Service
Provider, Ameritech. Yours may be different, and it is often the word Default. More
important is the number following the name which is the TCP port number being used.
The Foreign Address is the host name or IP address of the remote host. Once again, the
number after the host name or address is the TCP port number, in this case “80”. Recall that
80 is the port used by HTTP which is the protocol used by the Web. The state of the
connection is Established, meaning that the connection exists.
5. The switches listed in Figure 5 add a lot of flexibility and power to this command. For
example, at the command prompt type:
and press Enter. Statistics about your connection(s) are displayed.
6. At the command prompt type:
and press Enter. The current route table for your computer is shown.
7. At the command prompt type:
and press Enter. The statistics are now shown by protocol type:
TCP, UDP, IP and ICMP.
8. If time allows at the end of the exercise, try the other switches.
13-6-1 : Discussion
The NETSTAT utility can be used to report both inbound and outbound TCP/IP
connections. It can also display statistics on the packets sent back and forth. It can be used to
display the route table of the local host and to sort statistics by protocol.
13-7 : Procedure : The Telnet and FTP Utilities
Two additional utilities are worth a brief mention. They are the term emulator for
networks (Telnet) and the file transfer protocol (FTP) utilities. Let’s look at Telnet first.
13-7-1 : TELNET
Telnet allows you to access a remote machine through a network and use the remote
machine just as if you were at its keyboard. At least that was its original purpose. Today
another common use is as a troubleshooting tool for testing TCP connections, especially port
connections. Let’s give it a try.
1. At the command prompt type:
and press Enter. This launches the Telnet utility. A blank Telnet window is displayed.
2. Select Connect I Remote System. The Connect dialog box appears. See Figure 13-7.
In the Host name block type:
lynx.cc.ukans.edu or type another address such as Local server your server in bench as
This is the address of a server at the University of Kansas, which we are using for this
example. Set the Port to 23, the port normally used by Telnet, and leave the terminal
type (TermType) set to vtlOO. Click on the Connect button.
Figure 13-7 : Telnet’s Connect Dialog Box.
3. If the server is running today, you will see a screen similar to that shown in
Figure 13-8 .
4. You can follow the instructions to log in if time allows. When you are done,
terminate the connection by selecting Connect I Disconnect. Or if you do not log in
fast enough the connection may disconnect automatically
Figure 13-8 : The Telnet Server offers help logging in.
13-7-2 : THE FTP UTILITY
FTP is a special utility whose function is to transfer files over the Internet. It is also the
standard for file transfer between UNIX systems. It is basically a DOS-like program, so it
helps to know the name and location of the file you wish to download. Warning:
Downloading files from unknown sources is an excellent way to pick up a virus. You should
download only from trusted sources. Let’s briefly go through the process of connecting to the
Microsoft’s FTP site.
1. At the command prompt type:
and press Enter. Notice that the usual DOS prompt changes to the f tp> prompt. This
tells you that you are in the FTP utility.
2. At the ftp> prompt type:
and press Enter. If the connection can be made to Microsoft’s FTP server, you should
get a reply something like:
connected to ftp.microsoft.com
220 ftp Microsoft FTP Service (Version 4.0) User (
The server is asking you to log on with your user’s name. Type:
and press Enter. Many FTP servers will allow you to log on as anonymous and then
ask for your e-mail address as the password. If you have an e-mail address or if
someone is willing to let you use theirs, you can complete the log in.
3. Type: help
and press Enter. A list of the commands acceptable to the server is shown. Your
textbook tells you what some of the more popular commands do. The Get command
allows you to download a file assuming you know the name and path to the file. The
Put command allows you to upload a file. For now type:
and press Enter. This ends your FTP session and returns you to the MS-DOS Prompt
4. Using the proper procedure, shut down the computer.
13-7-3 : Discussion
In this part of the exercise, you learned about two additional TCP/IP utilities: Telnet and
FTP. And you ran an abbreviated session in each. Telnet allows you to access a remote
machine through a network and use the remote machine just as if you were at its keyboard. It
is also used as a troubleshooting tool for testing TCP connections. FTP is designed especially
for transferring files over the Internet and is the standard for file transfer between UNIX