Troubleshooting TCP/IP from a Windows 95/98 and a Windows NT client
Microsoft Windows 95
TCP/IP client utilities
Cannot communicate from Windows client
Cannot ping from Windows client
Cannot resolve DNS names from Windows client
Cannot login to NetWare server
Windows tools tips
Troubleshooting TCP/IP from a Windows 95/98 client and a Windows NT client
The Windows 95 TCP/IP stack and Windows NT 4.0 TCP/IP stack comes with 5 utilities that are available to every user to help them determine if TCP/IP is functioning and help point to where problems in the network may be. These utilities will be discussed along with the benefits these utilities have, in resolving TCP/IP issues.
1A. WINIPCFG - Available with Windows 95
Winipcfg.exe is a utility that will display the clients current TCP/IP configuration on the client. You can execute this by clicking START / RUN and entering Winipcfg. If the clients IP address was statically assigned and configured, the information displayed is simply what was entered under TCP/IP PROTOCOL in Network settings. If TCP/IP PROTOCOL is configured to
obtain an IP address using Dynamic Host Configuration Protocol (DHCP), the information displayed here is what was received from the DHCP server that assigned the IP address.
Winipcfg will give you the following information and capabilities related to this client:
Network adapter address (MAC address)
Assigned IP addresses
Default gateway (default router)
If the client has obtained an IP address by using DHCP, clicking MORE INFO will also show you the DHCP server, when the lease began, and when the lease expires. In addition to this, 4 other buttons are highlighted. Renew, Release, Renew All, Release All. Selecting RENEW will cause the client to send a DHCPREQUEST to the DHCP server and update the lease and any assigned values such as default gateway or DNS server. Selecting RELEASE will cause the client the send a
DHCPRELEASE to the DHCP server thus signifying that the client is giving up its IP address and the server is free to assign that address to another client. If you want another IP address assigned to the client you would then select RENEW after selecting RELEASE. Renew All and Release All are used when the Win95 client is configured with more than one network interface. One additional thing to mention is that from a DOS box you can enter WINIPCFG /RENEW or /RELEASE to perform the same functions.
1B. IPCONFIG - Available with Windows NT client
The utility to verify your TCP/IP configuration is different on an NT client. You need to open a DOS box and run IPCONFIG.
Entering IPCONFIG /? will display the available options.
usage: ipconfig [/? | /all | /release [adapter] /renew [adapter]]
/? : Display this help message.
/all : Display full configuration information.
/release : Release the IP address of the specified adapter.
/renew : Renew the IP address of the specified adapter.
If you enter IPCONFIG with no parameters, only the IP address, subnet mask, and default gateway of each bound network card will be displayed. Using /all will show
more detailed information such as your clients host name, the configured DNS server, the MAC address (Media Access Control Layer) of the network card, and whether
TCP/IP has obtained an address via DHCP.
The /release and /renew parameters are used to release and renew IP addresses that where obtained through DHCP. If you have more than one network card in your
client and you do not specify a card with release and renew then the IP addresses for all bound cards will be released or renewed.
2. The PING Utility
Ping is the most basic utility available to test and verify TCP/IP connectivity within a network and is very useful when you need to troubleshoot TCP/IP problems. What
Ping does is send an ICMP packet to a specific host with a small amount of data and expects that host to respond with the same data. If you do not receive a response
you can then assume that the host is not up, a router along the way to the host is not up, or your clients TCP/IP is not working. If you receive a response then you have
working TCP/IP connectivity between the client and the host.
To run Ping you need to open a DOS box and enter ping followed by an IP address or host name. This is the output of "ping www.novell.com".
Pinging www.novell.com [126.96.36.199] with 32 bytes of data:
Reply from 188.8.131.52:bytes=32 time=22ms TTL=59
Reply from 184.108.40.206:bytes=32 time=57ms TTL=59
Reply from 220.127.116.11:bytes=32 time=33ms TTL=59
Reply from 18.104.22.168:bytes=32 time=34ms TTL=59
We could have simply entered the IP address instead of the name, for example. 'ping 22.214.171.124' and received a similar response. However if you do not know the IP address this is a good way to find it. Performing a Ping of a name causes the client to do a DNS name resolution before sending out the ICMP packet. This will tell you if your DNS name resolution is working properly. If it is not, you will receive a message like 'Unable to resolve www.novell.com'. The possible causes of not being able to resolve names are: The DNS server or DNS domain name are not configured properly on the client. If using DHCP, the DNS server and/or domain name are not properly configured on the DHCP server. The DNS server you are pointing to is not working.
There are many options to the Ping utility. By default 4 ICMP packets are sent out. Using the -n (count) option you can ping more than 4 times if you desire. If you are
having an intermittent problem you can PING continuously to test the connection. The -t option will ping the specified host continuously until interrupted. By default,
the ICMP packet size that is sent out is small (32 bytes). Using the -l (size) option you can send out larger packets. This can be useful in determining if you are having a
packet size problem across routers.
Available options for the Ping utility with Windows 95 and Windows NT.
-t : Ping the specifed host until interrupted.
-a : Resolve addresses to hostnames.
-n count : Number of echo requests to send.
-l size : Send buffer size.
-f : Set Don't Fragment flag in packet.
-i TTL : Time To Live.
-v TOS : Type Of Service.
-r count : Record route for count hops.
-s count : Timestamp for count hops.
-w timeout : Timeout in milliseconds.
3. The TRACERT utility (Trace Route)
Trace route does just what its name implies. It will trace the route to a specific host and display all the hops that are used to get to that specific host. This can be very
useful when working on network wide TCP/IP problems. If you are having problems getting to certain areas of you network you can perform a trace route to try and
determine what networks you can get to and what networks you cannot get to. Keep in mind that you may not take the same route to a particular network each time
depending on your network design. Performing a trace route to the same host multiple times may help you determine this.
To display all available options for TRACERT, from a dos box enter TRACERT with no parameters. The Image below shows the available options and the results from
executing a trace route to a specific IP address. This provides you with the DNS name and IP address of each of the Routing hops that where used to contact the host
4. The ARP utility - Displaying the ARP Cache of the client
This allows you to display and modify the ARP cache of the client. The ARP cache of a TCP/IP client is a table of IP addresses to MAC addresses. This is accessed when the client needs to send a packet of data out to another host. TCP/IP needs the destination IP address and the destination MAC address. The sending application provides the IP address and TCP/IP needs to find out the MAC address of the host with that IP address. It does this by sending out ARP packets and requesting the MAC address for a particular IP address. This information is kept in a table and is referenced to reduce the need to send out ARP requests for every packet being sent.
At times it is useful to look at this table. If a client cannot communicate with other clients on the local subnet, you can check the ARP cache (using the '-a' option) to see if it is corrupt or has valid invalid information in it. If no entry exists, the chances are that cabling problems exist, or that the host that you are trying to communicate has another IP address. If the entry exists, make sure that it is the correct MAC address/IP address mapping in case it's been corrupted, or someone else has responded on behalf of the host (eg. A switch, router running proxy arp).
There are options available to delete entries from the ARP cache or add entries to the ARP cache manually.
Entering "ARP" from a Dos prompt will display the detailed list of available options and their usage.
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a : Displays current ARP entries.
-g : Same as -a.
inet_addr : Specifies an internet address.
-N if_addr : Displays the ARP entries for a specific interface.
-d : Deletes the host specified by inet_addr.
-s : Adds a host to the ARP cache.
eth_addr : Specifies a physical address.
if_addr : Specifies the Internet address.
5. The NETSTAT command - Displaying the Network Card Statistics
The most important troubleshooting utility on the client!!! This displays protocol statistics and current TCP/IP network connection information for the host you are running this on. A useful function of NETSTAT would be the "-e" option. This displays the clients Ethernet statistics including discards and errors. If you suspect the LAN card to have a problem this will
help to diagnose it.
For the majority of problems, ICMP or TCP statistics will provide useful clues for troubleshooting purposes. Using the '-s' option dumps IP, ICMP, UDP and TCP statistics. ICMP is the error reporting protocol for IP and therefor is worth close attention.
For connectivity or routing issues, use the "-r" option to dump the routing table. There should always be a default route (0.0.0.0) entry pointing to the local router for your subnet. If this does not exist, communication to remote hosts outside the local subnet will not be possible. It is possible to configure a default route in 2 ways:
1. Through the standard TCPIP configuration utility in the Network 'control panel'. This makes sure that the entry is permanent.
2. By adding a static route using the 'Route Add' command. The difference with this method is that once the Workstation is shutdown, the static route is lost.
On a more detailed level, the "-a" option will display the active TCP connections along with the port number and the network host that the port is communicating with. If you are looking at a trace of TCP connection activity for the client, you can use this to relate TCP port numbers with the various servers the client is communicating with.
NETSTAT is used with these command line options. From a DOS window enter NETSTAT /H to get a complete listing of options.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a : Displays all connections and listening ports.
-e : Displays Ethernet statistics.
-n : Displays addresses and port numbers.
-p proto : Shows connections for the protocol.
-r : Displays the contents of the routing table.
-s : Displays per-protocol statistics.
What should you do when you have TCP/IP problems?
1. Determine your IP address and try to ping your IP address. If you do not get a response then the client's TCP/IP is not working. You could also PING 127.0.0.1. This is the TCP/IP loopback address for your client and is essentially the same as Pinging your own IP address. The reason you would not get a response to this is that the TCP/IP stack did not load, or it did load and some error occurred that caused TCP/IP to stop working. Possible reasons why TCP/IP would not load could be that TCP/IP is configured wrong on your client, you did not get a DHCP address properly or, the IP address is in use on some other client.
2. Ping an IP address on your local network. If this fails there a few possible causes to look at. The host you are sending the ping to may not be up. There could be network problems such as cabling or a bad hub. The TCP/IP running on your client still could be having a problem. You could try sending a ping to your client from another client to verify this or check the ARP cache on your client to see if the host you are pinging has an entry.
3. Ping an IP address on a different network or ping the routers in your network. If this fails and the previous tests worked you are probably having routing problems or the default router configured in your client's TCP/IP is wrong. You can display the routing table to verify this. If using DHCP, the default router configured on the DHCP server that it is offering to every client could be improperly configured. Try pinging clients on different networks to determine what networks you can reach and cannot reach. You could also do a trace routes do determine what network paths are working or not working.
4. Verify name resolution within your network. Ping a domain name (ie www.novell.com) that is within your company network. If this fails, the default DNS server that TCP/IP is configured to use maybe invalid or that DNS server is down. If using DHCP, the DNS server that the DHCP server is configured to hand out to the clients may not be properly configured.
5. Verify name resolution out to the internet. Ping a host on the internet (ie. www.cisco.com). If this fails, your companys DNS server that forwards DNS requests out to the internet is not working or the internet DNS server that your DNS forwards requests to is not working.