Configuring and Troubleshooting TCP/IP · Configuring and Troubleshooting TCP/IP ITINERARY ... 53...

11Configuring andTroubleshooting TCP/IP

ITINERARY

•• Objective 1.01 Configure TCP/IP Addressing ona Server Computer

•• Objective 1.02 Troubleshoot TCP/IP Addressing

•• Objective 1.03 Troubleshoot TCP/IP Routing

NEWBIE SOME EXPERIENCE EXPERT6 hours 4 hours 2 hours

3

Passport / MCSE/MCSA Implementing a Windows Server 2003 Network Infrastructure (Exam 70-291) / Glenn,Simpson, Zandri / 222770-2 / Chapter 1

P:\010Comp\Passport\770-2\ch01.vpWednesday, August 06, 2003 12:50:30 PM

Color profile: Generic CMYK printer profileComposite Default screen

Transmission Control Protocol/Internet Protocol (TCP/IP) is actually a suite ofprotocols that together offer the most stable and widely accepted networkingtechnology in use today. Almost all network operating systems offer TCP/IPsupport, and many large networks, including the Internet, rely on TCP/IP fortheir network traffic. The various protocols in the TCP/IP suite function to-gether to make network communication happen. This process involves a lotof activities, including resolving computer names to Internet Protocol (IP)addresses; determining the physical locations of communicating computers;and packaging, addressing, and routing data so that it reaches its destinationsuccessfully.

This chapter starts with an overview of TCP/IP. We’ll look at basic TCP/IP ar-chitecture, explore how IP addressing and subnetting work, and examine therouting process. You’ll also learn how to configure TCP/IP addressing on serv-ers. Finally, we’ll look at the various utilities used to troubleshoot addressingand routing on a TCP/IP network.

Objective 1.01Configure TCP/IP Addressingon a Server Computer

Before you dive into setting up clients on a TCP/IP network, it’s importantthat you have a good understanding of how TCP/IP works. TCP/IP is an

industry-standard protocol stack that is used for communication betweencomputers.

Understanding TCP/IP ArchitectureThe TCP/IP protocol suite includes a number of different protocols and utili-ties. The protocols in the TCP/IP suite are stacked into four logical layers thathelp define their roles in the process. These four layers roughly correspond tothe seven layers that make up the Open Systems Interconnection (OSI) protocolreference model you may be familiar with, but the TCP/IP model is a bit moreflexible for real-world use. In this section, we’re going to focus on the four-layermodel. In the troubleshooting section later in the chapter, we’ll be coming backto the OSI model. The four layers, indicated in Figure 1.1, are the applicationlayer, transport layer, Internet layer, and link layer. Each of these is discussed indetail in the following sections.

4 MCSE/MCSA Implementing a Windows Server 2003 Network Infrastructure (Exam 70-291)




Application LayerMost applications and utilities are contained in the application layer and usethis layer to gain access to the network functions of TCP/IP. Windows 2003provides two interfaces that allow applications to access the rest of the TCP/IPprotocol suite:

• WinSock This is the Microsoft version of the Berkeley Socketsapplication programming interface (API), which is the standardinterface used to access TCP/IP protocols.

• NetBIOS Helper Service Network Basic Input Output System(NetBIOS) is a legacy interface that was originally based on the DOSBIOS but added a number of functions for network access. It is stillused for interprocess communications throughout Windows. TheNetBIOS Helper Service manages interactions between NetBIOSand sockets.

These two interfaces form two groups of TCP/IP-enabled applications:WinSock applications and NetBIOS applications. Aside from some Windowsfunctions and Microsoft applications, though, most applications use WinSock.A number of familiar TCP/IP applications run in the application layer; they in-clude the Hypertext Transfer Protocol (HTTP), the protocol used to transferdata between web servers and browsers; the File Transfer Protocol (FTP), a pro-tocol used for transferring files between computers; and the Simple Mail Transfer

CHAPTER 1 Configuring and Troubleshooting TCP/IP 5


FIGURE 1.1 Packets of data are passed down the layers of the sendinghost and back up the layers of the receiving host.



Protocol (SMTP), a protocol used for sending e-mail between mail servers andfrom mail clients to mail servers.

Transport LayerThe transport layer orders communication between computers and passes dataup to an application in the application layer or down to the Internet layer fornetwork delivery. The transport layer also specifies a unique identifier for eachcommunicating application in the form of a port, which is used to keep track ofwhat data packets are associated with what applications. The transport layer isalso responsible for dividing the data up into the packets that will be transmit-ted across the network.

Data delivery in the transport layer is controlled by two protocols:

• Transmission Control Protocol (TCP) TCP is referred to as aconnection-oriented protocol because a connection must be establishedbetween two computers before any data is transferred. It is also termeda reliable protocol because it checks up on the delivery of data to a remotecomputer by requiring that an acknowledgment be returned. If theremote computer does not return an acknowledgment within a specifiedperiod of time, the source computer retransmits the data. Mostapplications use TCP to transmit data.

• User Datagram Protocol (UDP) UDP is a connectionless service inthat it neither establishes a connection before transmitting data norrequires an acknowledgment of receipt. This provides faster data deliverythan TCP but does not offer the capability to retransmit data that is notacknowledged. UDP is often used by applications that stream mediaover a network, where retransmittal of data would not be useful.

A port is associated with either TCP or UDP transport layer protocols and isreferred to as a TCP port or a UDP port. A port can have any number between 0and 65,535. The port numbers from 0 to 1023 are reserved for common TCP ap-plications. Referred to as the well-known port numbers, these are under thecontrol of the Internet Assigned Numbers Authority (IANA). Ports from 1024through 49,151 are also under the control of IANA and are referred to as regis-tered ports; these are used for less well-known applications. Ports between49,152 and 65,535 are referred to as dynamic or private ports.

Table 1.1 lists some of the important well-known port numbers you mayneed to know for the exam.





Travel AssistanceYou can find information on all well-known port numbers using theweb site of the Internet Assigned Numbers Authority. The pagelisting port numbers is http://www.iana.org/assignments/port-numbers.

Internet LayerThe Internet layer is responsible for addressing, packaging, and routing the datathat is handed down to it from the transport layer. There are four core protocolsin this layer: Internet Protocol (IP), Address Resolution Protocol (ARP),Internet Control Message Protocol (ICMP), and Internet Group ManagementProtocol (IGMP).

Internet Protocol IP is a connectionless, and therefore unreliable, protocolthat is primarily responsible for addressing packets and routing them be-tween networked computers. Although IP always attempts to deliver a packet, apacket may be lost, corrupted, delivered out of sequence, duplicated, or delayed.



Port Number Application

20 FTP data

21 FTP control

22 SSH login control

23 Telnet

25 Simple Mail Transfer Protocol (SMTP)

53 Domain Name System (DNS)

80 HTTP (web traffic)

110 Post Office Protocol 3 (POP3)

119 Newsgroup (NNTP)

137 NetBIOS name service

138 NetBIOS datagram service

143 Internet Mail Access Protocol (IMAP)

139 NetBIOS session service

389 Lightweight Directory Access Protocol (LDAP)

443 Secure web traffic (HTTPS)

546 DHCP Client

547 DHCP Server

1080 Socks

TABLE 1.1 The Most Important Well-Known Port Numbers





IP does not attempt to recover from these types of errors by requesting retrans-mission of the data. Acknowledging the delivery of packets and recovering lostpackets is the responsibility of a higher-layer protocol, such as TCP, or of the ap-plication itself.

IP also assigns a Time to Live (TTL) value to each packet, which specifies themaximum length of time that the packet can travel on the network before beingdiscarded. The TTL is measured in seconds, which represent the maximum timea packet can survive on a network. Every instance of IP that processes a packetdecrements the TTL by at least one.Any instance of IP that examines a packet with aTTL of zero discards the packet.

Address Resolution Protocol ARP is responsible for mapping IP addresses tothe hardware addresses (or MAC addresses) of the network adapters of comput-ers on the network. When IP readies a packet for transmission to a remote com-puter, it does so using that computer’s IP address (you’ll learn more about IPaddresses later in the chapter). However, the actual network cards (and othernetwork interfaces) on a network transfer data using long MAC hardware ad-dresses that are burned on the card by the manufacturer to ensure each networkinterface on a network is uniquely identified.

ARP translates between IP addresses and hardware addresses by maintaininga table of mappings known as the ARP cache. This table is built dynamically.When ARP receives a request to translate an IP address, it checks for the addressin its table. If the address is found, ARP returns the address to the requestingprocess. If the address is not found in the table, ARP broadcasts a packet to thelocal subnet; this packet contains the IP address for which the hardware addressis needed. If a receiving host identifies the IP address as its own, it responds bysending its hardware address back to the requesting host. The response is thencached in the ARP table.

Internet Control Message Protocol ICMP provides error reporting and traf-fic control messaging. With ICMP, computers and routers that use IP commu-nication can report errors and exchange limited control and statusinformation. For example, if IP is unable to deliver a packet to a destinationcomputer, the ICMP protocol running on the local computer sends a Destina-tion Unreachable message to the source computer.

Internet Group Management Protocol IGMP is used by hosts to reportmulticast group membership to adjacent routers. Multicasting allows one hostto send content to multiple other hosts simultaneously. Examples would bestreaming high-bandwidth media to multiple computers, updating software ona number of computers at once, and some types of distribution lists. Typically,





a group of computers becomes part of a multicast group membership so thatthe group can be sent multicast messages.

Link LayerThe link layer is responsible for placing data on the network medium and receiv-ing data off the network medium. This layer contains physical devices such asnetwork cables and network adapters. This layer does not contain the type ofsoftware-based protocols that are included in the other three layers, but it doescontain such protocols as Ethernet and Asynchronous Transfer Mode (ATM),which define how data is transmitted on the network.

IP Addressing and RoutingEvery interface on a TCP/IP network is given a unique IP address that identifiesit on that network. The term “interface” is used instead of “computer” or “de-vice” because a single network device may actually have more than one interfaceon a single network (and interfaces on multiple networks), and thus more thanone IP address. The Internet Protocol handles this addressing, defining how theaddresses are constructed and how packets are transferred using those ad-dresses. In this section, we’re going to talk about how IP addresses are assignedand how to subnet a network into segments using IP addresses and customsubnet masks. First, however, you need to know how an IP address works.

An IP address consists of a set of four numbers, each of which can range from0 to 255. The reason for this is that each number is actually based on a binary oc-tet, or an eight-digit binary number. There are 28 or 256 different binary combi-nations in a binary octet. Each one of these combinations is numbered 0through 255. Computers work with the binary format, but it’s much easier forpeople to work with the decimal representation. Each of these numbers is sepa-rated from the others by a decimal point, so a typical IP address in decimal formmight look something like 192.168.001.102. This number represented in binaryform is 11000000 10101000 00000001 01100110. How would you like to typethat string of ones and zeros into your computer? No? Now you see why we use 0through 255 instead!

In the same way that a house address has two parts—a street address and aZIP code (the city and state are not really used anymore)—an IP address alsohas two parts:

• The network ID identifies the network segment on which a networkinterface is located. All computers on the same segment must have thesame network ID, just as all houses in a specific area must have the sameZIP code. An example network ID would be 192.168.1.0 (the first threeoctets make up the network ID; the 0 is used as a placeholder).



• The host ID identifies a network interface within a network segment. Thehost ID for each host must be unique within the network ID, in the sameway that the street address for a house must be unique within a ZIP code.Using the example network ID 192.168.1.0 and adding host IDs such as 1,2, and 3 would give us full addresses like 192.168.1.1, 192.168.1.2, and192.168.1.3.

Just as two different postal delivery areas can have the same street addresswithin them, two computers with different network IDs can have the same hostID. However, the combination of the network ID and the host ID must beunique to all computers in communication with each other.

Computers and other network devices depend on a second number called asubnet mask to help determine which portion of an IP address is the network IDand which portion is the host ID, as shown next. You’ll learn more about subnetmasks in the section “Classless Subnetting” later in the chapter. For now, justunderstand that the host ID is some portion of the IP address, starting at the leftand proceeding to the right in the binary representation of the address. Thesubnet mask defines where the network ID stops and the host ID starts.

Classful IP AddressingIP addresses are organized into classes that help define the size of the networkbeing addressed. This is called classful IP addressing. Five different classes of IPaddresses define different sized networks, capable of holding varying numbersof hosts.

Classful IP addressing is based on the structure of the IP address and pro-vides a systematic way to differentiate network IDs from host IDs. As youlearned earlier, there are four numerical segments of an IP address ranging from0 to 255. Here, we’ll represent those segments as w.x.y.z. Based on the value ofthe first octet (w), IP addresses are categorized into the five address classes out-lined in Table 1.2.





Classes A, B, and C are available for registration by public organizations.Actually, all of these addresses were snapped up long ago by major companiesand Internet service providers (ISPs), so the actual assignment of an IP addressto your organization will likely come from your chosen ISP. Classes D and E arereserved for special use.

Travel AdvisoryYou may notice in Table 1.2 that the octet 127 is missing from thelist of available IP addresses. The network ID 127.0.0.0 is reservedfor testing purposes, as you’ll learn later in this chapter in thesection “Using Ping.”

The address class determines the division between the network ID and thehost ID. For class A, the network ID is the first octet in the IP address (for exam-ple, the 111 in the address 111.103.122.18 is the network ID). For class B, thenetwork ID is the first two octets; and for class C, it is the first three octets. Theremaining octets identify the host ID.

Network IDs are usually represented using a four-octet structure, just like theIP address, but with zeros standing in for the host ID portion. As an example,the IP address 172.16.53.46 would be a class B address because 172 is between128 and 191. That makes the network ID 172.16.0.0 and the host ID 53.46(without a period at the end).

Understanding RoutingRouting is the process of moving information along a path from a source to adestination between different network segments. On a TCP/IP network, thesource and destination are called hosts and the information is broken apart into



Class Network ID

Rangeof First Octet(w)

Numberof NetworkSegmentsAvailable

Numberof HostsAvailable Subnet Mask

A w.0.0.0 1–126 126 16,777,214 255.0.0.0

B w.x.0.0 128–191 16,384 65,534 255.255.0.0

C w.x.y.0 192–223 2,097,152 254 255.255.255.0

D N/A 224–239 N/A N/A N/A

E N/A 240–255 N/A N/A N/A

TABLE 1.2 IP Address Classes





small packets that are transmitted between these hosts. IP handles the routing ofall these packets for the network.

Remember that a protocol such as TCP or UDP will hand down a packet ofdata to the IP protocol for transmission to a remote host. IP must determinewhere the packet goes. First, it compares the network ID of the local host withthe network ID of the destination host identified in the packet. If the two net-work IDs match, the two hosts are on the same IP subnet and the packet can besent directly to the destination host.

If IP determines that the network IDs of the local host and the remote hostdo not match, that means that the two hosts are on different network segmentsand the packet cannot be sent directly. Instead, IP must send the packet to agateway, which is a router connecting one network segment to another. Whenthis gateway receives the packet, its IP protocol goes through the process ofcomparing network IDs to determine the best place to send the packet. If thedestination address is on the same network as the sender, the router drops thepacket. If the destination host is on one of the other network segments to whichthe gateway is directly connected, the gateway can forward the packet straightto the destination host. Otherwise, the gateway forwards the packet on to an-other gateway, and then perhaps another, until the packet finally reaches itsdestination. Each time a packet crosses a gateway, that is referred to as a hop. Forexample, if a packet must cross three routers to reach its destination, that isconsidered three hops.

Usually, the source host is configured with the IP address of a default gate-way, a router to which all packets are sent if the destination host is not found onthe same network segment. Routers (and all devices with IP installed, for thatmatter) are able to consult routing tables that are stored in the router’s memory.A routing table holds information on preferred routes for various network IDs.This way, the router can determine the best gateway to which to send a packetbased on the network ID of the packet’s destination host. There are two ways inwhich a router can build its routing table:

• Static A static router has a routing table that is constructed andupdated manually. In other words, someone must actually accessthe routing table to create routes the router can use.

• Dynamic A dynamic router builds and updates its own routing tableas it finds appropriate routes. When it finds shorter routes, it favorsthose over longer routes. Most importantly, dynamic routers can alsoshare their information with other routers on the network. Almost allthe routers in use today are dynamic routers—manual routers are justtoo much work. Dynamic routers use one of two common routingprotocols: Routing Information Protocol (RIP) and Open ShortestPath First (OSPF).



Classless SubnettingIn the classful method of IP addressing, the number of networks and hostsavailable for a specific address class is predetermined from the default subnetmask for the class. As a result, an organization that is allocated a network ID hasa single, fixed network ID and a specific number of hosts. With the single net-work ID, the organization can have only one network connecting its allocatednumber of hosts. If the number of hosts is large, the single network will not beable to perform efficiently. To solve this problem, the concept of customsubnetting was introduced; custom subnetting is also known as classlessinterdomain routing (CIDR).

Custom subnetting allows a single classful network ID to be divided intosmaller network IDs, shown in Figure 1.2. The idea behind custom subnetting isthat you take the default subnet mask used for the class to which your IP addressrange belongs and then borrow some of the bits used for the host ID to use as anextension to the network ID.

You can think of a custom subnet mask as a screen that differentiates thenetwork ID from a host ID in an IP address, but that is not restricted by thesame rules used in the classful method. A subnet mask consists of a set of fournumbers, similar to an IP address. These numbers range in value from 0 to 255,though only some of the numbers in the range are actually available to use forthe mask. To see why this is, we need to jump back to the binary format for just



FIGURE 1.2 One range of IPs separated into two subnets



a moment. The default subnet mask for a class B network (255.255.0.0) inbinary format would be

11111111 11111111 00000000 00000000

This mask specifies that the first 16 bits of an IP address are to be used for thenetwork ID and the second 16 bits are to be used for the host ID. To create a cus-tom subnet mask, you would extend the mask into the host ID portion. How-ever, you must extend this by adding ones from left to right. For example, acustom subnet mask might look like

11111111 11111111 11110000 00000000

The value 11110000 in decimal format would be 240, making this IP address255.255.240.0. Table 1.3 shows the possible values for an octet in a customsubnet mask.

In the classful method, each of the four numbers in a subnet mask can beonly the maximum value of 255 or the minimum value of 0. The four numbersare then arranged as contiguous octets of 255 followed by contiguous octets of0. For example, 255.255.0.0 is a valid subnet mask, whereas 255.0.255.0 is not.The 255 octets identify the network ID, and the 0 octets identify the host ID. Forexample, the subnet mask 255.255.0.0 identifies the network ID as the first twonumbers in the IP address.

When subnetting an existing network ID to create additional subnets, youcan use any of the preceding subnet masks with any IP address or network ID.So the IP address 172.16.2.200 could have the subnet mask 255.255.255.0 andnetwork ID 172.16.2.0, as opposed to the default subnet mask 255.255.0.0 withthe network ID 172.16.0.0. This allows an organization to subnet an existingclass B network ID of 172.16.0.0 into smaller network IDs to match the actualconfiguration of its network.



Binary Value Decimal Value

10000000 128

11000000 192

11100000 224

11110000 240

11111000 248

11111100 252

11111110 254

TABLE 1.3 Possible Values for Custom Subnet Masks



Exam TipFor the exam, you should be able to work out the subnet mask neededfor a given situation. For example, you might be asked to determinethe subnet mask used to divide a network into two subnets basedon each subnet needing a certain number of hosts.

Using Private AddressingEvery network interface that is connected directly to the Internet must have anIP address registered with IANA. This prevents IP address conflicts between de-vices. If you are configuring a private network that is not connected to theInternet or one that exists behind a firewall or proxy server, you can configuredevices on your network with private addresses and have only the public addressconfigured on the interface that is visible to the Internet.

Each address class has a range of private addresses available for general use:

• Class A 10.0.0.0 through 10.255.255.255

• Class B 172.16.0.0 through 172.31.255.255

• Class C 192.168.0.0 through 192.168.255.255

You can choose whatever range you like to use for your network and imple-ment custom subnets as you see fit. None of these addresses is ever officially as-signed to a publicly accessible Internet host.

Configuring Windows Computers as TCP/IP ClientsConfiguring a computer running Windows 2003 (or most modern versions ofWindows) to be a client on a TCP/IP network is straightforward. In fact, if youhave a default installation of Windows 2003 and your network uses DynamicHost Configuration Protocol (DHCP) to automatically assign IP addresses, youwon’t need to do any configuration at all. The computer will contact a DHCPserver automatically on startup, obtain an IP address along with other TCP/IPinformation, and be ready to use on the network. DHCP is discussed in detail inChapter 2.

There are times, however, when you will need to configure TCP/IP client set-tings yourself (such as for servers that need static IP addresses), and it is nothard to do. Each network connection created on a Windows 2003 computercan have its own protocols installed, including TCP/IP. The first step in con-figuring TCP/IP is to access the correct network connection. Most networkedcomputers will have only one, though some may have more than one.





Choose Start | Control Panel and then double-click Network Connections toopen the Network Connections window, which displays all network connec-tions configured on the computer. Open the Properties dialog box for the con-nection you want to configure by right-clicking its icon and choosing Propertiesfrom the shortcut menu.

The Properties dialog box for a standard local area connection is shown inFigure 1.3. If TCP/IP is installed (as it will be by default), it is listed in this win-dow. If TCP/IP is not listed, you will need to install it. Click Install, choose Pro-tocol from the list of components in the dialog box that opens, and then choosethe TCP/IP protocol from the list of available protocols.

To configure the TCP/IP properties for a connection, select Internet Protocol(TCP/IP) and click Properties to open the Internet Protocol (TCP/IP) Prop-erties dialog box, shown in Figure 1.4. By default, a computer is set to obtainboth its IP address and its DNS server addresses automatically. This means oneof two things. If a DHCP server is configured for the network, the computer re-trieves an IP address from that server during startup. If a DHCP server is notconfigured or does not respond to a client request, Windows uses a featurecalled Automatic Private IP Addressing (APIPA) to assign an IP address to itself.If you have a small network and don’t use DHCP, all the computers running



FIGURE 1.3 Use the Properties dialog box for a network connection toadjust TCP/IP settings.




APIPA will assign themselves IP addresses that should allow for communica-tions between the computers. APIPA uses the IP address range 169.254.0.1through 169.254.255.255. This range has been reserved by Microsoft so that itcannot be used on the Internet.

If your network does not use dynamic addressing, or if you need a computerto use a specific IP address instead of having one automatically assigned, youcan configure TCP/IP manually. Select the Use The Following IP Address op-tion and configure the required information, including the IP address, thesubnet mask, and the default gateway. Depending on your situation, you mayalso need to manually assign the Domain Name System (DNS) servers used bythe computer. DNS is covered in detail in Chapter 4.

You can also configure a number of advanced options for TCP/IP by clickingAdvanced in the Internet Protocol (TCP/IP) Properties dialog box. Advancedoptions include the following:

• Binding multiple IP addresses to a single network interface You canconfigure a single network connection with an unlimited number of IPaddresses for advanced networking purposes, such as when multiplelogical IP networks are in use and the computer needs a different IPaddress to communicate with each.


FIGURE 1.4 Choose whether to assign an IP address automaticallyor manually.



• Setting multiple default gateways You can configure more than onedefault gateway to serve as a backup in case the primary default gatewayis unavailable for some reason.

• Configuring additional DNS servers as backups and advancedDNS options

• Configuring Windows Internet Naming Service (WINS) serversThese are used to resolve NetBIOS computer names to IP addresses.

• Configuring advanced IP security, which protects the authenticityof IP packets sent between computers on a network, and TCP/IPfiltering These are used to control the type of TCP/IP traffic thatreaches a computer.

Objective 1.02 Troubleshoot TCP/IPAddressing

T roubleshooting TCP/IP addressing information is really a matter of makingsure that a few values are correct. First and foremost, the TCP/IP client

should have the correct IP address and subnet mask. The client should also haveappropriate DNS server information and valid addresses for any other serversyou have configured on the network.

Using IpconfigAs its name implies, ipconfig is a command-line utility used to display and, tosome extent, manage the IP addressing information for network connections.Typing ipconfig at the command prompt returns basic TCP/IP information, in-cluding the IP address, subnet mask, and default gateway of each network con-nection on a computer.

For the most part, you will use ipconfig to verify that the IP address assignedto a network connection is what you expect. For example, it could show youwhether an IP address was actually obtained from a DHCP server or whetherWindows used APIPA to assign an address from its private range. Sometimes,you will also use ipconfig to release the IP address lease assigned to a computerby a DHCP server and to renew that lease.

The options available for use with the ipconfig command are shown inTable 1.4.





Travel AdvisoryWindows 95, 98, and Me have a graphical version of theipconfig utility named winipcfg.exe. You can start it from the Rundialog box or the command line and it has most of the featuresof ipconfig.

IP AddressingEvery interface on a TCP/IP network is given a unique IP address. These addressesmay be configured manually or automatically using DHCP. If the addresses areconfigured manually, there is a good chance that a typo could be causing thenetwork connectivity problem. In fact, typos or transposition of numbers is one ofthe biggest errors associated with IP problems. So, before you decide to purchasea new router, check several times that you entered the correct IP address andsubnet mask.

Due to the number of errors associated with manually configuring IP ad-dresses for users, many administrators choose to use DHCP to automaticallyconfigure large groups of users. This is not a foolproof method, so errors may



Option Description

/? Displays a help message with a description of all options andthe syntax for using them.

/all Displays the full TCP/IP configuration, including DNS andDHCP configurations, and the physical addresses of adapters.

/release Releases an IP address. If used without specifying a networkconnection, this option releases IP addresses for all connections.This command is only used for connections that obtain IPaddresses automatically.

/renew Releases automatically assigned IP addresses and attempts torenew the address from the DHCP server or APIPA. If you donot specify an adapter to renew, all adapters are renewed.

/flushdns Purges the DNS resolver cache, which is covered in Chapter 6.

/registerdns Refreshes all DHCP leases (much like the renew command) andreregisters DNS names.

/displaydns Displays the contents of the DNS resolver cache.

/showclassid

Displays all the DHCP class IDs allowed for an adapter. This isdiscussed in Chapter 2.

/setclassid Modifies the DHCP class ID.

TABLE 1.4 Available Options for the ipconfig Command



occur with this method also. In any event, be sure to type the correct IP address,subnet mask, and default gateway IP address very carefully when configuringTCP/IP for a user.

Exam TipYou may have to examine an ipconfig /all screen to determine where theproblem is in the user’s IP configuration. Be sure to review what the defaultsubnet masks are for class A, B, and C addresses. Also note that youmust provide a default gateway address if you want to accessdevices on a remote network.

SubnettingSubnetting networks is primarily done to reduce broadcast traffic. For example,a class C address of 205.172.1.0, owned by a company, would have a defaultsubnet mask of 255.255.255.0. This makes it possible for this one network tohave 254 hosts assigned IP addresses.

If a company has multiple subnets, your troubleshooting becomes morecomplex, mainly because of the need for routers in such a network. When a net-work is subnetted, users cannot access the resources on the different subnets un-less there is a router separating them. Also, the router’s ports or interfaces needto be configured with an IP address for each subnet to which it is connected. Theuser would use this IP address number as their default gateway. So, a router mayhave three interfaces, each configured with a different IP address. Each subnetwould then have its own default gateway IP address. A company that wants tosubnet its network, to reduce broadcast traffic, would do so by using a custom-ized subnet mask.

In the preceding example in which the company has a class C address of205.172.1.0, the company can use a subnet mask of 255.255.255.192. By bor-rowing bits from the host portion of the IP address, two subnetworks are cre-ated: 205.172.1.64 and 205.172.1.128. Each one of these subnets will contain arange or block of IP addresses. In this example, the blocks will be IP addresses 65– 131 and 129 – 191, respectively. A 192 mask creates a block size of 64. A subnetmask of 224 creates a block size of 32. To determine the block size, you can sub-tract the subnet mask from the magic number of 256, which is 28. This kind ofknowledge can help you to troubleshoot very quickly whether the problem isdue to an incorrect subnet mask.

Let’s look one more time at the preceding example. If one of the users has anIP address of 205.172.1.67 and a subnet mask of 255.255.255.192, and another





user has an IP address of 205.172.1.134 with the same subnet mask, then eachuser is on a separate subnet. The first user is on the .64 subnet, and the second ison the .128 subnet.

Exam TipQuestions involving network connectivity issues from one IP address to anotherIP address can usually be explained by either an incorrect subnet mask or anincorrect default gateway. In other words, if user A cannot ping user B’sIP address, start by checking for the possibility of an incorrect subnetmask or default gateway. Often, questions will throw a surprisingamount of information at you to disguise a simple solution like this.

Watching for APIPA AddressesAPIPA uses the IP address range 169.254.0.1 through 169.254.255.255. If youhave a client that is supposed to get addressing information from a DHCPserver, but instead ends up with an address in the APIPA range, this indicatestwo things: first, that TCP/IP is working correctly on the client; and second, thatthe client is not getting the information from the DHCP server and is having toassign itself an address. You should check the DHCP server and the connectionbetween it and the client.

Exam TipYou should learn the private address ranges available, including the APIPA rangeand the others covered earlier in the chapter in the section “Using PrivateAddressing.” Watch for these addresses to appear on the exam as apossible indicator of a problem. If, for example, a client is assignedan address in the APIPA range, it could indicate that a DHCP servercould not be contacted.

NetshIn previous version of Windows, administrators often removed and reinstalledTCP/IP as a way of resetting TCP/IP values to their default—useful particularlywhen a user has changed TCP/IP information to unsupported or incorrect val-ues. Windows 2003 no longer allows you to remove the TCP/IP protocol stack.Instead, a new netsh (netshell) command has been added that lets you reset theTCP/IP configuration without removing and reinstalling it.





To issue the command, just type the following at the command prompt:

netsh interface ip reset

Travel AssistanceYou can find out more about the netsh command from the Windowshelp files or by typing netsh /? at the command prompt.

Objective 1.03 Troubleshoot TCP/IPRouting

Troubleshooting network connectivity problems will probably be one of themost important parts of your job. Being a good troubleshooter does not

mean you have to be a genius. However, you need to be meticulous, detail-ori-ented, and patient.

In this section, you will look at troubleshooting network problems. After awhile, you will discover that many of the same problems occur over and overagain. With practice, you’ll get to a point where you can debug and troubleshootproblems very quickly. Having a good memory will certainly help in this en-deavor, but documenting the steps you take to solve a problem saves you fromthe embarrassing moment of telling a user: “Yeah, I’ve seen this happen once be-fore and I fixed it. I just don’t remember what I did.” If you keep forgetting tomake sure that the printer is turned on before you spend 20 minutes looking atwhat printer drivers are installed, you will be perceived as a bad troubleshooter.

A Little Deeper into Networking ModelsEarlier in the chapter, you looked at the four layers that make up the TCP/IPstack. This four-layer model is based on another model named the OSImodel—a seven-layer model that is the parent of all networking models. Whilegetting through these models can be tedious, it will make you a better trouble-shooter. If you’re already comfortable with all the OSI layers and what takesplace in each, feel free to skip to the next section.

Assuming that you already memorized the seven layers of the OSI model(physical, data link, network, transport, session, presentation, and application),using whichever mnemonic that worked best for you (such as All People SeemTo Need Data Processing, or my favorite, starting from layer one: Please Do Not





Throw Sausage Pizza Away), you should also understand what takes place oneach layer and which devices operate at the layers, to assist you in troubleshoot-ing. Table 1.5 provides a summary of that information. These layers look verysimilar to the TCP/IP layers you learned earlier, because the TCP/IP modelmaps to this model. But don’t worry too much about that; your goal here is tounderstand as quickly as possible how data from one computer gets to anothercomputer.

If you send someone an e-mail from your computer, the data flows from theapplication layer, down to the physical layer, across the wire, to the other com-puter, and up the model, until the person reads your e-mail at his or her applica-tion layer. As the data is flowing down the OSI model, the e-mail message isbeing encapsulated. Each layer of the model uses something called protocol dataunits (PDUs), which encapsulate the data with a header or trailer at the end ofthe frame. This encapsulation, or “wrapping” of the data that you are sending,occurs on each layer. For example, as indicated in Table 1.5, the name of thePDU at layers 5, 6, and 7 is Data. The transport layer is where segments are cre-ated. The network layer is where packets or datagrams are created. The data linklayer is where frames are created, and finally, bits are created at the physical layer.

If you’re wondering how knowing this information about the OSI model isgoing to help you in your troubleshooting, consider an example. Suppose Bobcan successfully ping Sue, who is located in his office, but Bob cannot ping Alice,



OSI Layer(Encapsulation) Function DevicesApplication

(Data)

To provide the user with an interface,such as an e-mail application.

Gateways

Presentation

(Data)

To present the data to the user in thespecific format, such as ASCII or EBCDIC.This layer is also responsible for dataencryption and compression.

Gateways

Session

(Data)

To create the dialog between two hosts. Gateways

Transport

(Segments)

To deliver data reliably (TCP) or unreliably(UDP).

Gateways

Network

(Packets)

Where higher-level destination addressing,such as IP or IPX, occurs.

Routers

Data link

(Frames)

To provide access to the media using aphysical address, such as the MAC address.

Switches, bridges

Physical

(Bits)

To move those ones and zeros acrossthe wire.

Hubs, repeaters, cabling

TABLE 1.5 The OSI Networking Model





who is located in a remote location across the company’s router (ping is dis-cussed soon, in the section “Using Ping”). Would you crawl under Bob’s desk tocheck whether his cable is plugged into his network adapter card? In otherwords, is this a physical layer problem? Of course not. If it were, Bob wouldn’t beable to ping Alice. In this scenario, because Bob is trying to ping a remote work-station and is using a router, you can quickly identify this problem as being alayer 3, or network layer, issue. Thus, you would direct your attention to areassuch as the following:

• Logical address error (incorrect IP number)

• Default gateway (the default gateway or router may not be available)

• Subnet mask error (an incorrect subnet mask ID may have beenconfigured)

So, having a better understanding of how data flows through a network canhelp you to troubleshoot.

Exam TipFor the exam, it is important that you remember the four TCP/IP layers,their order in the suite, and the important protocols that make up thoselayers. You will not need to know anything specifically about theOSI reference model. However, an understanding of it will help youapproach troubleshooting questions with more confidence.

Troubleshooting MethodologyIn troubleshooting, sometimes the more experienced administrator will missthe most obvious problem. Having a user tell you, “Oh, I moved my computeracross the room to get better lighting; do those wires matter?” after you’ve spentten minutes trying to figure out why her e-mail is not working is a good exampleof missing the obvious. On the other hand, a good troubleshooter must alsoknow how to eliminate the obvious. For example, if a computer can communi-cate with all computers on the network, except one workstation, you wouldprobably begin your troubleshooting steps at that one workstation.

It is important to have a structured approach to solving problems. Some ofthe questions you may want to ask in your troubleshooting methodology are thefollowing:

• Is it a physical problem (cable broken or not connected, bad networkadapter card, computer turned off, and so on)?



• Is it a name resolution issue (for example, you cannot connect to thehostname but can successfully ping the IP address)?

• Is it a network configuration problem (default gateway incorrectlyconfigured, incorrect subnet mask or IP address, and so on)?

Exam TipOn the exam, it is not necessary to know this level of detail. However,in a scenario given, you should be able to quickly identify which isthe most likely candidate or problem. That is, you should be ableto identify which computer you would sit in front of and enter theipconfig /all command.

Utilities for Troubleshooting TCP/IP RoutingTCP/IP has been around a while and has accumulated a good number of trou-bleshooting utilities along the way. Most of these are command-line utilities,and you’ll find them (or something very much like them) available on the TCP/IP implementation of almost every operating system. The utilities are used todisplay information about and test the basic functions of TCP/IP, such as rout-ing and IP addressing.

Using PingPing is one of the simplest and most important troubleshooting tools used inTCP/IP. Ping is a command-line utility that generates an Echo Request messageand transmits it to a remote computer. The remote computer responds to thisrequest, letting you know that the transmission arrived and was replied to. Theoutput looks something like the following example:

C:\>ping 192.168.1.101

Pinging 192.168.1.101 with 32 bytes of data:

Reply from 192.168.1.101: bytes=32 time<1ms TTL=128Reply from 192.168.1.101: bytes=32 time<1ms TTL=128Reply from 192.168.1.101: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.101:Packets: Sent = 4, Received = 4, Lost = 0 (0%loss),

Approximate round trip times in milli-seconds:Minimum - 0ms, Maximum = 0ms, Average = 0ms





Here, I’ve pinged a remote computer on a different network segment on mynetwork (in other words, the packet had to cross a router). The information dis-played tells us that three Echo Request messages were received and replied to,that the time was virtually instantaneous, and that no packets were lost.

However, merely being able to ping this remote host tells us so much more. Ittells us that TCP/IP settings on both computers are correct. It also tells us thatthe router is working properly.

Suppose, now, that we had not gotten a successful reply. This could be due toa failure anywhere along the path, but we could likely use ping to isolate thepoint of failure. For example, if we could ping our default gateway (router) suc-cessfully, it would mean the problem lay on the other side of that gateway—perhaps on another gateway or perhaps with the remote computer itself.

You can use a systematic method of pinging hosts to determine where a rout-ing problem lies after determining that there is a problem. Follow these steps:

1. Try pinging 127.0.0.1. This is a reserved address known as a localloopback address and is a way to ping the local computer. If this pingdoesn’t work, then TCP/IP on the local computer is not installed ordid not load properly.

2. Try pinging the actual IP address of the local computer. If this doesn’twork, it means that TCP/IP may have loaded successfully, but that theprotocol is not correctly bound to the adapter. It could be due to aninvalid IP address or other TCP/IP information. At this point, youcould likely use ipconfig (discussed in the previous section) to isolatethe problem.

3. Ping the address of the local computer’s default gateway. If thisis unsuccessful, it could still mean improper configuration on thelocal computer (maybe an invalid subnet mask or default gatewayconfigured) or that the gateway itself is having problems. The easiestway to verify the gateway is to try pinging from another computerconfigured to use that gateway.

4. Ping the address of the remote host. If this is unsuccessful, eitherone of the other gateways along the path or the remote host itselfhas a problem. At this point, you should probably try the traceroutecommand, described in the next section.

Once you can successfully ping the IP address of the remote host, you can alsotry pinging the remote host using its hostname or computer name. This can help





you determine whether the name resolution system used on your network isfunctioning correctly.

Using TracerouteTraceroute is a program that works much like ping, except that it displays infor-mation about each hop along the path to the destination computer, includingthe names of routers used. Traceroute can be useful in determining the exactpoint at which routing between two hosts fails, once it is determined that theproblem actually lies between the hosts.

Run traceroute from the command prompt by typing tracert followed by thename or IP address of a remote host. An example of the output from a traceroutecommand is shown here:

C:\>tracert www.yahoo.com

Tracing route to www.yahoo.akadns.net [216.115.102.76]over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.1.12 14 ms 14 ms 29 ms user-24-214-110-1.knology.net [24.214.110.1]3 16 ms 16 ms 16 ms 24.214.0.1464 22 ms 24 ms 22 ms 24.214.0.215 24 ms 22 ms 22 ms POS-1-3.pr1.atl01.netrail.net [205.215.15.93]6 21 ms 22 ms 23 ms ibr01-f2-0.paxa01.exodus.net [216.32.132.113]7 22 ms 21 ms 21 ms bbr01-p3-0.atln01.exodus.net [206.79.9.93]8 24 ms 23 ms 23 ms bbr02-g5-1.atln01.exodus.net [216.35.162.130]9 42 ms 41 ms 41 ms bbr02-p7-0.ftwo01.exodus.net [206.79.9.190]10 43 ms 41 ms 41 ms bbr01-g2-0.ftwo01.exodus.net [216.39.64.1]11 85 ms 80 ms 84 ms bbr01-p5-0.sntc04.exodus.net [209.185.9.109]12 * * * Request timed out.13 * * 86 ms vl20.bas1.snv.yahoo.com [216.115.100.225]14 86 ms 83 ms 84 ms w4.snv.yahoo.com [216.115.102.76]

Trace complete.

As you can see, each of the numbered lines in the display indicates a routerthat forwards the packet along the path to its destination. The three millisecond(ms) values on each line represent the reply time for the three Echo Requestssent to that router (just like the ping command). Finally, each line includes thename and address of the router (sometimes just the address). Lines 12 and 13 inthe example show a router that could not be reached (probably because it wastoo busy) and was tried again.

Using PathpingPathping is a relatively new utility (introduced in Windows 2000) and is basedon both the ping and traceroute commands. Essentially, pathping performs atraceroute command and then pings each router that the traceroute encounters







along its path to its intended destination. In addition to returning the computername and IP address for each hop, it includes the percentage of sent and lostpackets to each router. This additional information can help you determine thecause of networking problems more efficiently than using traceroute and pingseparately.

Run pathping from the command prompt by typing pathping followed by thename or IP address of a remote host. An example of the output from a pathpingcommand is shown here:

C:\>pathping www.yahoo.com

Tracing route to www.knology.net [24.214.63.162]over a maximum of 30 hops:0 j [192.168.1.2]1 192.168.1.12 user-24-214-40-129.knology.net [24.214.40.129]3 24.214.0.1464 24.214.0.215 mlp1-0-0.Wspt.GA.US.knology.net [24.214.0.70]6 www.knology.net [24.214.63.162]

Computing statistics for 150 seconds...Source to Here This Node/Link

Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address0 j [192.168.1.2]

0/ 100 = 0% |1 1ms 0/ 100 = 0% 0/ 100 = 0% 192.168.1.1

0/ 100 = 0% |2 16ms 0/ 100 = 0% 0/ 100 = 0% user-24-214-40-129.knology

.net [24.214.40.129]0/ 100 = 0% |

3 16ms 0/ 100 = 0% 0/ 100 = 0% 24.214.0.1460/ 100 = 0% |

4 23ms 0/ 100 = 0% 0/ 100 = 0% 24.214.0.210/ 100 = 0% |

5 28ms 0/ 100 = 0% 0/ 100 = 0% mlp1-0-0.Wspt.GA.US.knology.net[24.214.0.70]

0/ 100 = 0% |6 27ms 0/ 100 = 0% 0/ 100 = 0% www.knology.net [24.214.63.162]

Trace complete.

The full syntax for using the pathping command is as follows:

pathping [-n] [-h maximum_hops] [-g host-list] [-i address] [-p period][-q num_queries [-w timeout] [-4] [-6] target_name

Table 1.6 defines the options used with the pathping command.

Using RouteComputers running Windows 2003 can also act as routers if they have inter-faces on two or more network segments. Windows 2003 supports both static




and dynamic routing. If a Windows 2003 computer is operating as a staticrouter, you can view entries in its routing table using the route command. Youcan also manipulate the entries with this command, but it is easier and better touse the Routing and Remote Access Service console instead. This is covered inChapter 8.

The syntax for using the route command is as follows:

Route [-f] [-p] [command [destination] [netmask] [gateway][metric]]

Table 1.7 defines the options used with the route command.

Using ARPAs you learned earlier, in the section “Address Resolution Protocol,” the AddressResolution Protocol (ARP) is responsible for resolving IP addresses to the hard-ware addresses of network interfaces. ARP does this initially by broadcastingresolution requests, but it also builds a cache of responses so that it does not al-ways have to rely on network broadcasts. The ARP command is used to view andmanipulate this ARP cache.

An example of an actual ARP cache is shown here:

C:\>arp -a

Interface: 192.168.1.2 --- 0x2


Option Description

–n Does not resolve addresses to hostnames.

–h maximum_hops Specifies the maximum number of hops to search.The default is 30 hops.

–g host_list Allows consecutive computers to be separated byintermediate gateways.

–i address Forces the command to resolve to the specifiedsource address.

–p period Specifies the number of milliseconds to wait betweenconsecutive pings. The default value is 250 ms.

–q num_queries Specifies the number of queries to each computer alongthe route. The default value is 100 queries.

–w timeout Specifies the number of milliseconds to wait for eachreply. The default value is 3000 ms.

–4 Forces resolution using the IPv4 protocol.

–6 Forces resolution using the IPv6 protocol.

target_name Specifies the endpoint of the search, the destinationIP address.

TABLE 1.6 Available Options for the pathping Command



Internet Address Physical Address Type192.168.1.1 00-30-ab-08-10-9a dynamic192.168.1.3 00-e0-98-03-65-2d dynamic

Each line includes an IP address, the physical address the IP address ismapped to, and whether the entry is static (fixed) or dynamic (can be changedby the ARP protocol itself). A dynamic entry is automatically removed from thecache after a certain amount of time. The default value is 14,400 seconds. Thishelps ensure that the ARP cache is up to date by forcing ARP to repeat the reso-lution of hosts every so often. Though you can configure static entries within anARP cache, it is not a good idea to do so. Not only does maintaining static en-tries increase the level of management required, but caches that are not continu-ally maintained run the risk of improper resolution of addresses.

The possible formats for the arp command are

arp -s inet_addr eth_addr [if_addr]arp -d inet_addr [if_addr]arp -a [inet_addr] [-N if_addr]

Table 1.8 defines the options that can be used with the arp command.



Option Description

–f Flushes all entries from the routing table.

–p If used with the add command, makes a route persistent. Ifused with the print command, displays all persistent routes.

Command Four commands are supported. The add command adds a routeto the table. The delete command removes a route. The changecommand edits an existing route. The print command displaysthe contents of the routing table.

Destination Specifies the network ID to which packets might be sent.

Mask Specifies that the next parameter is the netmask value.

Interface Specifies an interface number used for a specific route.

Netmask Specifies the subnet mask that tells IP how to calculate thenetwork ID.

Gateway Specifies the IP address to which packets for the networkbeing entered are sent. If this is a network to which the routeris attached, the address is one of the router’s own interfaces.Otherwise, it will be the IP address of another router.

Metric Specifies the hop count used in determining the routea packet takes.

TABLE 1.7 Available Options for the route Command



Note that ARP caches do not last very long. If you want to see something in theARP cache, perform a network activity (such as pinging a remote host) and thenuse the arp –a command quickly!

Using NetstatThe netstat command is actually a powerful compilation of other commandsthat you can use to get a snapshot view of the current state of network connec-tions on a computer. This includes information such as currently active and lis-tening ports. In fact, netstat is most commonly used as a security tool because italso lists any foreign addresses along with the active port connections. In addi-tion to this information, netstat also displays statistics on network traffic androutes.

The syntax for using the netstat command is as follows:

netstat [-a] [-e] [-n] [-s] [-p proto] [-r] [-o] [interval]

Table 1.9 shows the options that can be used with the netstat command.

Troubleshooting ResourcesSometimes you will run across an error or problem that seems unsolvable.Don’t despair. There are a tremendous amount of resources available to you,and many of them are free! You should start off using the Help and Support



Option Description

–a or –g Displays current ARP entries. If the host has more than onenetwork interface, entries for each ARP table are displayed.

inet_addr Specifies an Internet address.

eth_addr Specifies a physical address.

if_addr Specifies the Internet address of the interface whose addresstranslation table should be modified. If not present, the firstapplicable interface will be used.

–N Specifies the ARP entries for the network interface specifiedby if_addr.

–d Deletes the host specified by inet_addr.

–s Adds a static mapping to the ARP cache. Static mappings willremain until the system is restarted.

TABLE 1.8 Available Options for the arp Command





feature included in Windows Server 2003. It has a section devoted to trouble-shooting called “Troubleshooting strategies that can keep you busy for hours onend.” A hyperlink there can quickly send you off to TechNet, Microsoft Knowl-edge Base, and more. If you’ve never used newsgroups, Microsoft’s web site hasdirections on accessing them so that you can post questions or issues in a forumand get more than enough suggestions and advice from your peers.

CHECKPOINT✔Objective 1.01: Configure TCP/IP Addressing on a Server Computer This

objective took a basic look at how TCP/IP works, including how the coreprotocols work together, how IP addressing and subnetting work, and howdata is routed between computers on a network. The objective also showedyou how to configure TCP/IP on a computer running Windows 2003.

Option Description

–a Displays all connections and listening ports.

–e Displays Ethernet statistics. This may be combined with the–s option.

–n Displays addresses and port numbers in numerical form.

–o Displays the active TCP connections and includes the processidentifier (PID) for each connection. Note that this option isnew to the Windows 2003 implementation of netstat.

–p protocol Shows connections for the protocol specified by protocol, whichmay be TCP or UDP. If used with the –s option to display per-protocol statistics, protocol may be TCP, UDP, or IP.

–r Displays the routing table.

–s Displays per-protocol statistics. By default, statistics are shownfor TCP, UDP, and IP; the –p option may be used to specifya subset of the default.

interval Redisplays selected statistics, pausing interval secondsbetween each display. Press CTRL-C to stop redisplayingstatistics. If omitted, netstat will print the currentconfiguration information once.

TABLE 1.9 Available Options for the netstat Command





✔Objective 1.02: Troubleshoot TCP/IP Addressing This objective exam-ined methods for identifying and resolving TCP/IP addressing problems,including issues related to Automatic Private IP Addressing (APIPA). It alsointroduced the ipconfig tool used for displaying TCP/IP information ona computer.

✔Objective 1.03: Troubleshoot TCP/IP Routing This objective examinedthe major TCP/IP utilities used in troubleshooting basic TCP/IP routingproblems. These utilities include ping, pathping, traceroute, arp, route, andnetstat.

REVIEW QUESTIONS

1. You are the network administrator for your company. The networkuses static IP addresses for all computers. You add a new client computerto one of the subnets on the network. However, the client is unable toconnect to a server on the same subnet. Other clients can connect to theserver, so it appears the client is improperly configured. How wouldyou correct the problem?

A. Modify the IP address of the client computer so it is the same as theIP address of the file server

B. Modify the IP address of the client computer so it is the same as theIP address of the router

C. Modify the subnet mask of the client computer so it is the same asthe subnet mask of the file server

D. Modify the subnet mask of the file server so it is the same as thesubnet mask of the client computer

2. You are the administrator of a large network and notice that networkcommunications between a local and remote host are unusuallyslow. You determine that the problem most likely is with a routeron the network. Which of the following utilities would you useto find the router with the slow response time?

A. route

B. tracert

C. ping

D. arp





3. You are the network administrator for your company’s network, whichconsists of two subnets, A and B, and is configured as shown in thefollowing illustration. Subnet A hosts all the clients on the networkand subnet B hosts all the servers. You are configuring a client on thenetwork. Which of the following configurations should you use?

A. IP Address: 192.168.1.12; Subnet Mask: 255.255.255.0; DefaultGateway: 192.168.1.1

B. IP Address: 192.168.1.12; Subnet Mask: 255.255.255.0; DefaultGateway: 192.168.0.1

C. IP Address: 192.168.0.12; Subnet Mask: 255.255.255.0; DefaultGateway: 192.168.1.1

D. IP Address: 192.168.0.12; Subnet Mask: 255.255.255.0; DefaultGateway: 192.168.0.1

4. You are the network administrator at one of your company’s branchoffices. The current network setup consists of two possible subnets,though only one is being used at the moment. The network ID usedis 192.168.1.0. The subnet mask is 255.255.255.128. What is the validIP address range for computers on the network 192.168.1.0?

A. 192.168.1.0….192.168.1.255





B. 192.168.1.129....192.168.1.254

C. 192.168.1.129....192.168.1.190

D. 192.168.1.128....192.168.1.191

5. You are the network administrator for your company. Your companyuses a web server to allow employees to view secure web pages. Youhave enabled TCP/IP filtering on the web server. However, employeesnow complain that they cannot view secure pages on the server. Whatshould you do?

A. Permit port 110 in the TCP/IP filtering settings

B. Permit port 80 in the TCP/IP filtering settings

C. Permit port 339 in the TCP/IP filtering settings

D. Permit port 443 in the TCP/IP filtering settings

6. You are the administrator of a large network using classful IP addressing.One of your computers has the IP address 136.120.004.201. Which of thefollowing default subnet masks should you use?

A. 255.0.0.0

B. 255.255.0.0

C. 255.255.255.0

D. 255.255.255.255

7. One of your client computers running Windows 2003 can no longercommunicate with the network. Your network uses a DHCP server thatallocates addresses in the range 10.108.0.1 through 10.108.0.254. Youuse the ipconfig command and determine that the computer has beenassigned the address 169.254.0.1. What is most likely the problem?

A. The IP address for the computer has been manually assigned.

B. The IP address has been assigned by a malfunctioning DHCP server.

C. The DHCP server could not be contacted, so Windows assigneditself an IP address.

D. The IP address has been assigned by an alternate DHCP server.

8. You are the administrator of you company’s network. You suspect thatone of your computers is being accessed inappropriately and would liketo find out what kinds of connections are being made. Which of thefollowing commands would you use to display all active connectionsto ports on a computer and to display the addresses and port numbersin numerical form?

A. Netstat –p






B. Netstat –d

C. Netstat –a

D. Netstat –p –e

9. You are the network administrator for your company. You suspectthat one of your users has changed the TCP/IP values on his computer.Which of the following actions could you use to determine whether theTCP/IP values were configured correctly?

A. Ping a remote host

B. Ping your local IP address

C. Ping 127.0.0.1

D. Ipconfig /all

10. You are testing the TCP/IP connection on a Windows 2003 server andit appears that values are set up correctly. However, the client cannotping to any remote host. You would like to reset TCP/IP to its defaultvalues. Which of the following actions should you take? How can youdo this?

A. Uninstall and reinstall the TCP/IP protocol

B. At the command prompt, type ipconfig /resetall

C. At the command prompt, type netsh interface ip reset

D. At the command prompt, type reset ip

REVIEW ANSWERS

1. You cannot have two computers on the same subnet with thesame IP address, so answers A and B are invalid. The subnet mask ofall computers on the subnet should be the same. Since other computerscan connect to the server, you can assume that its subnet mask is correctlyconfigured and you must change the client’s.

2. The tracert utility reports the routers that a packet passes throughon its way to a destination and the response times of those routers.

3. The client must be configured using a network ID and subnet maskthat are the same as the other computers that share its subnet. In thiscase, the network ID is 192.168.1.0 and the host ID can be any that isnot already used on the subnet. The subnet mask for this network IDis 255.255.255.0. The default gateway must be configured for theinterface the router maintains on the same subnet as the client—in this case 192.168.1.1.





4. There are actually two network IDs available when using thissubnet mask: 192.168.0.0 and 192.168.1.0. The subnet mask defines thenumber of hosts available on each of these subnets. Only the 192.168.1.0subnet is being used, however, and the range of host IDs is 129 to 254.The easiest way to see why this is true is to first convert the last octetin the subnet mask to binary: 128 becomes 10000000. This means thatthe last 7 bits of the address are used for the host ID, giving the hostIDs a range (in binary) of 10000001 to 11111111. Converted to decimal,this range becomes 129 to 254.

5. TCP port 443 is used for HTTPS (the secure web protocol) traffic.Permitting traffic on that port should allow users to view secure webpages again.

6. IP addresses whose first octet is in the range 128–191 areclass B addresses and, as such, use the default subnet mask 255.255.0.0.A and C are wrong because those subnet masks are used in class A andclass B, respectively. D is wrong because 255.255.255.255 is not used asa subnet mask.

7. Windows uses a feature called Automatic Private IP Addressing(APIPA) to assign an IP address to itself when no DHCP server isavailable. APIPA uses the IP address range 169.254.0.1 through169.254.255.255.

8. The –a option for the netstat command is used to display activeconnections, and the –n option is used to order addresses and portsnumerically.

9. If you can successfully ping a remote host, then TCP is at leastconfigured with the correct IP address and subnet mask. If the remotehost is on a different subnet, then the default gateway is likely configuredcorrectly, as well. However, pinging does not tell you whether otherparameters, such as DNS, are configured properly. Also, if the ping of aremote host is unsuccessful, the ping does not return information aboutwhat might be wrong. Using ipconfig /all will tell you whether the IPaddress and all other TCP/IP settings are configured properly. B and Care wrong because pinging the local address or the loopback address(127.0.0.1) may tell you whether TCP/IP is loaded on a computer, butnot whether it is configured properly.

10. The netsh command interface ip reset resets TCP/IP to its defaultvalues. A is wrong because you can no longer uninstall TCP/IP inWindows 2003 as you could in previous versions. B and D are wrongbecause these commands do not exist.



Date post:	13-Jul-2018
Category:	Documents
Upload:	hatuyen
View:	266 times
Download:	1 times

Configuring and Troubleshooting TCP/IP · Configuring and Troubleshooting TCP/IP ITINERARY ... 53...

Documents