As Network Engineers we need to be versatile and troubleshooting-savvy in our work environment. Also we need to have very good knowledge of IP and other networking related commands on end-point devices such as Windows computers, Linux servers and workstations etc.
The most popular Windows CMD commands (from the DOS prompt) that are related to networking are;
- ipconfig command
- nslookup command
- ping command
- tracert command
- netstat command
- route command
- arp command
This is one of the most useful IP commands on Windows. It displays tons of useful information about the current network settings on the machine such as IPv4 and IPv6 address of all network interface cards (Ethernet adapters, WiFi adapters, virtual network adapters etc), MAC address, default gateway, subnet mask, DNS server, DHCP information etc.
If you want to find the local IP address assigned to your computer or the MAC address of your Ethernet Adapter, this is the quickest way to find this information.
Here are some different options of this command:
ipconfig /? : Displays all available options.
ipconfig /all : This will display output as shown on the screenshot above but for ALL network connection adapters of the computer (Wired Ethernet, WiFi, Vmware adapters etc).
ipconfig /release : This will release the current IPv4 addresses which were assigned dynamically from a DHCP server. If you specify also a connection name at the end, it will release only the IP of that connection adapter.
ipconfig /release6 : Same as above but for the IPv6 address.
ipconfig /renew : This usually comes after the above command and is used to request a new IP address from a DHCP server.
ipconfig /renew6 : Same as above but for the IPv6 address.
ipconfig /flushdns : This deletes the local DNS resolver cache of the computer. This cache stores DNS entries of frequently accessed internet resources so that the computer will not query an external DNS server every time you try to access an internet resource (website etc). This command is useful when troubleshooting DNS connection problems.
ipconfig /displaydns : It shows the local DNS resolver cache entries as explained above.
ipconfig /registerdns : Refreshes all DHCP addresses and also communicates again with the external DNS server to make sure its reachable etc. Very useful when troubleshooting DNS and network connectivity problems of the local computer.
“nslookup” stands for “Name System Lookup” and is very useful in obtaining Domain Name System (DNS) related information about a domain or about an IP address (reverse DNS lookup).
nslookup [domain name]: The most popular usage of this command is to find quickly the IP address of a specific domain name (A-record)
This will quickly show you if can send and receive packets (icmp packets to be exact) from your computer and hence shows whether you have network connectivity or not.
ping /? : Displays all available options
ping [IP Address] : By default it will send 4 ICMP packets to the stated IP address
ping [hostname or domain] : When “pinging” a hostname or domain name, the command will resolve first the name to IP address and then send the icmp packets to that IP.
ping [IP address] -t :This will send ping packets (icmp echo requests) continuously to the target IP.
ping -n 10 [IP address] :This will send 10 ping packets (icmp echo requests) to the target IP.
ping -l 1500 [IP address] :This will send ping packets (icmp echo requests) with size of 1500 bytes length to the target IP.
ping -a [IP address] :The -a switch tells the computer to try to find the hostname assigned to the specific IP address and then ping the IP.
ping -6 [domain or IP] :The -6 switch tells the computer to send IPv6 packets to the target.
“tracert” in Windows stands for “Trace Route”. In Linux, the same command is “traceroute”.
The command traces the path that a TCP/IP packet takes towards a destination target and shows some information (if available) of the routing nodes within this path.
Just like the “ping” command, “tracert” sends also ICMP echo packets to the destination with varying Time-to-Live (TTL) values.
tracert [domain or IP] : Traces the TCP/IP path to the specified destination target IP or domain.
Another important command is the Network Statistics (“netstat”) utility found in both Windows and Linux OS. It shows the established network TCP/IP connections of the local computer with remote hosts, open ports on the machine, the process ID (PID) of each connection etc.
Here are some popular usages of this command:
netstat -ano : Displays all connections and listening ports (-a), addresses and ports in numerical form (-n) and also the process ID of each connection (-o).
netstat -vb : Very useful to examine also which executable and which sequence created each connection and each port
netstat -p tcp -f : The “-p tcp” switch will show only TCP connections and the “-f” switch will show the FQDN name of each connection instead of just IP address.
The “route” command is used to manipulate the local routing table of the computer. You can print the current routing table, add new static routes, delete entries etc.
For example, there might be a specific network subnet which is not accessible via the default gateway of the computer. Instead, this remote subnet might be accessible via a different gateway IP. By adding a static route in the computer’s routing table you will be able to reach that remote subnet from a different gateway.
route PRINT : Displays the current routing table of the computer
route ADD [Destination network] MASK [mask] [gatewayIP]: This adds a static route in the table.
ARP stands for “Address Resolution Protocol” and is one of the core networking protocols that work in Layer 2 level and facilitate communication in a LAN.
The job of ARP is to find the physical address (MAC address) of the target and map it with its corresponding Layer 3 IP address when communicating in a LAN. The ARP cache table stores mappings of IP addresses with their corresponding MAC address.
arp -a : Displays all ARP cache mappings (IP to MAC address)
arp -d [IP address] : This will delete the arp entry for the specified IP address.
The above is useful when you changed hardware on a specific node (e.g you have changed the default gateway router) and you want to remove old arp entries. Usually it’s not needed to do anything in such a case but sometimes its required on some older computers.