TCP/IP Debugging Tools in Windows Server – Ipconfig, Arp and Netstat

Continuing with our look at the Windows Server TCP/IP debugging tools we turn our attention to the Ipconfig, Arp and Netstat tools.

Ipconfig

The Ipconfig tool shows all the TCP/IP configuration values, this is of particular use on systems running DHCP. It is used to refresh the DHCP settings and  determine the TCP/IP configuration values which are assigned by DHCP. If the Ipconfig tool is used with no parameters, it will show the IP addresses, subnet masks, and also the gateways for all adapters on a system. The adapters can be either physical network adapters or else logical adapters like dialup connections.

Some  parameters for Ipconfig are as below:

  • /all : Shows all the TCP/IP configuration values.
  • /displaydns : Shows the contents of the DNS client resolver cache.
  • /flushdns : Resets and also flushes all the contents of the DNS client resolver cache. This also includes entries which have been  made dynamically.
  • /registerdns : Specifies the manual dynamic registration for DNS names and the IP addresses that are configured on a system. This can be especially useful when troubleshooting  DNS name registrations or any dynamic update issues between the  DNS server and client.
  • /release[Adapter] : This sends a DHCP release message to a DHCP server to disregard the DHCP-configured settings for  adapters, this only available for DHCPenabled clients. If there is no adapter is specified, the IP address configuration is released for all the adapters.
  • /renew[Adapter] : Renews the DHCP configuration for all the adapters (if no adapter has been specified) and also for a specific adapter if an Adapter parameter has been included. This is only available for clients which are DHCP-enabled.
  • /setclassid Adapter [classID] : Configures the DHCP class ID for a certain adapter, this can configure the DHCP class ID for all the adapters by including a wildcard (*) character in place of the Adapter.
  • /showclassid Adapter : Shows the DHCP class ID for a certain adapter.
  • /allcompartments : Shows info about all the compartments.
  • /allocmpartments /all : Shows detailed info on all compartments.

Ipconfig shows the assigned configuration for the system such as default gateway, local IP address, DNS servers,  subnet mask etc. When  debugging network problems, you may use the Ipconfig tool to confirm that the correct TCP/IP settings are set for a system so that a server will properly communicate on the network.

Arp

The Arp (Address Resolution Protocol) tool is enables the display and alteration of the Arp table on a local system, which matches physical MAC addresses of system to the  corresponding IP addresses. The Arp tool increases the speed of connection by eliminating the requirement to match MAC addresses with IP addresses for subsequent connections.
The most important parameters for the Arp tool are as below:

  • -a[InetAddr] [-N IfaceAddr] : Shows  the Arp table for all the adapters on a system. You should use Arp –a with the InetAddr (IP address) parameter to show what the ARP cache entry is on an IP address.
  • -dInetAddr [IfaceAddr] : This deletes an entry with a certain IP address (ie InetAddr). You can use the IfaceAddr parameter (IP address which is assigned to the interface) to delete an entry in a table for a specified interface. The wildcard character can be used  instead of InetAddr to delete all entries.
  • -sInetAddr EtherAddr [IfaceAddr] : This adds a static entry to the ARP cache which resolves the IP address (ie InetAddr) to the  physical address (EtherAddr). Add a static ARP cache entry to the table for a specific interface by using the IP address assigned to the interface (ie IfaceAddr).

Netstat

The Netstat (Network Statistics) tool can be used to monitor connections to a remote host, displaying  protocol stats for active connections, and monitoring IP addresses or the domain names of hosts with established connections.
The main parameters for Netstat are as below:

  • -a : Shows all the connections and the listening ports by hostname.
  • -b : Shows the executable involved in creation of all the  connections.
  • -e : Shows the Ethernet packets and bytes to and from the host.
  • -n : Shows the address and port numbers by does not resolve the address to the hostname.
  • -o : Shows TCP connections and also includes the relevant process ID (PID). This can be used in  with –a, -n, and –p. This is unavailable in Windows versions prior to 2008 R2.
  • -p protocol : Shows the statistics based on protocol specified. The protocols which can be specified are TCP, UDP, TCPv6 and UDPv6. This can be used with the –s  parameter to show TCP, UDP, ICMP, IP, TCPv6, UDPv6, ICMPv6, or IPv6.
  • -s : Shows the statistics on a an individual protocol basis. This can be used with an  –p parameter to define a set of protocols.
  • -t : Shows the current connection offload state.
  • -r : Shows the route table, the information shown includes the network  destination, gateway, netmask, interface, and metric (ie number of hops).
  • [Parameter] Interval : Shows the info at every specified interval, the interval is in seconds. Hit Ctrl+C to stop the intervals.