you will do quite a bit of network troubleshooting when you're trying to determine why the network is slow why someone's not able to start a particular application or why their network connection simply isn't working as you would expect whenever you sit down at someone's computer there may be a very different network configuration than someone else's computer so it's useful to run a utility to see how this particular system is set up the command you want to use in Windows is IP config this will tell you information about IP addressing subnet masks gateways and other information that's important when troubleshooting the network the IP config command can also tell you information about the network adapter you're using so whether you're on a wired Ethernet connection or a wireless link you can get more information about your network interface card using IP config and of course you may want to know what DNS servers are configured on this device did this device receive a DHCP address and from what DHCP server and other important network details ip config can give you this information and a lot more let's say Rodney has asked us to stop by his computer and perform some diagnostics before we start making any changes let's see how this particular system is configured we will run simply the IP config command this tells us that we are on an Ethernet network gives us IPv6 address information IPv4 information subnet masks and default gateway details but if we'd like more information we can run the same IP config command with the slashall option and this provides us with a great deal of additional information such as the host name DNS suffix information the type of IP routing configurations are on this system we have information here about DNS servers that are configured and we can see here that DHCP is enabled and that we have not configured an IP address using DHCP on the system this gives us a great deal of information about how this system has been configured and what those individual settings might be when you're troubleshooting network connectivity issues one of the first things you'd like to know is if the machine you're trying to connect to is really connected to the network one of the ways you could do that is by using the ping command the ping command tests reachability by sending a special packet to a device and getting a response back from that device it uses a protocol known as the internet control message protocol or ICMP let's say in this case we'd like to know if Rodney's machine is really able to communicate to his primary DNS server if we look at the results of our IP config command we can see that the primary DNS server is 192.168.1.155 so we will use the ping command and we'll specify 192.168.155 and we can see that we have connectivity to that device we ping that device with 32 bytes of data and it got four separate replies back from that device this also tells us response time information for receiving that response from that particular IP address and it provides time to live information as well we'll talk more about time to live in just a moment now we've got a summary of all of the pings that we ran by default we sent four pings we received four back which means there was 0% loss and we can see the approximate roundtrip times minimum are 5 milliseconds maximum is 322 milliseconds which means the average is 143 milliseconds based on this information we can determine if we really are able to reach that particular device and we can get information about how well and how quickly we're able to send and receive information to that server our local computers are constantly communicating across the network to other servers and there may be times that other devices are communicating to your device to gather information as well one way that you can see these connections is by using the netstat command netstat stands for network statistics and it's a command that's used in Windows Linux Mac OS and other operating systems the default netstack command can tell you a lot of information about the communication occurring across the network but there are some options you might want to try to give you some additional details for example netstat- a will show you all active connections on a Windows machine if you're interested in knowing exactly which Windows binary was used to be able to send or receive this network communication you can use netstat-b if you are going to use that command you will need to run in an elevated mode or run as an administrator at the command prompt by default netstat will try to perform DNS resolution so you can see the fully qualified domain name instead of IP addresses but if you'd rather see the IP address you can use the dash option to only show IP in the netstat output let's run the netstat command on Rodney's machine we'll run netstat without any other options and just see what we get you can see there's a column for protocol in this case it would be TCP or UDP there are local addresses and port numbers that are mentioned there also foreign addresses this is the other device that we are communicating with that is different than the local address and then there is a state for that communication sometimes we are established others might say close wait there may be other statistics that you'd see depending on the status of that network connection to get an idea of how things might change with network communication let's start up a browser communication using Chrome it loaded up the Google homepage and now let's run that NetStack command again you can see there are a number of new entries in this netstat table because we initiated additional network connections to these servers located at Google it's difficult to tell from this view exactly what applications are associated with these different connections so let's close out that window and open a new command prompt but in this case we're going to run it as administrator windows now asks for administrator access so that it can launch that command prompt with elevated access we will use administrator and I will use the password for the administrator account on this domain and now we have a command prompt that is running as administrator now let's do the same netstat command and you can see there are a number of different connections that are going back and forth now let's open up our Chrome browser again and have it launch that Google screen and in this case let's run a netstat-b you'll notice the same connections are shown but for every connection you can see the executable that's used for that connection for example we have a number of different connections down here that are connecting over HTTPS and you can see that Chrome.exe exe is the application that caused that network communication to occur we rely on our domain name servers to be able to convert from a fully qualified domain name back to an IP address and we can also perform an IP address to fully qualified domain name conversion we also can gather a lot more details from DNS servers and we can use the utility NS lookup to be able to perform those queries there are extensive options available in the NSOup application although most of the time we're simply performing a lookup of an IP address or name there are many different options within NSOKUP and I highly encourage you to look at some of the other capabilities you might end up using those to troubleshoot a number of network issues back on Rodney's machine we know that there is a server called Cheyenne 1 and there are shares on that server but we don't remember what those shares are so we're going to use the net view command with the name of that server and we'll use two backslashes to designate that this is a server name chn1 is the name of that server and you can see that there are a number of shares available there's the net loon share and the sysball share these are common shares that are built into the Windows system but there's also the missions share and the schematics share let's say that we'd like to connect to the schematic share if we were to look at our system I'll bring up the file explorer we can see that currently we have a local drive that's our C drive we also have an X drive a Y drive and a Z drive on this system so let's now connect to the schematic share by using the net use command for net use we need to specify the drive letter that will be associated with this share let's say that we're going to use H colon in this example and then we'll specify the server name and the name of the share the server name has two backslashes and chy en ne1 and then another backslash and the name of the share in this case schematics and if we hit enter it says that the command completed successfully if we now go back to our file explorer we can see that a new drive share has appeared on Cheyenne for hon and it is our schematics share if we're troubleshooting Rodney's computer we may want to get more details about their user account information so we can run the net user command to provide those details let's specify that this is rm c a y that's the username for this user and let's also specify that this is going to be for a domain if we hit enter we can get more details on this username we can see the full name for this person information about country codes is the account active in this case yes it is when was the password last set when does it expire you got information about login scripts and login directories and information about any groups this user may be a part of so if you're troubleshooting this particular user and you want to know information about what groups they belong to or how their account is currently configured simply use the net user command when we're communicating to another device on the network that other device might be on our local subnet it might be in our building it might be in a different city or a different country one way that you could see all of the different connections between you and that other device is by using the trace route command and in Windows this is abbreviated trace RT trace Route uses MP which is the same protocol we use for ping to be able to determine where all of the different routers might be between our device and another IP address it uses a feature of MP called time to live exceeded and it uses that in conjunction with a time to live setting in the world of IP version 4 time to live is not referring to seconds or minutes or a time of day it's referring to a number of hops a hop is referred to as a single connection passing through a router so a time tolive of one would be your connection to the first router time to live of two would be able to give you the information to connect to the second router and so on time to live relies on MP and the ability to send these ICMP messages across the network some firewalls will filter out this ICMP information which means you may have limited visibility when trying to determine where a particular router might be we're going to run a time to live on Rodney's computer but before we do that let's see what's happening behind the scenes this is a setup that has a couple of computers on our local network and a device that's on the remote network in this scenario we're going to run a trace route from Sam's laptop to Jack's computer and it's going to pass through a few switches you can see those switches are the square boxes and then it's also going to pass through a number of routers the routers are the round icons that you see on the screen each time we hit a router that's a hop and it's going to specify what the IP address is of that hop on the local machine so for instance let's run a trace route to 1010.30.10 10 obviously 1010.3010 is Jack's machine here on the remote network the first step is Sam will set up a trace route and it will set a time to live of 1 and that will be sent to the first router that is closest to SAM that first router sees that time to live is equal to one and one of the responsibilities of every router is to decrease time to live by one each time a packet goes through so time to live is going to be changed to zero which means the time to live is exceeded every time you hit TTL equals 0 a message is sent back to the originating station saying "Sorry we weren't able to complete this because time to live got all the way down to zero your time to live has been exceeded." When trace route receives that TTL exceeded message it puts a message up on the screen that says "Our first router is 1010.10.1 10.1 because that's the device that sent back that time to live exceeded message now the process repeats but instead of sending it out as a time to live equal to 1 the time to live will be equal to two when it hits the first router the time to live will be decreased by one so time to live is now one then it goes to the next router and time to live is decreased one more time down to zero time to live has been exceeded and that message is sent back to Sam's workstation and the results are put on the screen process happens again where time to live is now set to three this goes to the first router where time to live will go from 3 to two goes to the second router where time to live goes from 2 to 1 and then goes to the third router where time to live hits zero time to live is exceeded that message is sent back to Sam's workstation and the results of that are put on the screen this process will continue until we finally make it to that end device of 1010.3010 so now time to live is incremented up to four that means it goes to the first router and decreases to three goes to the second router goes down to two goes to the third router TTL goes down to one and then finally makes it to Jack's workstation and Jack now is able to send back a reply to that message saying that it made it all the way through from Sam's machine to Jack's machine the results of that are also put on the screen and we now have our trace route showing all four hops between Sam's machine and Jack's machine here's an example of a trace route this trace route is to 99.9 it takes a few seconds for trace route to run this is the result of a trace route that I did to 99.99.9 it says that it's doing this to DNS9 9.net which is the DNS name associated with 99.9 and you can see there are eight different hops that occurred to get from my machine which is 10.110.1 all the way down to 9.99.9 and you can see with each one of these there are three different attempts that were made and in each attempt we're able to receive information about response time for each one of these hops we also have IP addresses and names associated with each router along the way so we know that 10.110.1 communicates to 96.12058.37 the next router in these hops is 96.110.208.117 and so on we can track every hop along the way to determine exactly what routers are involved with this communication if we run into problems on the network we can run this trace route again and compare the results we got originally with the new set of results for example if a router in the middle of the conversation was to fail even though that router is in a different city or a different state we still know what IP address was supposed to be there and we can show that this is the normal route versus the route that we're seeing now these ping functions and trace route utilities are incredibly useful when you're troubleshooting the network but what if you could combine the features of ping and trace route into a single utility that utility is path ping and this is a utility commonly found on most versions of Windows pathping has two different phases that it goes through the first phase is that it runs a trace route to build out a map of the connection between your device and the destination IP address on the second phase it then runs a roundtrip test to each of those hops so now we're able to get a better understanding of the performance from our device to each router on every hop from our device to another here's an example where I ran a path ping to 8.8.8.8 and you can see the first thing that it does is run a trace route this is very similar view to what we saw when running an independent trace RT utility command this is one that shows us all of the different hops and you can see there are 13 hops to reach 8.8.8 at 8.8 this is the output from the first phase of the path ping command once it understands what all of these different hops are it will then start computing statistics for each one of those routers along the way and you can see here that Pathping says it's going to calculate statistics for 325 seconds once those 325 seconds have elapsed Pathping then presents you with information about every hop the amount of roundtrip time between each one of those we can see how many packets have been sent and how many were lost along the way and we can see information about the addresses at each one of these hops most of these work flawlessly but you can see there must be a firewall at hop 12 or some type of filter because we weren't able to get response time statistics from that particular IP address