Learn Windows XP Professional in 15 Minutes a Week: Troubleshooting TCP/IP in Windows XP Professional - Part 1

by ServerWatch Staff

Jason Zandri's latest article in the Learning Windows XP Professional in 15 Minutes a Week series continues a discussion on the TCP/IP Protocol within Windows XP Professional and specifically addresses troubleshooting the network protocol.

by Jason Zandri

Welcome to this week's installment of Learn Windows XP Professional in 15 minutes a week, the 14th in this series. This article will continue covering the TCP/IP Protocol within Windows XP Professional and will specifically focus on troubleshooting the network protocol under Windows XP Professional.

Internet Protocol Addressing Overview

The Transmission Control Protocol/Internet Protocol is a network communication protocol. It can be used as a communications protocol on private networks and is the default protocol in use on the internet. When you set up any system to have direct access to the Internet, whether it is via dial-up or one of the high speed technologies in use today, your system will need to utilize the TCP/IP protocol (whether it is a Windows-based system or not).

Also, if the given system needs to communicate with other TCP/IP systems on the local LAN or WAN, it will need to utilize the TCP/IP protocol as well.

[NOTES FROM THE FIELD] - This is just a basic overview of TCP/IP, and I didn't want to get too involved with it within this article. There is bountiful information on TCP/IP all over the internet and before pouring through the RFCs I would first suggest you try these two resources -- TCP/IP Frequently Asked Questions or TCP/IP Protocol Suite - Questions & Answers.

I have gone into a more detailed overview of the TCP/IP Protocol in an article from a couple of weeks ago, which covered the four-layer conceptual model of TCP/IP and how the model stacks up against the seven layer Open System Interconnection (OSI) protocol model.

TCP/IP Troubleshooting

Windows XP Professional offers several native programs for use in helping to troubleshooting TCP/IP.

PING - Ping can be used to test your TCP/IP connection by sending a message to the remote node or gateway from a local system. (It can also be used to test the loopback locally only to see if it is working correctly.) If the remote node or gateway receives the message, it responds with a reply message. The reply consists of the remote's IP address, the number of bytes in the message, how long it took to reply (given in milliseconds), the length of time-to-live (TTL) in seconds. It will also show any packet losses in terms of percentages. Here's what a sample reply looks like:

Pinging with 32 bytes of data:

Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name


  • -t  - Ping the specified host until stopped. To see statistics and continue, type Control-Break; To stop, type Control-C.
  • -a  - Resolve addresses to hostnames.
  • -n count  - Number of echo requests to send.
  • -l size  - Send buffer size.
  • -f  - Set Don't Fragment flag in packet.
  • -i  - TTL: Time To Live.
  • -v  - TOS: Type Of Service.
  • -r count  - Record route for count hops.
  • -s count  - Timestamp for count hops.
  • -j host-list  - Loose source route along host-list.
  • -k host-list  - Strict source route along host-list.
  • -w timeout  - Timeout in milliseconds to wait for each reply.

ARP - Displays and modifies the IP-to-Physical address translation tables used by the address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

  • -a - Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
  • -g - Same as -a.
  • -inet_addr - Specifies an internet address.
  • -N if_addr - Displays the ARP entries for the network interface specified by if_addr.
  • -d - Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts.
  • -s - Adds the host and associates the Internet address inet_addr with the Physical address
  • -eth_addr. - The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
  • -eth_addr - Specifies a physical address.
  • -if_addr - If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.


> arp -s 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.

IPCONFIG - Use the ipconfig command to get the local system's basic IP configuration information, including the IP address, subnet mask, and default gateway.

The IPCONFIG/all switch produces a detailed configuration report for all interfaces, including any configured remote access adapters.

USAGE: ipconfig [/? | /all | /renew [adapter] | /release [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] ]

  • /all - Display full configuration information.
  • /release - Release the IP address for the specified adapter.
  • /renew - Renew the IP address for the specified adapter.
  • /flushdns - Purges the DNS Resolver cache.
  • /registerdns - Refreshes all DHCP leases and re-registers DNS names.
  • /displaydns - Display the contents of the DNS Resolver Cache.
  • /showclassid - Displays all the dhcp class IDs allowed for adapter.
  • /setclassid - Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed.

NBTSTAT - NetBT Statistics (Nbtstat.exe) is used for troubleshooting network NetBIOS names over TCP/IP (NetBT) resolution problems from the command line. It displays protocol statistics and current TCP/IP connections that are using NetBT.

When a network is functioning, NetBT resolves NetBIOS names to IP addresses. It uses several options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, Lmhosts and Hosts file lookup, and DNS server query.

Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ]

  • -a (adapter status) - Lists the remote machine's name table given its name.
  • -A (Adapter status) - Lists the remote machine's name table given its IP address.
  • -c (cache) - Lists NBT's cache of remote [machine] names and their IP addresses.
  • -n (names) - Lists local NetBIOS names.
  • -r (resolved) - Lists names resolved by broadcast and via WINS.
  • -R (Reload) - Purges and reloads the remote cache name table.
  • -S (Sessions) - Lists sessions table with the destination IP addresses.
  • -s (sessions) - Lists sessions table converting destination IP addresses to computer NETBIOS names.
  • -RR (ReleaseRefresh) - Sends Name Release packets to WINS and then, starts Refresh.
  • RemoteName - Remote host machine name.
  • IP address - Dotted decimal representation of the IP address.
  • interval - Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.

NETSTAT - Netstat (Netstat.exe) displays TCP/IP protocol statistics and active connections to and from your computer from the command line and also provides an option to display the number of bytes sent and received, as well as network packets dropped (if any).

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

  • -a - Displays all connections and listening ports.

  • -e - Displays Ethernet statistics. This may be combined with the -s option.

  • -n - Displays addresses and port numbers in numerical form.

  • -o - Displays the owning process ID associated with each connection.

  • -p proto - Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP TCPv6, or UDPv6. If used with the s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

  • -r - Displays the routing table.

  • -s - Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.

  • interval - Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

ROUTE - You can use the route command line tool to display the current IP routing table and add or delete IP routes.

ROUTE [-f] [-p] [command] [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface]

  • -f - Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.
  • -p - When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes.


  • PRINT - Prints a route.
  • ADD - Adds a route.
  • DELETE - Deletes a route.
  • CHANGE - Modifies an existing route.

  • destination - Specifies the host.
  • MASK  - Specifies that the next parameter is the 'netmask' value.
  • netmask - Specifies a subnet mask value for this route entry. If not specified, it defaults to
  • gateway - Specifies gateway.
  • interface - Specifices the interface number for the specified route.
  • METRIC - Specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS.

If the command is PRINT or DELETE, destination or gateway can be a wildcard (wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Invalid MASK generates an error; that is, when (DEST & MASK) != DEST.


route ADD MASK IF 1
The route addition failed: The specified mask parameter is
invalid. (Destination & Mask) != Destination.


route PRINT
    destination^     ^mask   ^gateway      metric^      ^Interface

If IF is not given, it tries to find the best interface for a given gateway.

route PRINT 112* .... Only prints those matching 112*

CHANGE is used to modify gateway and/or metric only.

HOSTNAME - Hostname is used to show the local computer's host name for authentication by the Remote Copy Protocol (RCP), Remote Shell (RSH), and Remote Execution (REXEC) tools.

TRACERT - Tracert is sometimes used to verify that IP addressing has been correctly configured on a client. It will basically show the route taken to reach a remote system. 

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name


  • -d - Do not resolve addresses to hostnames.
  • -h maximum_hops - Maximum number of hops to search for target.
  • -j host-list - Loose source route along host-list.
  • -w timeout - Wait timeout milliseconds for each reply.

PATHPING - Like TRACERT, Pathping shows the route taken to reach a remote system, but PATHPING does so with more detail and allows for more functionality as well.

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-P] [-R] [-T] [-4] [-6] target_name


  • -g host-list - Loose source route along host-list
  • -h maximum_hops - Maximum number of hops to search for target. 
  • -i address - Use the specified source address.
  • -n - Do not resolve addresses to hostnames.
  • -p period - Wait period milliseconds between pings.
  • -q num_queries - Number of queries per hop.
  • -w timeout - Wait timeout milliseconds for each reply.
  • -P - Test for RSVP PATH connectivity.
  • -R - Test if each hop is RSVP aware.
  • -T - Test connectivity to each hop with Layer-2 priority tags.
  • -4 - Force using IPv4.
  • -6 - Force using IPv6.

That's a wrap for this week. Be sure to check back in next week for the next article in this series which will be Part 2 of Troubleshooting TCP/IP in Windows XP Professional.

In the meantime, best of luck in your studies and please feel free to contact me with any questions on my column and remember,

"I still yet have to figure out what happened to Preparations A through G."

Jason Zandri


This article was originally published on Monday Sep 2nd 2002
Mobile Site | Full Site