Pathping is a Windows based command-line tool used to provide information about the path data takes to its destination, network latency and network loss at intermediate hops between a source and destination.
Network Troubleshooting Dos Commands
Ping is the most important troubleshooting command and it checks the connectivity with the other computers. For example your system’s IP address is 10.10.10.10 and your network servers’ IP address is 10.10.10.1 and you can check the connectivity with the server by using the Ping command in following format.
At DOS prompt type Ping 10.10.10.1 and press enter
If you get the reply from the server then the connectivity is ok and if you get the error message like this “Request time out” this means the there is some problem in the connectivity with the server.
IPconfig is another important command in Windows. It shows the IP address of the computer and also it shows the DNS, DHCP, Gateway addresses of the network and subnet mask.
At DOS prompt type ipconfig and press enter to see the IP address of your computer.
At DOS prompt type inconfig/all and press enter to see the detailed information.
NSLOOKUP is a TCP/IP based command and it checks domain name aliases, DNS records, operating system information by sending query to the Internet Domain Name Servers. You can resolve the errors with the DNS of your network server
Hostname command shows you the computer name.
At DOS prompt type Hostname and press enter
NETSTAT utility shows the protocols statistics and the current established TCP/IP connections in the computer.
NBTSTAT helps to troubleshoot the NETBIOS name resolutions problems.
ARP displays and modifies IP to Physical address translation table that is used by the ARP protocols.
Finger command is used to retrieve the information about a user on a network.
Tracert command is used to determine the path of the remote system. This tool also provides the number of hops and the IP address of each hop. For example if you want to see that how many hops (routers) are involved to reach any URL and what’s the IP address of each hop then use the following command.
At command prompt type tracert www.yahoo.com you will see a list of all the hops and their IP addresses.
Traceroute is a very useful network debugging command and it is used in locating the server that is slowing down the transmission on the internet and it also shows the route between the two systems
Route command allows you to make manual entries in the routing table.
What is DNS?
Domain name system/server is used to translate the IP address into the hostname and hostname into the IP address. DNS is mostly used on the internet and the networks.
What is DHCP?
Dynamic host configuration protocol is used to dynamically assign the IP address to the networked computers and devices. DHCP is a network protocol that automatically assigns static and dynamic IP addresses from its own range.
What is a Router?
Router is the most important network device that is used to connect two logically and physically different networks. Router defines the short possible route for the data to reach its destination. A router works with built-in intelligent software known as routing table, which helps to determine the route between the two networks.
What is Gateway?
A gateway is software or a hardware that is used to connect the local area network with the internet. A gateway is a network entrance point and a router usually works as a gateway.
What is WLAN?
WLAN or Wireless local area network is simply a type of network that doesn’t use wired Ethernet connections for networking. WLAN uses wireless network devices such as wireless routers etc.
What is Subnet Mask?
A subnet mask is used to determine the number of networks and the number of host computers. Every class of the IP address uses the different range of the subnet mask. Subnet masks allow the IP based networks to be divided into the sub networks for performance and security purposes.
What is a MAC Address?
MAC address or Media Access control is a unique identifier of a computer device. The MAC address is provided by the manufacturer of the device. MAC addresses are 12 digital hexadecimal numbers.
What is an IP Address?
An IP address is a unique identifier of a computer or network device on the local area network, WAN or on internet. Every host computer on the internet must have a unique IP address. IP addresses on the internet are usually assigned by the local ISPs to which users are connected.
What is Wifi?
Wi Fi or wireless fidelity is a base band network technology that is used for the wireless data communication.
What is WiMax?
Wi Fi is a next form of the Wi fi. Wi max is a very high speed broadband network technology that is designed for the corporate offices, roaming and home users.
Name the Seven Layers of OSI Model
The seven layers of the OSI are Application, Presentation, Sessions, Transport, Network, Data Link and Physical layer.
What is LDAP?
Lightweight Directory Access Protocol is used to access the directory services from the Active directory in Windows operation systems.
What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP, and FTP?
SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP, FTP-21, HTTP-80
What is IPv6?
IP V6 is a next generation protocol that is used as an expansion of DNS.
What is UDP?
UDP or user datagram protocol is a connectionless protocol that is used to transfer the data without any error handling.
What is Firewall?
A firewall is usually a software program that is installed on the network server or gateway. The purpose of the firewall is to protect the network resources from the intruders and unauthorized persons.
What is Virtual Private Network (VPN) and how does it work?
VPN or virtual private network is used to connect two networks by means internet. VPN uses PPTP (point to point tunneling protocol) and other security procedures to make a secure tunnel on internet.
VOIP or voice over internet protocol is a technology that uses IP based networks such as internet or private networks to transmit the voice communication.
Define Bluetooth Technology
Bluetooth is a short range wireless technology that uses radio waves for communication. Many mobile phones, laptops, MP3 players have built in features of the Bluetooth.
What is a RAS server?
RAS or remote access server allows you to remote dial in through the desktop computers, laptops and GSM mobile phones.
What’s a Frame Relay?
Frame relay is high speed data communication technology that operates at the physical and data link layers of the OSI model. Frame relay uses frames for data transmission in a network.
What is IPv6?
Internet Protocol version 6 (IPv6) is a network layer IP standard used by electronic devices to exchange data across a packet-switched internetwork. It follows IPv4 as the second version of the Internet Protocol to be formally adopted for general use. ipv6 it is a 128 bit size address. This is total 8 octants each octant size is 16 bits separated with “:”, it is in hexa decimal format. These 3 types:
- unicast address
- multicast address
- anycast address
loopback address of ip v6 is ::1
What is subnet?
A subnet allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance.
What is Subnet Mask?
A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.
Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a part of the host address is reserved to identify the particular subnet. This is easier to see if we show the IP address in binary format.
What is Default Gateway?
a gateway is a device on a network that acts as an entrance to another network. In more technical terms, a gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination), but not the routes to every address on the Internet. It won’t even know all the routes on the nearest subnets. A gateway will not have this information either, but will at least know the addresses of other gateways it can hand the traffic off to. Your default gateway is on the same subnet as your computer, and is the gateway your computer relies on when it doesn’t know how to route traffic.
The default gateway is typically very similar to your IP address, in that many of the numbers may be the same. However, the default gateway is not your IP address.
Describe how the DHCP lease is obtained.
It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.
What’s the difference between forward lookup and reverse lookup in DNS?
Forward lookup is name-to-address, the reverse lookup is address-to-name.
How can you recover a file encrypted using EFS? Use the domain recovery agent.
What is LMHOSTS file?
It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
How can you force the client to give up the dhcp lease if you have access to the client PC?
OSI 7 Layers Reference Model For Network Communication
Open Systems Interconnection (OSI) model is a reference model developed by ISO (International Organization for Standardization) in 1984, as a conceptual framework of standards for communication in the network across different equipment and applications by different vendors. It is now considered the primary architectural model for inter-computing and internetworking communications. Most of the network communication protocols used today have a structure based on the OSI model. The OSI model defines the communications process into 7 layers, which divides the tasks involved with moving information between networked computers into seven smaller, more manageable task groups. A task or group of tasks is then assigned to each of the seven OSI layers. Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.
The OSI 7 layers model has clear characteristics. Layers 7 through 4 deals with end to end communications between data source and destinations. Layers 3 to 1 deal with communications between network devices.
The specific description for each layer is as follows:
Layer 7:Application Layer
Defines interface to user processes for communication and data transfer in network
Provides standardized services such as virtual terminal, file and job transfer and operations
Layer 6:Presentation Layer
Masks the differences of data formats between dissimilar systems
Specifies architecture-independent data transfer format
Encodes and decodes data; Encrypts and decrypts data; Compresses and decompresses data
Layer 5:Session Layer
Manages user sessions and dialogues
Controls establishment and termination of logic links between users
Reports upper layer errors
Layer 4:Transport Layer
Manages end-to-end message delivery in network
Provides reliable and sequential packet delivery through error recovery and flow control mechanisms
Provides connectionless oriented packet delivery
Layer 3:Network Layer
Determines how data are transferred between network devices
Routes packets according to unique network device addresses
Provides flow and congestion control to prevent network resource depletion
Layer 2:Data Link Layer
Defines procedures for operating the communication links
Detects and corrects packets transmit errors
Layer 1:Physical Layer
Defines physical means of sending data over network devices
Interfaces between network medium and devices
Defines optical, electrical and mechanical characteristics
SSPI (Security Support Provider Interface)
SSPI allows an application to use various security models available on a computer or network without changing the interface to the security system.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be “honest” about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that “the bad guys” are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network — and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture.
NTLM (NT LAN Manager)
NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider (“NTLMSSP”). Originally used for authentication and negotiation of secure DCE/RPC, NTLM is also used throughout Microsoft’s systems as an integrated single sign-on mechanism. It is probably best recognized as part of the “Integrated Windows Authentication” stack for HTTP authentication; however, it is also used in Microsoft implementations of SMTP, POP3, IMAP (all part of Exchange), CIFS/SMB, Telnet, SIP, and possibly others.
The NTLM Security Support Provider provides authentication, integrity, and confidentiality services within the Window Security Support Provider Interface (SSPI) framework. SSPI specifies a core set of security functionality that is implemented by supporting providers; the NTLMSSP is such a provider. The SSPI specifies, and the NTLMSSP implements, the following core operations:
1. Authentication — NTLM provides a challenge-response authentication mechanism, in which clients are able to prove their identities without sending a password to the server.
2. Signing — The NTLMSSP provides a means of applying a digital “signature” to a message. This ensures that the signed message has not been modified (either accidentally or intentionally) and that that signing party has knowledge of a shared secret. NTLM implements a symmetric signature scheme (Message Authentication Code, or MAC); that is, a valid signature can only be generated and verified by parties that possess the common shared key.
3. Sealing — The NTLMSSP implements a symmetric-key encryption mechanism, which provides message confidentiality. In the case of NTLM, sealing also implies signing (a signed message is not necessarily sealed, but all sealed messages are signed).
NTLM has been largely supplanted by Kerberos as the authentication protocol of choice for domain-based scenarios. However, Kerberos is a trusted-third-party scheme, and cannot be used in situations where no trusted third party exists; for example, member servers (servers that are not part of a domain), local accounts, and authentication to resources in an untrusted domain. In such scenarios, NTLM continues to be the primary authentication mechanism (and likely will be for a long time).
How to make sure that you are using Kerberos authentication
SQL Server 2005 supports Kerberos authentication indirectly through the Windows Security Support Provider Interface (SSPI) when you are using Windows integrated authentication instead of SQL authentication. However, SQL Server will only use Kerberos authentication under certain circumstances when SQL Server can use SSPI to negotiate the authentication protocol to use. If SQL Server cannot use Kerberos authentication, Windows will use NTLM authentication. For security reasons, we recommend that you use Kerberos authentication instead of NTLM authentication. Administrators and users should know how to make sure that they are using Kerberos authentication for remote connections.
To use Kerberos authentication, you must make sure that all the following conditions are true:
• Both the server and the client computers must be members of the same Windows domain or members of trusted domains.
• The server’s service principal name (SPN) must be registered in the Active Directory service.
• The instance of SQL Server 2005 must enable the TCP/IP protocol.
• The client must connect to the instance of SQL Server 2005 by using the TCP/IP protocol. For example, you can put the TCP/IP protocol at the top of the client’s protocol order. Or you can add the prefix “tcp:” in the connection string to specify that the connection will use the TCP/IP protocol.
After you connected to an instance of SQL Server 2005, run the following Transact-SQL statement in SQL Server Management Studio:
select auth_scheme from sys.dm_exec_connections where session_id=@@spid
If SQL Server is using Kerberos authentication, a character string that is listed as “KERBEROS” appears in the auth_scheme column in the result window.
A virtual IP address (VIP or VIPA) is an IP address that is not connected to a specific computer or network interface card (NIC) on a computer. Incoming packets are sent to the VIP address, but all packets travel through real network interfaces.
VIPs are mostly used for connection redundancy; a VIP address may still be available if a computer or NIC fails because an alternative computer or NIC replies to connections
We can also use VIP for load balancing and Automatic Failover
Definition: A port number represents an endpoint or “channel” for network communications. Port numbers allow different applications on the same computer to utilize network resources without interfering with each other.
Port numbers most commonly appear in network programming, particularly socket programming. Sometimes, though, port numbers are made visible to the casual user. For example, some Web sites a person visits on the Internet use a URL like the following:
In this example, the number 8080 refers to the port number used by the Web browser to connect to the Web server. Normally, a Web site uses port number 80 and this number need not be included with the URL (although it can be).
In IP networking, port numbers can theoretically range from 0 to 65535. Most popular network applications, though, use port numbers at the low end of the range (such as 80 for HTTP). The port number is included as a field within the header of each IP packet.
Note: The term port also refers to several other aspects of network technology. A port can refer to a physical connection point for peripheral devices such as serial, parallel, and USB ports. The term port also refers to certain Ethernet connection points, such as those on a hub, switch, or router.
You can find the list of port number at below URL
UDP (User Datagram Protocol)
Definition: UDP is a lightweight transport built on top of IP. UDP squeezes extra performance from IP by not implementing some of the features a more heavyweight protocol like TCP offers. Specifically, UDP allows individual packets to be dropped (with no retries) and UDP packets to be received in a different order than they were sent.
UDP is often used in videoconferencing applications or games where optimal performance is preferred over guaranteed message delivery. UDP is one of the oldest network protocols, introduced in 1980 in RFC document 768.
DNS Server (Domain Name System)
Definition: The DNS translates Internet domain and host names to IP Addresses. DNS automatically converts the names we type in our Web browser address bar to the IP addresses of Web servers hosting those sites.
DNS implements a distributed database to store this name and address information for all public hosts on the Internet. DNS assumes IP addresses do not change (are statically assigned rather than dynamically assigned).
The DNS database resides on a hierarchy of special database servers. When clients like Web browsers issue requests involving Internet host names, a piece of software called the DNS resolver (usually built into the network operating system) first contacts a DNS server to determine the server’s IP address. If the DNS server does not contain the needed mapping, it will in turn forward the request to a different DNS server at the next higher level in the hierarchy. After potentially several forwarding and delegation messages are sent within the DNS hierarchy, the IP address for the given host eventually arrives at the resolver, that in turn completes the request over Internet Protocol.
DNS additionally includes support for caching requests and for redundancy. Most network operating systems support configuration of primary, secondary, and tertiary DNS servers, each of which can service initial requests from clients. ISPs maintain their own DNS servers and use DHCP to automatically configure clients, relieving most home users of the burden of DNS configuration.
Also Known As: Domain Name System, Domain Name Service, Domain Name Server
Dynamic Host Configuration Protocol Definition: DHCP allows a computer to join an IP-based network without having a pre-configured IP address. DHCP is a protocol that assigns unique IP addresses to devices, then releases and renews these addresses as devices leave and re-join the network.
Internet Service Providers (ISPs) usually use DHCP to allow customers to join the Internet with minimum effort. Likewise, home network equipment like broadband routers offers DHCP support for added convenience in joining home computers to the LAN.
DHCP environments require a DHCP server set up with the appropriate configuration parameters for the given network. Key DHCP parameters include the range or “pool” of available IP addresses, the correct subnet masks, plus gateway and name server addresses.
Devices running DHCP client software can then automatically retrieve these settings from DHCP servers as needed. Using DHCP on a network means system administrators do not need to configure these parameters individually for each client device.
NetBIOS Definition: NetBIOS is a software protocol for providing computer communication services on local networks. Microsoft Windows uses NetBIOS on Ethernet or Token Ring networks.
Software applications on a NetBIOS network locate each other via their NetBIOS names. A NetBIOS name is up to 16 characters long and in Windows, separate from the computer name. Applications on other computers access NetBIOS names over UDP port 137. It provides name resolution services for NetBIOS.
Two applications start a NetBIOS session when one (the client) sends a command to “Call” another (the server) over TCP port 139 on a remote computer. Both sides issue “Send” and “Receive” commands to deliver messages in both directions. The “Hang-Up” command terminates a NetBIOS session.
NetBIOS also supports connectionless communications via UDP datagrams. Applications listen on UDP port 138 to receive NetBIOS datagrams.
NetBIOS and NetBEUI are separate but related technologies. NetBEUI extends NetBIOS with additional networking capabilities.
Also Known As: Network Basic Input/Output System
WINS Definition: The Windows Internet Naming Service (WINS) supports name resolution, the automated conversion of computer names to network addresses, for Windows networks. Specifically, WINS converts NETBIOS names to IP addresses on a LAN or WAN.
Like DNS, the Windows Internet Naming Service employs a distributed client/server system to maintain the mapping of computer names to addresses. Windows clients can be configured to use primary and secondary WINS servers that dynamically update name/address pairings as computers join and leave the network. The dynamic behavior of WINS means that it also supports networks using