The –s Switch

The –s Switch
Using the –s switch displays a variety of TCP, UDP, IP, and ICMP protocol statistics. The following is some sample output using this switch.

C:\netstat –s

IP Statistics

Packets Received                   = 17455
Received Header Errors             = 0
Received Address Errors            = 108
Datagrams Forwarded                = 0
Unknown Protocols Received         = 0
Received Packets Discarded         = 0
Received Packets Delivered         = 17346
Output Requests                    = 16374
Routing Discards                   = 255
Discarded Output Packets           = 0
Output Packet No Route             = 0
Reassembly Required                = 2

Reassembly Successful              = 1
Reassembly Failures                = 0
Datagrams Successfully Fragmented  = 0
Datagrams Failing Fragmentation    = 0

Fragments Created                  = 0

ICMP Statistics

                                               Received                      Sent
Messages                                       12                           19
Errors                                            0                                0
Destination Unreachable               0                               7
Time Exceeded                              0                               0
Parameter Problems                      0                                0
Source Quenchs                            0                                0
Redirects                                       0                                0
Echos                                             4                               8
Echo Replies                                 8                                4
Timestamps                                   0                                0
Timestamp Replies                       0                                 0
Address Masks                             0                                 0

Address Mask Replies                  0                                 0


TCP Statistics
Active Opens                                   = 715
Passive Opens                                  = 0
Failed Connection Attempts            = 35
Reset Connections                           = 638
Current Connections                        = 1
Segments Received                          = 15815
Segments Sent                                  = 15806
Segments Retransmitted                   = 61


UDP Statistics
Datagrams Received                        = 573
No Ports                                           = 946
Receive Errors                                 = 0

Datagrams Sent                                = 492

NOTE:

Because the Network+ exam doesn’t cover them, we won’t go into detail on what all these statistics mean. You can probably figure out some of them, such as Packets Received. For details, go to Microsoft’s support website atwww.microsoft.com/support/.

Read More

The –r Switch

The –r Switch
 You use the –r switch to display the current route table for a workstation so that you can see how TCP/IP information is being routed. Figure 4.4 shows sample output using this switch. You
can tell from this output which interface is being used to route to a particular network (useful if computers have multiple NICs).

FIGURE 4 . 4 Sample output of the netstat –r command

Read More

The –e Switch

The –e Switch 
The -e switch displays a summary of all the packets that have been sent over the network interface card (NIC) as of that instant. The two columns in Figure 4.3 show packets coming in as well
as being sent.

FIGURE 4 . 3 Sample output of the netstat –e command

You can use the –e switch to display the following categories of statistics: 
Bytes   The number of bytes transmitted or received since the computer was turned on. This statistic is useful in helping to determine if data is actually being transmitted and received or if the

network interface isn’t doing anything.

Unicast Packets The number of packets sent from or received at this computer. To register in one of these columns, the packet must be addressed directly from one computer to another and the computer’s address must be in either the source or destination address section of the packet.

Non-unicast Packets The number of packets not directly sent from one workstation to
another. For example, a broadcast packet is a non-unicast packet. The number of non-unicast
packets should be smaller than the number of unicast packets. If the number of nonunicast packets is as high as or higher than that of unicast packets, too many broadcast packets are being sent on your network. You should find the source of these packets and make any necessary adjustments.

Discards The number of packets that were discarded by the NIC during either transmission or reception because they weren’t assembled correctly.

Errors The number of errors that occur during transmission or reception. These numbers may indicate problems with the network card. 

Unknown Protocols The number of received packets that the Windows networking stack couldn’t interpret. This statistic shows up only in the Received column because, if the computer
sent them, they wouldn’t be unknown, would they?

    Unfortunately, statistics don’t mean much unless they can be colored with time information. For example, if the Errors column shows 100 errors, is that a problem? It might be if the computer
has been on for only a few minutes. But 100 errors could be par for the course if the computer has been operating for several days. Unfortunately, the netstat utility doesn’t have a way of indicating

how much time has elapsed for these statistics.

Read More

Using the netstat Utility

Using the netstat Utility

Using netstat is a great way to see the TCP/IP connections (both inbound and outbound) on your machine. You can also use it to view packet statistics (similar to the MONITOR.NLM utility
on a NetWare server console), such as how many packets have been sent and received, the number of errors, and so on.
When used without any options, netstat produces output similar to that in Figure 4.1, which shows all the outbound TCP/IP connections (in the case of Figure 4.1, a Web connection).
The netstat utility, used without any options, is particularly useful in determining the status of outbound Web connections.
The Proto column lists the protocol being used. Because this is a Web connection, the protocol is TCP. The Local Address column lists the source address and the source port (source socket). In this case, default indicates that the PC has no NetBIOS name configured and refers to the local IP address, which is followed by the source ports, four separate dynamically registered
TCP ports used to open four separate TCP connections. The Foreign Address item for all four connections is 204.153.163.2:80, indicating that for all four connections, the address of the destination machine is 204.153.163.2 and that the destination port is TCP port 80 (in other words, HTTP for the Web). The State column indicates the status of each connection. This column
shows statistics only for TCP connections because UDP establishes no virtual circuit to the remote device. Usually, this column indicates ESTABLISHED once a TCP connection between
your computer and the destination computer is established.



FIGURE 4 . 1 Output of the netstat command without any switches

NOTE:
If the address of either your computer or the destination computer can be found in the HOSTS file on your computer, the destination computer’s name, rather than the IP address, will show up in either the Local Address or Foreign Address column.

The output of the netstat utility depends on the switch. You can use the following :

•  –a
• –e
• –r
• –s
• –n
• –p

Simply type netstat followed by a space and then the switch. Some switches have options, but the syntax is basically the same. Note the UNIX style of the switches, where the hyphen must be included. This is common in Microsoft operating systems for TCP/IP utilities, which stem from original use in UNIX systems.

Read More

The –a Switch

The –a Switch
When you use the –a switch, the netstat utility displays all TCP/IP connections and all User Datagram Protocol (UDP) connections. Figure 4.2 shows a sample output produced by the netstat –a command.
The last two entries in Figure 4.2 show a protocol type of UDP and the source port nicknames of nbname and nbdatagram, which are the well-known port numbers of 137 and 138, respectively. These port numbers are commonly seen on networks that broadcast the NetBIOS name of a workstation on the TCP/IP network. You can tell that this is a broadcast because the destination address is listed as *:* (meaning “any address, any port”).  

FIGURE 4 . 2 Sample output of the netstat –a command

NOTE:

The State column has no entry because UDP is not a connection-oriented protocol and, therefore, has no connection state.

The most common use for the –a switch is to check the status of a TCP/IP connection that appears to be hung. You can determine if the connection is simply busy or is actually hung and no longer responding.

Read More

Using The arp Utility

Using The arp Utility

ARP is a protocol in the TCP/IP suite. ARP is used by IP to ascertain the MAC address of a device on the same subnet as the requester. When a TCP/IP device needs to forward a packet
to a device on the local subnet, it first looks in its own table, called an ARP cache ( cache because the contents are periodically aged out), for an association between the known IP address of the destination device on the local subnet and the same device’s MAC address. If no association that includes the destination IP address can be located, the device sends out an 
ARP broadcast that includes its own MAC and IP information as well as the IP address of the target device and a blank MAC address field, which is the object of the whole operation. It
is this one unknown value that the source device requests be returned in an ARP reply. Windows includes a utility called
arp , which allows viewing of the operating system’s ARP cache.
To start the arp utility in Windows 2000, follow these steps:

1. Choose Start  Run and enter cmd to open the MS-DOS Prompt window. Or, you can choose Start Programs  Accessories  Command Prompt.
2. At the command prompt, type arp and any switches you need, as discussed later in this section.

NOTE:

Entered alone, the 

arp 

command lists only the switches you must use in order 

to use the 

arp 

utility correctly.

The arp utility is primarily useful for resolving duplicate IP addresses. For example, your workstation receives its IP address from a Dynamic Host Configuration Protocol (DHCP)

server, but it accidentally receives the same address as another workstation. When you try to ping it, you get no response. Your workstation is trying to determine the MAC address, and it

can’t do so because two machines are reporting that they have the same IP address. To solve this problem, you can use the

arp utility to view your local ARP table and see which TCP/IP address is resolved to which MAC address. To display the entire current ARP table, use the arp command with the –a switch, like this:

arp -a

You’ll see something similar to the following:

Interface: 204.153.163.3 on Interface 2

Internet Address            Physical Address             Type

204.153.163.2                00–a0–c9–d4–bc–dc       dynamic

204.153.163.4                00–a0–c0–aa–b1–45       dynamic

 

TIP:

The –g switch will produce the same result.

From this output, you can tell which MAC address is assigned to which IP address. Then, for static assignments, by examining your network documentation (you do have it, don’t you?), you

can tell which workstation has the IP address and if it is indeed supposed to have it. For DHCPassigned addresses, you can begin to uncover problems with multiple DHCP scopes or servers giving out identical addresses and other somewhat common configuration issues. Note that, under normal circumstances, you should not see IP addresses in the ARP table for a given interface that are not members of the same IP subnet as the interface, and each other for that matter.

NOTE:

If the machine has more than one network card (as may happen in Windows servers), each interface will be listed separately.

In addition to displaying the ARP table, you can use the arp

utility to manipulate the table. To add static entries to the ARP table, use the arp command with the –s switch. These entries

stay in the ARP table until the machine is rebooted. A static entry hard-wires a specific IP address to a specific MAC address so that when a packet needs to be sent to that IP address, it  is sent automatically to that MAC address. Here’s the syntax:

arp –s [IP Address] [MAC Address]

Simply replace the [IP Address] and [MAC Address] sections with the appropriate entries, like so:

arp –s   204.153.163.5    00–a0–c0–ab–c3–11

You can now take a look at your new ARP table by using the arp –a command. You should see something like this:

Interface: 204.153.163.3 on Interface 2

Internet Address             Physical Address                Type

204.153.163.2                   00–a0–c9–d4–bc–dc           dynamic

204.153.163.4                   00–a0–c0–aa–b1–45           dynamic

204.153.163.5                  

00–a0–c0–ab–c3–11            static

Finally, if you want to delete entries from the ARP table, you can either wait until the 

dynamic entries time out, or you can use the –d switch with the IP address of the static entry 

you’d like to delete, like so:

arp –d 204.153.163.5

This deletes the entry from the ARP table in memory.

NOTE:

The arp utility doesn’t confirm successful additions or deletions (use arp -a or 

arp -g for that), but it will give you an error message if you use incorrect syntax.

Read More

The Windows ARP Table

The Windows ARP Table

The ARP table in Windows is a list of TCP/IP addresses and their associated physical (MAC) addresses. This table is cached in memory so that Windows doesn’t have to perform ARP lookups for frequently accessed TCP/IP addresses (for example, servers and default gateways). Each entry contains not only an IP address and a MAC address, but a value for Time to Live (TTL), which indicates how long each entry stays in the ARP table.

         The ARP table contains two kinds of entries:

• Dynamic
• Static

Dynamic ARP table entries

are created whenever the Windows TCP/IP stack performs an

ARP lookup and the MAC address is not found in the ARP table. The ARP request is broadcast on the local segment. When the MAC address of the requested IP address is found, that information

is added to the ARP table as a dynamic entry.

Note: 

The ARP table is cleared of dynamic entries whose TTL has expired to ensure that the entries are current.The ARP table is cleared of dynamic entries whose TTL has expired to ensure that the entries are current.

Read More

Using the Address Resolution Protocol (ARP)

Using the Address Resolution Protocol (ARP)

The Address Resolution Protocol, or ARP, is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol stack; it is used to translate TCP/IP addresses to MAC (media access control) addresses using broadcasts. When a machine running TCP/IP wants to know which machine on an Ethernet network uses a particular IP address, it will send an ARP broadcast that says, in effect, “Hey! Who is IP address xxx.xxx.xxx.xxx ?” The machine that owns the specific address will respond with its own MAC address. The machine that made the inquiry then adds

that information to its own ARP table.

        In addition to the normal usage, the ARP designation refers to a utility in Windows that you can use to manipulate and view the local workstation’s ARP table.

Read More

TCP/IP Utilities ( Network + Chapter 4 )

Chapter 4 TCP/IP Utilities 

"Quoting one of e-books"

   Using the Address Resolution Protocol (ARP) 

             The Windows ARP Table
             Using The arp Utility 
   Using the netstat Utility 
             The –a Switch 
             The–e Switch 
             The –r Switch 
             The –s Switch 
             The –n Switch 
             The –p Switch 
   Using the nbtstat Utility 
             The –a Switch 
             The –A Switch 
             The –c Switch 
             The –n Switch 
             The –r Switch 
             The –R Switch 
             The –S Switch 
             The –s Switch 
   Using The File Transfer Protocol (FTP) 
             Starting FTP and Logging In to an FTP Server 
             Downloading Files 
             Uploading Files 
   Using the ping Utility 
   Using winipcfg , ipconfig , and ifconfig
             Using the winipcfg Utility
             Using the ipconfig Utility
             Using the ifconfig
   Utility  Using the tracert Utility 
   Using the Telnet Utility 
   Using the nslookup Utility 
   Summary 
   Exam Essentials 
   Review Questions 
   Answers to Review Questions

"Quoting one of e-books"

Read More

Design Hotspot-V1 Server Mikrotik

Design Hotspot-V1  Server Mikrotik

حمل من هنا 

رجاء تغيير بيانات الاتصال 

مع تحيات كنزى نت

Read More

Answers to Review Questions ( Network+ Chapter 3 )

Answers to Review Questions

1. D. Samba is installed on a UNIX server to allow Windows clients to be able to see the UNIX device as a server on the Windows network.

2. D. The NetBEUI/NetBIOS protocol stack does not contain a Network layer routing protocol because it was intended for LAN use only and, as such, cannot be routed.

3. B. The range of the numbers for the first octet in a Class B IP addressing scheme is 128–191. The range of 0–127 is for Class A, 192–223 is for Class C, and 224–255 is reserved for other classes
and purposes.

4. A. The purpose of a subnet mask is to separate the network portion and the host portion of an IP address. In the Internet Protocol addressing scheme, it is a group of selected bits whose values serve to identify a subnet. All members of the subnet share the mask value. Once each portion is identified using the mask, members of each subnet can be referenced more easily.

5. C. Port 80 is the TCP port number used to initiate HTTP connections between web client (browser) and web server. Port 23 is used for Telnet, port 25 is used for SMTP, and port 443 is
used for less common secure web server access using HTTPS.

6. D. The TCP port number used to initiate connections between POP3 clients and servers is 110. As previously mentioned, port 25 is used for SMTP, and port 80 is used for HTTP connections.
Port 100 is not normally used in typical Internet communications.

7. A. FTP clients connect to FTP servers using TCP port 21. As already mentioned, port 25 is used for SMTP, port 80 is used for HTTP, and port 110 is used for POP3 mail communications.

8. B. Internet e-mail servers send mail between themselves using the SMTP protocol. The SNMP protocol is used for the management and monitoring of various network devices. The POP protocol is used to download e-mail from mail servers. Telnet is used for remote terminal emulation.

9. C. 255.255.255.0 is the default subnet mask for a Class C address, 255.0.0.0 is the default for a Class A, 255.255.0.0 is the default for Class B, and 255.255.255.255 is the universal broadcast
address.

10. D. Most often, NAT is used in routers and firewalls to translate between two different IP addresses. 

11. B. All 1s in the host portion of an IP address represent the broadcast address for the corresponding subnet. All 0s in the host portion represent the identification of the network or subnet itself. Not being configured with the IP address of a DNS server or the default gateway will not completely disable network communications.

12. B. Of those listed, the only one that maintains a virtual “connection” is TCP. UDP and NetBEUI are both connectionless, and DDP is AppleTalk’s connectionless Datagram Delivery Protocol.

13. D. An extranet is basically an intranet with limited outside access granted to suppliers and affiliates. The Internet and an internet are far too broad to describe this type of network. Intranets, by definition, do not allow any outside access.

14. B. SMTP initiates connections between servers using TCP port number 25.

15. D. The correct acronym expansion for FQDN is Fully Qualified Domain Name. The FQDN is the complete name of an Internet host (e.g., www.sybex.com) that is used when referencing a host from outside that host’s LAN.

16. D. The refresh value in the SOA record of a zone file indicates how many seconds the secondary DNS server will wait before asking the primary server if the zone file has changed. Increasing this value will cause the secondary server to contain invalid information longer, but decreasing the refresh value, as in option A, by too much will generate unnecessary traffic. Option B would
occur by increasing the minimum TTL value in the SOA record and will simply cause resource records to expire less frequently, also increasing the likelihood that cached information will be
invalid. However, decreasing this value does not necessarily trigger a zone transfer for updated information, as decreasing the refresh value would.

17. A, C. Any time the IP address of a server that needs to be accessible from the Internet changes or is added, the entity responsible for maintaining the authoritative zone file for the domain that the server is on must be contacted to make changes to such records as the A record, the MX record, and the SOA record. Changing cabling or adding devices that do not need to be accessed
by name from the Internet are not situations that require a change to the DNS zone file.

18. D. The proper expansion of FTP is File Transfer Protocol. The abbreviation is more commonly used when referring to file-transferring protocols. There can be several protocols for transferring files between machines and/or networks. For example, FTAM provides file-transfer service for networks that use the OSI reference model, and FTP provides these services for TCP/IP protocols.

19. D. Proxy servers act on behalf of clients to provide Internet access and other Internet services. Generally speaking, however, a proxy server does not convert a nonroutable protocol to a
routable protocol.

20. C. Virtual LANs allow a network to be segmented virtually, inside a network switch, so that several ports are grouped together and function collectively as a network segment, possibly by
departmental or other logical groupings.

Read More

Exam Essentials ( Network+ Chapter 3 )

Exam Essentials

Be able to recognize the different protocols within TCP/IP and be able to define their purpose and function. The TCP/IP stack is made up of several protocols, which perform such functions as protocol transport, file access, file transfer, and mail transfer. These protocols include TCP, SMTP, IP, NNTP, HTTP, and FTP.
Be able to differentiate between the Internet, an internet, an intranet, and an extranet. When Internet is capitalized, it refers to the worldwide TCP/IP internetwork that we all know and love or hate, whereas internet is a more generic term referring to a network in which routers or other layer 3 devices are present. An intranet is an internetwork with well-defined administrative boundaries, while an extranet expands the intranet to include trusted outside networks. Be able to define the function of common TCP and UDP ports. You should know how to coordinate protocol name and function with port number. (Refer to Table 3.1 for specific examples.) Know how to identify IP addresses (IPv4, IPv6) and their default subnet masks. IPv4 =xxx.xxx.xxx.xxx, where xxx is a number from 0 to 255. The default subnet mask is 255.0.0.0
for a Class A address (IP range is 0.x.x.x to 127.x.x.x), 255.255.0.0 for a Class B (IP range is 128.x.x.x to 191.x.x.x), and 255.255.255.0 for a Class C (192.x.x.x to 223.x.x.x).
IPv6 = xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, where x is a hexadecimal digit. IPv6 has no address classes and thus no default subnet mask. Know how to identify the purpose of subnetting and of default gateways. The purpose of subnetting is to divide a network into two or more segments, gaining more addressable segments from a single address space and reducing congestion. Default gateways are configured so that a host has an address to send an encapsulated packet to when it doesn’t know a specific
route to the destination address. Know how to identify the difference between public and private networks. Public networks
are networks that are open to the general public and, as such, use valid IP addresses that can be “seen” by the general public. The Internet is an example of a public network. Private networks,
on the other hand, use addresses that cannot be seen by the general public and are not available for public use or allowed onto the Internet in any way. Your company’s LAN is an example of
     a private network. These addresses must be translated to public addresses in order to allow the internal devices to communicate on the Internet. Identify the purpose, benefits, and characteristics of using a proxy service. A proxy server keeps a LAN somewhat separated from the Internet. Doing so increases security and filtering control and has the tendency to speed up Internet access through caching of recently used web pages. Be able to describe the main characteristics of VLANs. Virtual LANs (VLANs) are a feature of network switches that allow machines on different physical network segments to be organized into a virtual segment, or VLAN.

Read More