Lab Program 2: work with commands

ping, Tracert, Ipconfig, pathping, telnet, ftp, getmac, ARP,

Hostname, Nbtstat, netdiag and Nslookup.

Ans: i)Ping command Explained with Examples:

The ping command is a network utility used to test the reachability of a

host on an Internet Protocol (IP) network and to measure the round-trip
time for messages sent from the originating host to a destination
computer. It operates by sending Internet Control Message Protocol (ICMP)
"echo request" packets to the target host and listening for ICMP "echo
reply" packets.

How it works:

 Echo Request:

The ping command sends an ICMP echo request packet to the specified IP
address or hostname.

 Echo Reply:

If the target host is reachable and configured to respond, it sends back an

ICMP echo reply packet.

 Measurement:

The ping command measures the time taken for the echo reply to return,
known as the Round Trip Time (RTT), and reports any packet loss.

Basic Syntax:

Code

ping [hostname or IP address]

Examples:

 Pinging a domain name: To check connectivity to Google's website:

Code

ping www.google.com
ii) Tracert command:

The tracert command in Windows is a network diagnostic tool used to

trace the route packets take to reach a destination. It displays a list of
routers (hops) that packets pass through, along with the time it takes for
each hop to respond. This helps in identifying potential network
bottlenecks or issues along the path.

How to use tracert:

1. Open Command Prompt:

Search for "cmd" in the Windows search bar and open the Command
Prompt application.

2. Enter the command:

Type tracert followed by the destination's IP address or domain name, and

press Enter. For example: tracert google.com or tracert 8.8.8.8.

3. Analyze the output:

The command will display a list of hops, including their IP addresses and
the time it took for each to respond. An asterisk (*) indicates a timeout for
that hop.

4. Terminate the command:

Press Ctrl + C to stop the traceroute if needed.

Example output:

Code

Tracing route to In this example, the trace went through 6

google.com hops. The first hop is the local router
[172.217.160.142]
over a maximum of
30 hops:
(192.168.1.1), followed by other routers (10.0.0.1, 203.0.113.1, etc.)
before reaching the destination (google.com). The numbers after each hop
represent the round-trip time in milliseconds (ms) for three attempts.

In the tracert (or traceroute) command, "ms" stands for milliseconds,

which represents the round-trip time it takes for a packet to travel from
your computer to a specific router (hop) along the path and back. It
essentially measures the network latency or delay between your device
and each hop in the route to a destination.

Here's a more detailed breakdown:

 Round-Trip Time:

tracert sends packets to each router along the path to the destination, and
the time it takes for those packets to reach the router and return is
measured in milliseconds.

 Hop by Hop:

The output of tracert displays this round-trip time for each hop (router)
along the route.

 Latency Measurement:

This measurement indicates how quickly data can travel to and from each
point in the network path, helping identify potential bottlenecks or delays.

 Factors Affecting ms:

Network congestion, the quality of network links, and the distance

between hops can all affect the round-trip time (ms).

3. Ipconfig Command

The ipconfig command is a Windows utility used to display and manage

network configuration settings. It provides information about your
computer's IP address, subnet mask, default gateway, and other network
details. It can also be used to refresh DHCP and DNS settings, release and
renew IP addresses, and flush the DNS cache.

Here's a breakdown of how to use ipconfig and some of its common

functionalities:

1. Displaying Network Configuration:

 Open the Command Prompt (search for "cmd" in the Start Menu and
press Enter).

 Type ipconfig and press Enter. This will display basic information
about your active network adapters, including IP address, subnet
mask, and default gateway.

 To view more detailed information, use ipconfig /all. This will display
information such as the physical address (MAC address), DHCP
server, DNS servers, and lease information.

2. Refreshing DHCP and DNS:

 To release the current IP address, use ipconfig /release.

 To obtain a new IP address from the DHCP server, use ipconfig

/renew.

 To flush the DNS resolver cache, use ipconfig /flushdns. This can be
helpful when troubleshooting DNS issues.

 To display the contents of the DNS cache, use ipconfig /displaydns.

3. Other Useful Options:

 ipconfig /registerdns: This command forces dynamic registration of

the DNS records.

 ipconfig /showclassid adapter and ipconfig /setclassid adapter:

These commands allow you to view and modify the DHCP class ID
for a specific network adapter.

ipconfig is a valuable tool for network troubleshooting and understanding

your computer's network configuration
4.Pathping command

The pathping command is a network diagnostic tool in Windows that

combines the functionalities of ping and tracert (or traceroute). It helps
identify network latency and packet loss along the path between a source
and destination by sending ICMP echo requests to each hop and analyzing
the results.

Functionality:

 Traces the route:

Similar to tracert, pathping first identifies the route packets take to reach
the destination.

 Measures latency and packet loss:

Unlike tracert, pathping sends multiple ICMP echo requests to each hop
along the path and analyzes the responses to determine packet loss and
latency at each hop.

 Provides detailed statistics:

pathping offers a comprehensive view of network performance, including

round-trip time (latency) and packet loss percentage for each hop.
How to use it:

1. Open the command prompt (or PowerShell) in Windows.

2. Type pathping followed by the destination IP address or hostname.

Code

pathping <destination_ip_or_hostname>

1. The command will first trace the route and then begin sending ICMP
packets to each hop.

2. After a period of time, the command will display the results, showing
latency and packet loss for each hop.

5. telnet command

The Telnet command is a command-line utility used to interact with the

Telnet protocol, which enables remote access to computers over a
network. It functions as a virtual terminal, allowing users to connect to a
remote server and issue commands as if they were physically present at
that system's console.

Key aspects of the Telnet command:

 Syntax: The basic syntax for initiating a Telnet connection is:

Code

telnet [host] [port]

where [host] is the IP address or hostname of the remote server,

and [port] is the specific port number to connect to (defaulting to port 23
for Telnet).

 Functionality:

 Remote Access: It allows users to log in and execute commands on a

remote system, managing configurations, files, and services.
 Port Testing: It can be used to check if a specific port on a remote
server is open and listening for connections, which is useful for network
troubleshooting.

 Legacy System Interaction: It provides a means to interact with

older systems or devices that may not support more modern, secure
protocols like SSH.

Command: telnet example.com 23 or telnet 192.168.1.1 23

Note: If telnet has not recognised in command prompt. Go to

control panel . Click on "Programs" or "Programs and
Features". Select Telnet client check box and enable it.

5. ftp command

The ftp command in Windows provides a command-line interface for

interacting with File Transfer Protocol (FTP) servers. This allows users to
connect to FTP servers, upload and download files, manage directories,
and perform other FTP-related operations directly from the Windows
Command Prompt.

To use the ftp command:

 Open Command Prompt: Press Windows Key + R, type cmd, and

press Enter.

 Start
FTP: Type ftp at the command prompt and press Enter. This will
change the prompt to ftp>.

 Connect to a server:

o Typeopen <ServerName> (e.g., open ftp.example.com or open

192.168.1.100) and press Enter.
o You will be prompted for a username and password. Enter the
credentials for the FTP server.

6.getmac command:

The getmac command in networking is a tool used to display the Media

Access Control (MAC) address of a computer's network interfaces. It's
primarily a Windows command, and it shows the physical address, which
is unique to each network adapter.

In this example, the MAC addresses 10-68-38-32-71-55 are displayed.

7. ARP command

The arp command is a command-line utility used to display and modify

the Address Resolution Protocol (ARP) cache on a computer. It allows users
to view the mappings between IP addresses and their corresponding MAC
(Media Access Control) addresses, as well as add, delete, or modify these
entries.

Key functionalities of the arp command:

 Displaying ARP entries: arp -a displays all the current ARP entries
in the system's cache.

 Deleting ARP entries: arp -d <IP address> removes the entry

associated with the specified IP address.

 Adding ARP entries: arp -s <IP address> <MAC address> adds a

static entry to the ARP cache.
  Modifying ARP entries: The command can also be used to modify
existing entries, although the exact syntax may vary depending on
the operating system.

 Importing ARP entries: arp -f <filename> can import ARP entries

from a file.

Purpose and Usage:

The arp command is crucial for network troubleshooting and

management. It allows administrators to:

 Verify network connectivity:

By checking if an IP address has a corresponding MAC address in the ARP

table, users can confirm if a device is reachable on the network.

 Resolve MAC address conflicts:

In some cases, static ARP entries may be required to ensure proper

communication between devices.

 Troubleshoot network communication issues:

If a device is not reachable, examining the ARP table can help identify if
the problem is related to incorrect or missing ARP entries.

 Debug network issues:

When a device is not communicating as expected, examining the ARP

table can help determine if there is a problem with IP and MAC address
resolution.

Operating System Differences:

The specific syntax and options of the arp command may vary slightly
between different operating systems like Windows, Linux, and
macOS. However, the core functionality of displaying, adding, and deleting
ARP entries remains consistent.
The error "ARP entry deletion failed: The requested operation requires
elevation" means that the command you're trying to use to delete an
Address Resolution Protocol (ARP) entry needs administrator privileges to
execute. ARP entries map IP addresses to MAC addresses on your local
network, and modifying them can affect network communication.
8.Hostname command

The hostname command in networking is a utility used to display or set

the system's hostname. A hostname is a human-readable label assigned
to a device connected to a computer network, serving as a unique
identifier for that device within the network. This identifier is used in
various forms of electronic communication and network protocols.

Key functionalities of the hostname command:

 Displaying the hostname: When executed without any arguments or

options, the hostname command displays the current hostname of the
local machine.

9. Netstat command

The netstat command in Windows is a powerful tool for displaying network

connections, routing tables, and various network statistics. It's commonly
used for troubleshooting network issues and understanding network
activity on a system.

How to Access netstat:

1. Open the Command Prompt or PowerShell as an administrator.

2. Type netstat followed by the desired options and press Enter.

Common netstat Options:

 netstat -a: Displays all active connections and listening ports (both
TCP and UDP).

 netstat -n: Displays active connections and listening ports, but uses
numerical addresses and port numbers instead of resolving
hostnames and service names.

 netstat -o: Displays active connections, listening ports, and the

process ID (PID) associated with each connection.

 netstat -s: Displays statistics for various network protocols, including

IP, ICMP, TCP, and UDP.

 netstat -r: Displays the routing table.

 netstat -p protocol: Displays active connections for a specific

protocol (e.g., netstat -p tcp for TCP connections).

 netstat -b: Displays the executable involved in creating each

connection or listening port (may require administrative privileges).

 netstat -f: Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.

 netstat -e: Displays Ethernet statistics.

 netstat -t: Displays the TCP Chimney Offload state (if available).

 netstat -x: Displays NetworkDirect connections, shared endpoints,

and listeners.

 netstat -y: Displays the TCP connection template for all connections.

 netstat interval: Redisplays the information every interval seconds.

 netstat -? or netstat /?: Displays help information about netstat and

its options.

Examples:

 Finding all active connections and listening ports: netstat -a

 Finding the process ID associated with a connection: netstat -

ano
  Finding active TCP connections and their associated
PIDs: netstat -n -o

 Displaying protocol statistics: netstat -s -p tcp udp

 Displaying Ethernet statistics: netstat -e

 Displaying the routing table: netstat -r

Troubleshooting with netstat:

 Identify listening ports:

Use netstat -a to see which ports are open and listening for connections.

 Find connections associated with specific ports:

Use netstat -ano | findstr "port_number" (replace "port_number" with the

port you are interested in) to see which process ID is using that port.

 Diagnose network issues:

Examine the output of netstat -s to identify potential protocol-related

problems.

 Monitor network activity:

Use netstat -o or netstat -n -o to monitor connections and identify unusual

activity.

Important Notes:

 netstat is a command-line tool, so you'll need to use it in a

Command Prompt or PowerShell window.

 Some options, like -b, may require administrator privileges.

 Consider redirecting the output of netstat to a file for easier

analysis, especially when dealing with large outputs.
10. nbtstat command

The nbtstat command is a command-line utility in Windows used to

display NetBIOS over TCP/IP (NBT) protocol statistics and information,
including NetBIOS name tables, NetBIOS name cache, and current TCP/IP
connections using NetBIOS. It's primarily a diagnostic tool for
troubleshooting NetBIOS name resolution problems.

Common Parameters and Examples:

 nbtstat -a <remoteName>: Displays the NetBIOS name table of a

remote computer specified by its NetBIOS name.

 nbtstat -A <IPAddress>: Displays the NetBIOS name table of a

remote computer specified by its IP address.

 nbtstat -c: Displays the contents of the NetBIOS name cache.

 nbtstat -n: Displays the NetBIOS names registered by the local

computer.

 nbtstat -r: Displays names resolved by broadcast or WINS server.

11.net diag commands:

The netdiag command is a network diagnostic tool used to troubleshoot

network connectivity issues on Windows systems. It performs a series of
tests to identify and isolate problems with network adapters, protocols,
and connectivity to various network resources. The command is often
used by network administrators to gather information and diagnose
network problems.

How to use it:

1. Open a command prompt as an administrator.

2. Type net diag . Press Enter to execute the command.

12. Nslookup command

The nslookup command is a network administration command-line tool

used for querying the Domain Name System (DNS) to obtain information
about domain names and IP addresses. It is available on most operating
systems, including Windows, macOS, and Linux.

Commands:

Nslookup example.com
nslookup 8.8.8.8
nslookup example.com 192.168.1.1
In computer systems, a logical address is an address generated by the
CPU during program execution, while a physical address is the actual
location of data in the computer's main memory (RAM). The logical
address is a virtual representation used by the program, while the physical
address is the real, hardware-specific locationIn computer systems, a
logical address is an address generated by the CPU during program
execution, while a physical address is the actual location of data in the
computer's main memory (RAM). The logical address is a virtual
representation used by the program, while the physical address is the
real, hardware-specific location

Lab 3: Find the all IP address on your network unicast, Multicast

and Broadcast on your Network

unicast address:

A unicast address is a unique identifier for a single device on a network,

enabling one-to-one communication between devices. When a packet is
sent to a unicast address, it is delivered only to the specific device
associated with that address, ensuring targeted data transmission.

Here's a more detailed explanation:

Key Characteristics of Unicast Addresses:

 Unique:

Each unicast address identifies a single, specific device on the network.

 One-to-one:

Communication using unicast addresses is a direct, point-to-point

connection between two devices.

 Targeted:

When a device sends data using a unicast address, the data is only
delivered to the intended recipient, not to all devices on the network.

 Common:

Unicast addresses are the most frequently used type of address in

network communication.

Examples of Unicast Addresses:

 Public IP addresses: Used for communication over the internet.

 Private IP addresses: Used for communication within a local network

(LAN).
  MAC addresses: Used for communication at the data link layer.

In essence, a unicast address acts like a postal address for a single house,
ensuring that a letter (data packet) is delivered to the correct recipient,
not to everyone on the street (network).

 Multicast IP Address:

A multicast address is a special type of network address used to send data

to a group of devices (a multicast group) simultaneously, rather
than to a single device (unicast) or all devices on a network
(broadcast). Think of it like sending a group email, where all recipients
receive the same message at once.

How it works:

 Multicast groups:

Devices can join a multicast group by subscribing to a specific multicast

address.

 Data transmission:

When data is sent to a multicast address, it is delivered to all devices that

are currently members of that group.

 Efficiency:

Multicast is more efficient than broadcast because it only sends data to

interested parties, not to every device on the network.

 Best effort delivery:

Like unicast, multicast typically offers best-effort delivery, meaning there's

no guarantee of packet arrival or order.

Key characteristics:

 Address space:

Multicast addresses are a reserved range within the overall IP address

space, both in IPv4 and IPv6.

 No guaranteed delivery:

While multicast is efficient, it does not guarantee delivery of packets to all

members of the group or in the correct order.

 Used for various applications:

Multicast is often used in applications like streaming media, online

gaming, video conferencing, and other scenarios where the same data
needs to be delivered to multiple recipients.
Example:

 Imagine a live sporting event being streamed online. Instead of

sending the video data to each individual viewer separately
(unicast), the streaming server can send it to a multicast
address. All users watching the stream are part of the same
multicast group, receiving the video data simultaneously.

In summary: Multicast addresses provide a way to efficiently distribute

data to multiple recipients simultaneously, offering a more streamlined
approach compared to traditional broadcast or individual unicast
transmissions.

Braodcast IP Address

A broadcast address in networking is a special address used to send data

to all devices on a local network segment. It's like sending a message
to everyone in a room at once. In IPv4, this is usually the highest
numerical address in a subnet, with all host bits set to 1, according to
networking resources. For example, if a network has the address range
192.168.1.0/24, the broadcast address would be
192.168.1.255. In Ethernet networks, the broadcast MAC address is all F's:
FF:FF:FF:FF:FF:FF.

Purpose:

 Broadcast addresses are used for tasks like discovering devices on a

network, sending configuration updates, and network
troubleshooting.

 They are particularly useful for protocols like ARP (Address

Resolution Protocol) and DHCP (Dynamic Host Configuration
Protocol).

How it works:

 When a device sends a packet to a broadcast address, every device

on the local network segment receives and processes that packet.

 Routers separate broadcast domains, meaning broadcasts don't

travel from one network to another.

Limitations:

 Excessive broadcasting can lead to network congestion and

performance issues.

 Security concerns exist because sensitive information sent via

broadcast is accessible to all devices on the network.

 Broadcast addresses are not used as source addresses in packets.

Example:

In the 192.168.1.0/24 network, the broadcast address would be

192.168.1.255. This address is reserved and not assigned to any
individual device. Any message sent to 192.168.1.255 will be received by
all devices within that specific subnet.

1. Find Your IP Address (Unicast) and Subnet Info

It provides information about your computer's IP address, subnet
mask, default gateway, and DNS server addresses.

Command: ipconfig

 Explanation:

 Displays the current IP configuration of your system.

 IPv4 Address is your Unicast IP address.

 Use this to determine your subnet and gateway.

2.View All Known Unicast IP Addresses (Active Devices)

Command: arp -a
Explanation:

 Displays the ARP table, listing all IP addresses (unicast) your system
has recently communicated with on the local network.

3. Find the Broadcast Address (Calculate)

Command ipconfig,get

 TO display full configuration information

Command: ipconfig /all
4. Find Multicast Group Addresses
Command: netstat -g

 Find multicast addresses currently in use or joined by

your system
 Command: netsh interface ip show joins