Last Updated on
Usually, it can be used for testing the connectivity and the network latency in millisecond (ms)
bytes: Packet size in bytes
time: Response time in ms, smaller = quicker
TTL: Time To Live
By default, Linux have TTL value of 64 or 255, WindowsNT/2000/XP have TTL value of 128, Windows 98 has TTL of 32, Unix have TTL of 255.
Windows TTL: 100 ~ 130ms
Unix/Linux TTL: 240 ~ 255ms
ping <host name> ping <domain name> ping <IP address>
1.1 ping 127.0.0.1: Check if the Network interface controller (NIC), TCP/IP protocol, subnet mask works.
1.2 ping the current host’s IP address: Check if local configuration/installation are correct. (If not, we can check network equipment and cables.)
1.3 ping IP within the current subnet: Check if the NIC works in local area network (LAN), if there is no reply, it means that the subnet mask may be incorrect, network cable issue, configuration issue etc.
1.4 ping default gateway: Check if the gateway works.
1.5 ping remote IP address: Check if the default gateway works, if the device can get on to internet.
1.6 ping localhost: localhost is an operating system (OS) reserved host name. It resolves to 127.0.0.1. Usually, devices should be able to resolve this to such address, otherwise there can be something wrong with the host file (/Window/host for Windows) (/etc/host for Linux)
1.7 ping www.google.com: It will be resolved to IP address first via querying DNS server, if not resolved, it can be the DNS server is not configured correctly or DNS server is not working. Sometimes it can be the domain is blocked by firewall in local area network. (ping can be blocked completely by firewall as well.) Or simply, the domain does not exist.
ping IP -t: ping the IP address continuously until Ctrl + C is pressed.
ping IP -l 1000: ping with specified length (1000 bytes) (default is 32 byte)
ping IP -f -l 1492: ping with specified length without fragmenting the packet.
ping IP -n 10: execute the ping command 10 times.
ping IP -a: Resolve the hostname and NetBIOS name via the pingable IP address.
for /L %D in (1,1,254) do ping 10.0.0.%D: ping from 10.0.0.1 to 10.0.0.254
for /L %D in (1,1,254) do ping 10.0.0.%D
Note: Ping command can be blocked by firewall deployed in the LAN, while it is a useful and helpful command for troubleshooting the network issues most of the time, but do not rely on it entirely and draw conclusion completely from ping command. Better to use it as a reference.
Used for checking TCP/IP configuration. Release, Renew DHCP leasse. Flush DNS cache etc.
2.1 ipconfig: Show IP address, Subnet Mask, Default Gateway of the interface
2.2 ipconfig /all: Show all details including DNS, WINS and extra information, MAC address, DHCP server IP address, DHCP lease obtained time, expire time etc.
2.3 ipconfig /release: Release all IP addresses obtained from DHCP server
2.4 ipconfig /renew: Renew the IP address from DHCP server, usually it will be the same IP address before “ipconfig /release”
2.5 ipconfig /flushdns: Flush DNS cache in Windows
2.6 ipconfig /displaydns: Print DNS cache from local machine on screen. (We can use ipconfig /displaydns > C:\dns-cache.txt to save output to text file for easier diagnostic)
3 tracert (traceroute)
Used for checking routing condition/path and latency etc.
tracert <host name> tracert <domain name> tracert <IP address>
Output with 5 columns
Column 1: The number of the hop
Column 2: Round Trip Time 1 (RTT 1)
Column 3: RTT 2
Column 4: RTT 3
Column 5: IP address, name of the router
If any packet loss happen, “*” will be used instead of time in “ms”
4 arp (Address Resolution Protocol)
Used to check the corresponding Media Access Control Address (MAC address) of the IP address.
Can be used to output ARP cached information from current device or other devices. Manually set the MAC/IP pair.
arp -a arp -a <IP> arp -s <IP> arp -d <IP>
4.1 arp -a: Show all data in ARP cache
4.2 arp -a IP: Only show all ARP cache from one of the NIC associated with the specified IP address
4.3 arp -s IP MAC: Manually add the IP MAC pair as static ARP cache to the system (Persistent across reboots)
4.4 arp -d IP: Manually delete a static ARP cache
Used for checking and configuring routing information.
route print route add route change
5.1 route print: Show current routing table
5.2 route add:
e.g. To configure a routing table for reaching 192.168.1.11, through 5 networks, via one of the route on local network which is 192.168.2.22, where the subnet is 255.255.255.224, then the following command will be used
route add 192.168.1.11 mask 255.255.255.224 192.168.2.22 metric 5
5.3 route change:
Can be used to change the path for the routing table but not the routing destination.
e.g. Change the above example from metric 5 to metric 2
route change 192.168.1.11 mask 255.255.255.224 metric 2
5.4 route delete: Delete routing table.
route delete 192.168.1.11
Used to find out domain name/IP address of an host. Usually require DNS server.
6.1 nslookup: Show current configured DNS server on the host
6.2 nslookup google.com: Use the default DNS server to check DNS records
6.3 nslookup google.com 188.8.131.52: Use the google DNS server (184.108.40.206) to resolve domain (google.com)
nslookup google.com 220.127.116.11
6.4 nslookup <IP address> <DNS server>: Reverse lookup
nslookup 18.104.22.168 22.214.171.124
Get current network information from current host.
Show active TCP connections, Ports the host listening on, Ethernet information, IP routing table, IPv4 information (IP, ICMP, TCP, UDP protocol), IPv6 information (IPv6, ICMPv6, TCP, UDP over IPv6).
Show active TCP connections
7.2 netstat -a: Show all connections, including “ESTABLISHED”, “LISTENING” states. (With host name/domain)
7.3 netstat -n: List the detail in IP address rather than host name/domain name.
7.4 netstat -e: Show statistical data about Network interface. (Total Bytes transferred, Errors, Discards, Unicast packets, Unknown protocols, Non-unicast packets)
7.5 netstat -r: Similar to route print, the output is similar to rout print command as well. Output routing table information.
|Network Destination||Destination network|
|0.0.0.0||Unknown network (Added automatically when using default gateway)|
|127.0.0.0||Local host network address|
Used to troubleshoot NetBIOS.
8.1 nbtstat -n: Show information about your workgroup.
8.2 nbtstat -a <IP Aaddress>: Show NetBIOS information about that device
Used for service related, network related.
9.1 net help: Get more help
9.2 net hep <command> e.g. net help accounts: To get help on that specific net command (accounts in this case)
|NET ACCOUNTS||NET ACCOUNTS||Show current accounts information|
|NET CONFIG||NET CONFIG SERVER (or WORKSTATION)||Show network configuration|
|NET GROUP||NET GROUP||Show groups (Only available on Domain Controller)|
|NET SEND||NET SEND server1 “test message”||Send broadcast message to other computers|
|NET SHARE||NET SHARE||Show shared files/folders from local host|
|NET START||NET START Fax||Start service|
|NET STOP||NET STOP Fax||Stop service|
|NET STATISTICS||NET STATISTICS WORKSTATION (or SERVER)||Show network statistics|
|NET USE||NET USE x:\serverFolder||Map network drive with letter|
|NET USER||NET USER||Show accounts/users on local host|
|NET VIEW||NET VIEW||Show available computers on network|