Both ping and tracert are interesting programs for which you can determine allowable switches by simply entering the name of each command in the Command Prompt window. Unlike those com-mands, you need to enter ipconfig followed by the slash (/) and ques-tion mark (?) characters to ascertain the opques-tions available for the use of this command as well as examples of its use. It should be noted that you can also enter ping/? and tracert/? to determine available switches. In addition, you can also enter either command without the slash and question mark.
Ipconfig represents a commmand line utility available for all versions of Microsoft Windows operating TCP/IP begin-ning with Windows NT. The ipconfig command is the command line equivalent to the winipcfg command, which was available in Windows Millennium Edition, Windows 98, and Windows 95. Since those versions of Windows represent a rapidly decreasing share of the Windows market we will not cover the use of that utility.
Through the use of the ipconfig utility you can obtain IP and Media Access Control (MAC) address information associated with a Windows computer. It also provides a degree of control over active TCP/IP connections and can be used to display current TCP/IP net-work configuration values, refresh the Dynamic Host Configuration Protocol (DHCP), which assigns IP addresses automatically, as well as DNS settings. When used without parameters where IPv4 is used, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. When the ISP also utilizes IPv6 via tunneling the use of ipconfig will add additional information to the display, such as the name of the tunnel adapter, its IPv6 address, the link-local IPv6 address, which represents an address intended only for com-munications within the segment of a local network or link, or a
point-to-point connection that a host is connected to. Note that rout-ers do not forward packets with local addresses. Under IPv6 link-local addresses are assigned using the prefix fe80::/64. It should also be noted that link-local addresses are available under IPv4 defined in the address block 169.254.0.0/16 and are typically used to assign IP addresses to network interfaces when no external stateful mechanism of configuring addressing exists, such as DHCP. Since most ISPs use DHCP link-local addressing is rarely used under IPv4.
Figure 6.5 illustrates the display of information about ipconfig through the use of the command followed the /? characters. Note that after displaying information about the available switches the dis-play continues by describing the options, which are then followed by examples of their use.
To better understand the use of ipconfig and some of the tech-niques a help desk will put you through let’s first examine the format or syntax associated with the use of this command. Table 6.1 lists the 13 options available for the use of ipconfig.
Figure 6.5 Examining the use of ipconfig.
Note that if an adapter name contains one or more spaces you should use quotes (“) around the name. You can also use wildcards, such as the asterisk (*) and question mark (?) characters, as we below ascertain via an example. Concerning the use of release and renew options, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP on the host are affected and will be released or renewed. Let’s illustrate an example of the use of ipconfig as follows:
ipconfig/all
One of the first things that happens when you call a help desk to report a connectivity problem is being asked to enter the com-mand ipconfig or ipconfig/all. Usually the help desk employee will assume you know absolutely nothing about the Command Prompt and walk you through accessing it and entering the ipconfigf com-mand. Depending upon several variables, to include the configu-ration of your computer and its name, use of a wireless network connection, and incorporation of Bluetooth and other variables, the result of this program will be the display of a description of each adapter, its physical address, whether or not DHCP is enabled, and if enabled, when the lease was obtained and when it expires, the IP address (IPv4 usually but eventually migrating to IPv6), the subnet mask and default gateway address, and DHCP address
Table 6.1 Ipconfig Options
IPCONFIG/? Display the Help message for this utility IPCONFIG/all Display full configuration information
IPCONFIG/release [adapter] Release the IPv4 address for the specified adapter IPCONFIG/release6 [adapter] Release the IPv6 address for the specified adapter IPCONFIG/renew [adapter] Renew the IPv4 address for the specified adapter IPCONFIG/renew6 [adapter] Renew the IPv6 address for the specified adapter IPCONFIG/flushdns Purge the DNS resolver cache
IPCONFIG/registerdns Refresh all DHCP leases and reregister DNS names IPCONFIG/displaydns Display the contents of the DNS resolver cache IPCONFIG/showclassid adapter Display the DHCP class IDs allowed for adapter IPCONFIG/setclassid adapter [classid] Modify the DHCP class ID
IPCONFIG/showclassid6 adapter Display all the IPv6 DHCP class IDs allowed for the adapter
IPCONFIG/setclassid6 Modify the IPv6 DHCP class ID
information. Because Windows, like other software operating sys-tems, has tens of thousands of lines of code, it’s possible that once in a while things can go wrong, from an unexpected shutdown to a hacker or a friend who doesn’t exactly know what he or she is doing when trying to fix your computer. The end result is probably an inability to log on to the Internet and a call to a help desk that asks you to enter either the command ipconfig or ipconfig/all. By verifying the settings resulting from the use of ipconfig the person at the help desk will decide if you need a release and renew series of operations to clean a DHCP lease. Table 6.2 shows a portion of the result obtained from ipconfig/all for this author’s Ethernet adapter, which was connected to a cable modem that in turn was connected to the Internet via Time Warner’s network in Hilton Head, South Carolina.
6.4.2 The Release and Renew Options
The transmission of a dhcprelease message to the DHCP server will, as its name implies, result in the release of the current DHCP config-uration, to include discarding the IP address configuration for either
Table 6.2 Using Ipconfig/all to View Data about the Author’s Ethernet Adapter Ethernet adapter Local Area Connection
Connection-specific DNS Suffix
Description Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Lease Obtained Sunday, November 06, 2011 1:53:37 PM Lease Expires Monday, November 07, 2011 11:32:31 AM
Default Gateway 192.168.1.1
all adapters (if an adapter is not specified) or a specific adapter if the parameter is included. The use of the release parameter disables TCP/
IP for adapters configured to obtain an IP address automatically.
Normally this action is followed by the use of a renew option to clear one or more problems that may have occurred. For example, to release and then renew local area connections we could enter the following two ipconfig commands:
c:>ipconfig/release *Local*
c:>ipconfig/renew *Local*
In the previous two examples we used wildcards to define the adapter connection that we wanted to release and then renew. It is quite common when you call your cable or DSL subscriber for the called party representing a level 1 service that they ask you to enter ipconfig/release followed by an ipconfig/renew command in an attempt to clear a glitch adversely affecting the computer.
6.4.3 The Flushdns Option
The use of the /flushdns option flushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, this pro-cedure is commonly used to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.
In response to the use of this option you should receive a “successfully flushed DNS resolver cache” message.
6.4.4 The Displaydns Option
The use of the /displaydns option results in the display of the contents of the DNS client resolver cache, which includes both entries pre-loaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. The Hosts file is a plaintext computer file named Hosts used by an operating system to map host names to IP addresses. In a Windows 7 environment the Hosts file is located in the System32 directory under the subdirectories Drivers and Etc. That is, its location is C:\Windows\System32\drivers\
etc\hosts. Note that the Hosts file has no extension. You can view the
contents of the Hosts file by typing the command Type Hosts after you change your location to C:\Windows\System32\drivers\etc\hosts.
The DNS client service uses the information provided by the dis-playdns option to resolve frequently queried names quickly, before querying its configured DNS servers. When using the displaydns option you may wish to consider piping the output to a file and then viewing the contents of the file. This results from the fact that there are six entries for each item in the cache, to include record name, record type, time to live, data length, section, and record type. Thus the displayed information can quickly scroll through the Command Prompt screen, to include any buffer area allocated.
6.5 ARP
TCP/IP operates at layer 3 of the International Organization for Standardization (ISO) Open Systems Interconnection (OSI) Reference Model, while local area networks, cable modems, and DSL modems connect to computers at layer 2 of the model. This means that the layer 3 IP address must be converted into a layer 2 address. The mechanism used for this conversion is the Address Resolution Protocol (ARP).
As you might expect, Microsoft Windows includes an ARP program that allows you to display and, if desired, modify entries in the ARP cache, an area of memory that contains one or more tables that are used to store IP addresses and their resolved physical addresses. Note that separate tables are used for each Ethernet or Token-Ring network adapter that is installed on your computer as well as wireless Ethernet adapters installed on tablets and other devices.
You can enter either arp by itself or arp/? to display a Help screen that provides information about the use of the ARP command, to include its switches. Figure 6.6 illustrates the display of the ARP Help screen in response to this author entering the command arp/?.
The format or syntax of the ARP command is as follows:
arp [-a [inet_addr] [-N if_addr]] [-g [inet_addr]
[-N iface_addr]] [-d inet_addr [iface_addr]]
[-s inet-addr ethe_addr [iface_addr]]
where the IP addresses for inet_addr and iface_addr are expressed in dotted decimal notation, while the physical address for ether_address consists of 6 bytes that are expressed in hexadecimal notation, with each byte separated by hyphens.
To display the ARP cache tables for all interfaces, type the com-mand followed by the -a switch as follows:
arp -a
The result of this operation on the author’s computer was as follows:
Interface: 192.168.1.3— - 0xb
Internet Address Physical Address Type 192.168.1.1 00-22-3f-09-75-db dynamic 192.168.1.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.252 01-00-5e-00-00-fc static
224.0.0.253 01-00-5e-00-00-fd static
239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff static
Note that in the above example IP addresses are in dotted decimal notation, while layer 2 MAC addresses are expressed in hexadeci-mal notation. Also note that the IP address 192.168.1.1 repre-sents the gateway or router used by the ISP, while the IP address
Figure 6.6 The ARP Help display.
224.0.0.22 represents a multicast IPv4 address for igmp.mcast.net, which supports the Internet Group Management Protocol (IGMP) used by hosts and adjacent routers to establish multicast group memberships on IP networks for streaming videos, gaming, and similar activities where one stream of data goes to multiple persons in place of multiple streams transmitted to multiple people. This system is used to allow for one stream of data to go to multiple peo-ple, rather than the normal method of multiple streams of the same data transmitted to multiple people. Similarly, the 239.255.255.250 address represents an administratively scoped multicast address.
Note that while some firewalls may automatically block the use of such addresses, other firewalls will ask you to deny or permit the use of those addresses.
To display the ARP cache table for the interface that is assigned the IP address 192.168.1.1, type:
arp -a 192.168.1.1
which would result in the following display:
Interface: 192.168.1.3— - 0xb
Internet Address Physical Address Type
192.168.1.1 00-22-3f-09-75-db dynamic
If you look at the switches available for ARP that are listed in Figure 6.6 you will note that the -g switch is identical to –a; thus we will not discuss its use. If you want to delete an entry in the ARP table you would specify either the IP address with the inet_addr param-eter or a specific interface using the iface-addr after the use of the -d switch. Similarly, you can use the -N switch to display the ARP cache table for a specific IP address or the -s switch to add a static entry for either a specific interface or an IP address assigned to the interface.
To illustrate the assignment of a static ARP cache entry let’s assume you wish to add an entry that resolves the IP address 192.168.1.4 to the physical address 00-AA-00-4F-2A-9C. To do so you would type:
arp -s 192.168.1.4 00-22-3f-09-75-db
Depending how you initialized the Command Prompt window you may receive the message “the requested operation requires eleva-tion.” If you received this message you need to run Command Prompt as an administrator. To do so you would right-click on the Command Prompt icon and select “run as administrator.”
6.5.1 Reverse ARP (RARP) and ARP and IPv6
Prior to concluding our discussion of ARP a few words about the reverse ARP (RARP) is warranted, as well as a discussion of ARP and IPv6.
RARP represents a TCP/IP protocol that was used by diskless devices to obtain an IP address. Upon start-up, the client station sends out a RARP request in an Ethernet frame to the RARP server, which returns the layer 3 address for a layer 2 address, essentially perform-ing the opposite function of ARP. As an obsolete computer program RARP is not directly supported by Microsoft; however, there are some reasons you might consider the use of third-party products or an alternative. For example, in a wireless environment it may be rela-tively simple to turn an access point upside down and read its MAC address, but you might also need its IP address. One method you can consider is simply pinging the broadcast address (ping -b (broadcast address)) on your subnet, which is often.255, and then dumping your ARP table by entering arp -a, which will provide the MAC address of the access point as well as its IP address.
Under IPv6 the ARP protocol goes the way of the dodo bird.
Its replacement consists of the ICMPv6 Neighbor Discovery (ND) and ICMPv6 Neighbor Solicitation (NS) protocols. Neighbor Discovery allows an IPv6 host to discover the link-local and auto-configured addresses of all other IPv6 systems on the local network, while Neighbor Solicitation is employed to determine if a given IPv6 address exists on the local subnet. The link-local address is guaranteed to be unique per host, per link, by picking an address generated by the EUI-64 algorithm. This algorithm uses the network adapter MAC address to generate a unique IPv6 address. For example, a system with a hardware MAC of 01:02:03:04:05:06 would use a link-local address of fe80::0102:03FF:FE04:0506. An 8-byte prefix is created by tak-ing the first three bytes of the MAC, appendtak-ing FF:FE, and then
the next three bytes of the MAC. In addition to link-local addresses, IPv6 also supports stateless autoconfiguration. Stateless autoconfig-ured addresses use the 2000:: prefix. Additional information about Neighbor Discovery can be found in RFC 2461.