If your computer has more than one interface combined in a network bridge, you can ping the IPv4 address of the network bridge.. When you have established that you can ping your computer
Trang 1if you cannot get past a firewall on your organization’s network, Ping is still useful You can
check that the IPv4 protocol is working on a computer by entering ping 127.0.0.1 You
can then ping the IPv4 address of the computer You can find out what this is by using the
Ipconfig tool If your computer has more than one interface combined in a network bridge,
you can ping the IPv4 address of the network bridge When you have established that you
can ping your computer using an IPv4 address, you can test that DNS is working internally on
your network (assuming you are connected to a DNS server, a WAP, or have ICS configured on
your network) by pinging your computer name—for example, entering ping canberra Note
that if DNS is not implemented on your system, ping canberra still works because the IPv6
link-local address resolves automatically
More Info NetWOrK BrIDgeS
For more information about network bridges, see http://technet.microsoft.com/en-us/
library/cc781097.aspx Although this is a fairly old article (concerning Windows Server 2003),
it gives a clear explanation and some excellent diagrams For a more recent article (although
not about Windows 7), see http://technet.microsoft.com/en-us/library/cc748895.aspx This
also gives information about ICS.
You can also use the Ipconfig tool for troubleshooting Entering ipconfig /all gives you
configuration information for all interfaces Figure 6-6 shows the output from an ipconfig
/all command The computer whose configuration is shown here is a wireless-enabled laptop
used on a small test network It obtains its configuration through DHCP from a third-party
WAP with an IPv4 address 192 168 123 254 The WAP also provides internal DNS services
However, the resolution of FQDNs such as www.contoso.com is provided by the ISP’s DNS
server with the public IPv4 address 194 168 4 100
FIgUre 6-6 Ipconfig /all output for a wireless-enabled laptop on a test network
When you are debugging connection problems by using the Ipconfig /all command, look
out for an address in the APIPA range 169 254 0 1 through 169 254 255 254 If your computer
is not on a completely isolated network and receives its configuration through DHCP, an
APIPA address indicates a connection error
Trang 2If you can ping your computer by name and IPv4 address, you can then ping other workstations on your network by IPv4 address and computer name Finally, you should check that you can ping your default gateway from all the computers in your network On a small network, you can then test connectivity to your ISP by pinging the ISP’s DNS server On an enterprise network, you can ping DNS servers and domain controllers (typically the same servers), and computers on other subnets
If you cannot ping a computer on your network to test connectivity, make sure your internal firewalls are not blocking ICMP If the problem still exists with the firewalls
reconfigured or disabled (please remember to enable them afterward), use Ipconfig on the computer you cannot reach to check its IP settings
quick Check
n You have purchased a secondhand computer and are connecting it to a hybrid network that obtains its configuration from DHCP provided by a third-party WAP The computer is not wireless-enabled, so you plug it into the Ethernet switch on the WAP and switch it on It cannot access the Internet You use the Ipconfig tool and discover that the computer has an IP address of 10.1.10.231 You know the WAP is working properly and the Ethernet connection is okay What should you check next?
quick Check answer
n Check that the computer is set to receive its IPv4 configuration dynamically It has not been reconfigured by DHCP on the WAP and its previous owner has probably configured it statically with the 10.1.10.231 address You need to reconfigure the computer to receive its IPv4 settings dynamically.
If you want to reconfigure IP settings on a client computer on your network, you can
reboot the client If this is not convenient, the commands ipconfig /release and ipconfig /renew release the old configuration and obtain a new one (In theory, ipconfig /renew should
be sufficient, but it is safer to use both commands ) Sometimes when you renew a computer’s configuration, it does not immediately register its new settings in DNS and you cannot ping it
by computer name In this case, ipconfig /registerdns forces registration Note that you need
to enter these commands in an elevated command prompt
If you try to ping a computer by name or access a Web site from a client workstation and DNS cannot resolve the computer name or URL, then information that resolution has failed is stored (cached) in the workstation If you try to do the same thing again, the source computer does not attempt to obtain name resolution but instead uses the cached information and
again fails the request This is known as negative caching However, name resolution might
have failed because of a temporary glitch in the internal or external DNS service Even though DNS is now working, the computer name or FQDN is not resolved to an IPv4 address because of the cached information The problem disappears in 30 minutes or so because the
Trang 3workstation’s DNS resolver cache is regularly cleared However, if you do not want to wait this
long, you can solve the problem immediately by entering the ipconfig /flushdns command
to flush the DNS cache
note the /allcomPartments SWItCh
If you use the /allcompartments switch after the Ipconfig command, you can apply the
command universally across all interfaces; for example, ipconfig /allcompartments /all or
ipconfig /allcompartments /renew.
If you want to trace the route of an IP packet through an internetwork (a series of networks or
hops), you can use the Tracert tool to list the path the packet took and the delays encountered
at each hop; for example, tracert 194.168.4.100 You can use the Tracert tool to trace the path
to a Web site; for example, tracert –d www.contoso.com The –d flag prevents the tool from
resolving IPv4 addresses to host names, which significantly reduces the time the command takes
to complete The Pathping tool (for example, pathping www.contoso.com) traces a route in much
the same way as the Tracert tool but gives more detailed statistics about each hop
Using the Windows Network Diagnostics Tool
There has never been a substitute for good basic fault-finding However, after you have
gone through the basic checks, Windows 7 provides automated assistance with the Windows
Network Diagnostics tool
You can access the automated Windows Network Diagnostics tool if you fail to connect to
a Web site on the Internet The Web page that appears in your browser gives you a direct link
to the tool when you click Diagnose Connection Problems, as shown in Figure 6-7
FIgUre 6-7 The Diagnose Connection Problems link
Trang 4You can also access the Windows Network Diagnostics tool by clicking Change Adapter Settings in Network And Sharing Center, right-clicking the interface that is having problems, and choosing Diagnose You can also access the tool from Network And Sharing Center if you click the red X that denotes you have a problem connecting your computer to your network
or your network to the Internet Whatever way you access the tool, it performs a diagnosis automatically and (if possible) comes up with one or more suggested solutions In Figure 6-8, you can see that the administrator has failed to follow first principles and has not checked that the Ethernet cable is plugged in
FIgUre 6-8 Failure diagnosis
Additional diagnostic options are available when you click Troubleshoot Problems in Network And Sharing Center, as shown in Figure 6-9 However, most of these tools simply provide another method of accessing Windows Network Diagnostics
FIgUre 6-9 Tools for troubleshooting problems
Trang 5Configuring Network Settings in Windows Firewall
Chapter 7, “Windows Firewall and Remote Management,” discusses firewalls and firewall
configuration in detail This chapter therefore provides only a brief introduction and discusses
firewall settings only insofar as they affect network connectivity and your ability to test and
troubleshoot this connectivity The defaults in Windows Firewall and Windows Firewall with
Advanced Security (WFAS) are sensible, and often you can solve problems by restoring these
defaults
Windows Firewall is enabled by default in Windows 7 It blocks all incoming traffic other
than traffic that meets the criteria defined in the exceptions You can configure an exception
by allowing a program to send information back and forth through the firewall—sometimes
called unblocking You can also allow a program through the firewall by opening one or more
ports Windows Firewall allows Core Networking Components by default in both public and
private networks As shown in Figure 6-10, the Core Networking firewall rules are required for
reliable IPv4 and IPv6 connectivity However, these rules do not allow ICMPv4 or ICMPv6 Echo
Requests; hence, the firewall blocks Ping commands
FIgUre 6-10 Core Networking firewall rules
You access Windows Firewall by clicking System And Security in Control Panel and then
clicking Windows Firewall In the left pane, you can choose to turn the firewall on or off and
change the notification settings You can also click Advanced Settings to access WFAS
Figure 6-11 illustrates the Core Networking Inbound Rules in WFAS The Outbound Rules
that allow Core Networking and File And Printer Sharing are displayed in Figure 6-12 These
Trang 6FIgUre 6-11 WFAS Inbound Rules
FIgUre 6-12 WFAS Outbound Rules
rules allow specific traffic that lets Windows 7 carry out these functions but do not permit the
use of the Ping tool
If you are having connectivity problems and disabling Windows Firewall solves them, look at your firewall settings In some cases, restoring the defaults solves your immediate problems, but this is a simplistic approach The settings were changed for a reason You need
to investigate further Chapter 7 gives you the tools to do so
Trang 7For example, restoring the defaults does not permit you to use Ping to test continuity on
your network, and it would not be a good idea to disable firewalls on all the computers on
your subnet Instead, you need to add rules that enable ICMPv4 and ICMPv6 packets to pass
through your firewall:
To permit ICMPv4 and enable you to ping other computers by their IPv4 addresses, enter
the following in an elevated command prompt on all computers on your network:
netsh advfirewall firewall add rule name="ICMPv4" protocol=icmpv4:any,any dir=in
action=allow
To permit ICMPv6 and enable you to ping other computers by their IPv6 addresses, enter
the following in an elevated command prompt on all computers on your network:
netsh advfirewall firewall add rule name="ICMPv6" protocol=icmpv6:any,any dir=in
action=allow
quick Check
n How do you restore the default firewall settings?
quick Check answer
n In Control Panel, click System and Security Click Windows Firewall In the left pane,
click Restore Defaults.
eXaM tIP
Remember that in Windows 7, you cannot ping other computers on your network by default.
Accessing Network Statistics
If you are debugging performance issues as opposed to troubleshooting a total connectivity
failure, you need information about the various protocols that implement network
connectivity The Netstat command-line tool displays active connections, the ports on which
the computer is listening, Ethernet statistics, the IP routing table, and IPv4 and IPv6 statistics
Used without parameters, the command displays active connections, as shown in Figure 6-13
FIgUre 6-13 The Netstat command displays active connections
Trang 8The syntax of the Netstat command is as follows:
netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
The parameters implement the following functions:
n -a Displays all active connections and the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports on which the computer is listening
n -e Displays Ethernet statistics, such as the number of bytes and packets sent and
received This parameter can be combined with -s
n -n Displays active connections Addresses and port numbers are expressed
numerically and no attempt is made to determine names
n -o Displays active connections and includes the process ID (PID) for each connection You can find the application based on the PID on the Processes tab in Windows Task
Manager This parameter can be combined with -a, -n, and -p
n -p protocol Shows connections for the protocol specified by the protocol variable,
which can be tcp, udp, tcpv6, or udpv6 If this parameter is used with -s to display statistics by protocol, which can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6
n -s Displays statistics by protocol By default, statistics are shown for the TCP, UDP,
ICMPv4, ICMPv6, IPv4, and IPv6 protocols The -p parameter can be used to specify
a set of protocols
n -r Displays the contents of the IP routing table This is equivalent to the route print
command
n interval Displays the selected information periodically The number of seconds between each display is defined by the interval parameter If this parameter is omitted,
Netstat prints the selected information only once Netstat provides statistics for the following:
n The name of the protocol (TCP or UDP)
n The IP address of the local computer and the port number being used
n The IP address and port number of the remote computer
n The state of a TCP connection
More Info tCp CONNeCtION StateS
For more information about the states of a TCP connection, see http://support.microsoft.com/ kb/137984 This article was written some time ago but remains relevant to Windows 7.
For example, to display both the Ethernet statistics and the statistics for all protocols, enter the following command:
netstat -e -s
To display the TCP statistics for the IPv4 protocol, enter the following command:
netstat -s -p tcp
Trang 9Figure 6-14 shows the TCP statistics for the IPv4 protocol on the Canberra computer
FIgUre 6-14 TCP protocol statistics for IPv4
Practice Configuring Ipv4 Network Connectivity and Setting Up ICS
In this practice, you configure the Canberra and Aberdeen computers with static IPv4
addresses, configure the firewalls on both computers to allow Ping commands, and test
connectivity You then reconfigure the computers to obtain their IPv4 configuration
automatically and set up ICS in Canberra so both computers can access the Internet through
Canberra’s wireless link
exercise 1 Configuring IPv4 Connectivity
This exercise assumes that Canberra and Aberdeen are configured to obtain their IPv4
configurations automatically (the default) If they are both physical computers, they need
to be connected on the same Ethernet network either by a switch or hub or by a crossover
Ethernet cable To configure IPv4 connectivity, proceed as follows:
1 Log on to the Canberra computer using the Kim_Akers account
2 Open an elevated command prompt
3 To allow ICMPv4 traffic through the Canberra firewall, enternetsh advfirewall
firewall add rule name=”ICMpv4” protocol=icmpv4:any,any dir=in action=allow.
4. To configure static IPv4 configuration, enter netsh interface ipv4 set address “local
area connection” static 10.0.0.11 255.255.255.0 10.0.0.1 Currently, there is no DNS
service on your private network, so there is no point configuring a DNS setting Note
that if you are using virtual machines, the connection to your private wired network
may have a name other than Local Area Connection
5. Enter ipconfig Your screen should look similar to Figure 6-15
6 Remaining logged on to the Canberra computer, log on to the Aberdeen computer
using the Kim_Akers account
Trang 10FIgUre 6-15 Static configuration of the Canberra computer
7 Open an elevated command prompt
8 To allow ICMPv4 traffic through the Aberdeen firewall, enternetsh advfirewall firewall add rule name=”ICMpv4” protocol=icmpv4:any,any dir=in action=allow.
9 Open Network And Sharing Center Click Change Adapter Settings
10 Right-click the Ethernet adapter Local Area Connection and choose Properties
11 Click Internet Protocol Version 4 (TCP/IPv4) and click Properties
12 Configure the connection as shown in Figure 6-16
FIgUre 6-16 Configuring the Aberdeen computer
13 Click OK Click Close