Chapter 1 – Introduction to TCP/IP

Published: November 02, 2004 | Updated: April 16, 2007

Writer: Joe Davies

Abstract

This chapter introduces Transmission Control Protocol/Internet Protocol (TCP/IP), both as an industry standard protocol suite and as it is supported in the Microsoft® Windows Server™ 2003 and Windows® XP operating systems. For the TCP/IP protocol suite, network administrators must understand its past, the current standards process, and the common terms used to describe network devices and portions of a network. For the TCP/IP components in Windows Server 2003 and Windows XP, network administrators must understand the installation and configuration differences of the Internet Protocol version 4 (IPv4)-based and Internet Protocol version 6 (IPv6)-based components and the primary tools for troubleshooting.

For a download of the entire "TCP/IP Fundamentals for Microsoft Windows" online book, which contains a version of this chapter that has been updated for Windows Vista and Windows Server 2008, click here.

On This Page

Chapter Objectives
History of TCP/IP
The Internet Standards Process
TCP/IP Terminology
TCP/IP Components in Windows
Chapter Summary
Chapter Glossary

Chapter Objectives

After completing this chapter, you will be able to:

  • Describe the purpose and history of the TCP/IP protocol suite.

  • Describe the Internet standards process and the purpose of a Request for Comments (RFC) document.

  • Define common terms used in TCP/IP.

  • Describe the advantages of TCP/IP components in Windows Server 2003 and Windows XP.

  • Describe how to configure the IPv4-based TCP/IP component in Windows.

  • Describe how to install and configure the IPv6-based TCP/IP component in Windows.

  • List and define the set of name resolution files and diagnostic tools used by the TCP/IP components in Windows.

  • Test the TCP/IP components of Windows with the Ipconfig and Ping tools.

  • Install and use Network Monitor.

History of TCP/IP

Transmission Control Protocol/Internet Protocol (TCP/IP) is an industry standard suite of protocols that is designed for large networks consisting of network segments that are connected by routers. TCP/IP is the protocol that is used on the Internet, which is the collection of thousands of networks worldwide that connect research facilities, universities, libraries, government agencies, private companies, and individuals.

The roots of TCP/IP can be traced back to research conducted by the United States Department of Defense (DoD) Advanced Research Projects Agency (DARPA) in the late 1960s and early 1970s. The following list highlights some important TCP/IP milestones:

  • In 1970, ARPANET hosts started to use Network Control Protocol (NCP), a preliminary form of what would become the Transmission Control Protocol (TCP).

  • In 1972, the Telnet protocol was introduced. Telnet is used for terminal emulation to connect dissimilar systems. In the early 1970s, these systems were different types of mainframe computers.

  • In 1973, the File Transfer Protocol (FTP) was introduced. FTP is used to exchange files between dissimilar systems.

  • In 1974, the Transmission Control Protocol (TCP) was specified in detail. TCP replaced NCP and provided enhanced reliable communication services.

  • In 1981, the Internet Protocol (IP) (also known as IP version 4 [IPv4]) was specified in detail. IP provides addressing and routing functions for end-to-end delivery.

  • In 1982, the Defense Communications Agency (DCA) and ARPA established the Transmission Control Protocol (TCP) and Internet Protocol (IP) as the TCP/IP protocol suite.

  • In 1983, ARPANET switched from NCP to TCP/IP.

  • In 1984, the Domain Name System (DNS) was introduced. DNS resolves domain names (such as www.example.com) to IP addresses (such as 192.168.5.18).

  • In 1995, Internet service providers (ISPs) began to offer Internet access to businesses and individuals.

  • In 1996, the Hypertext Transfer Protocol (HTTP) was introduced. The World Wide Web uses HTTP.

  • In 1996, the first set of IP version 6 (IPv6) standards were published.

For more information about these protocols and the layers of the TCP/IP protocol architecture, see Chapter 2, "Architectural Overview of the TCP/IP Protocol Suite."

With the refinement of the IPv6 standards and their growing acceptance, the chapters of this online book make the following definitions:

  • TCP/IP is the entire suite of protocols defined for use on private networks and the Internet. TCP/IP includes both the IPv4 and IPv6 sets of protocols.

  • IPv4 is the Internet layer of the TCP/IP protocol suite originally defined for use on the Internet. IPv4 is in widespread use today.

  • IPv6 is the Internet layer of the TCP/IP protocol suite that has been recently developed. IPv6 is gaining acceptance today.

  • IP is the term used to describe features or attributes that apply to both IPv4 and IPv6. For example, an IP address is either an IPv4 address or an IPv6 address.

    Note  Because the term IP indicates IPv4 in most of the TCP/IP implementations today, the term IP will be used for IPv4 in some instances. These references will be made clear in the context of the discussion. When possible, the chapters of this online book will use the term IP (IPv4).

The Internet Standards Process

Because TCP/IP is the protocol of the Internet, it has evolved based on fundamental standards that have been created and adopted over more than 30 years. The future of TCP/IP is closely associated with the advances and administration of the Internet as additional standards continue to be developed. Although no one organization owns the Internet or its technologies, several organizations oversee and manage these new standards, such as the Internet Society and the Internet Architecture Board.

The Internet Society (ISOC) was created in 1992 and is a global organization responsible for the internetworking technologies and applications of the Internet. Although the society’s principal purpose is to encourage the development and availability of the Internet, it is also responsible for the further development of the standards and protocols that allow the Internet to function.

The ISOC sponsors the Internet Architecture Board (IAB), a technical advisory group that sets Internet standards, publishes RFCs, and oversees the Internet standards process. The IAB governs the following bodies:

  • The Internet Assigned Number Authority (IANA) oversees and coordinates the assignment of protocol identifiers used on the Internet.

  • The Internet Research Task Force (IRTF) coordinates all TCP/IP-related research projects.

  • The Internet Engineering Task Force (IETF) solves technical problems and needs as they arise on the Internet and develops Internet standards and protocols. IETF working groups define standards known as RFCs.

Requests for Comments (RFCs)

The standards for TCP/IP are published in a series of documents called Requests for Comments (RFCs). RFCs describe the internal workings of the Internet. TCP/IP standards are always published as RFCs, although not all RFCs specify standards. Some RFCs provide informational, experimental, or historical information only.

An RFC begins as an Internet draft, which is typically developed by one or more authors in an IETF working group. An IETF working group is a group of individuals that has a specific charter for an area of technology in the TCP/IP protocol suite. For example, the IPv6 working group devotes its efforts to furthering the standards of IPv6. After a period of review and a consensus of acceptance, the IETF publishes the final version of the Internet draft as an RFC and assigns it an RFC number.

RFCs also receive one of five requirement levels, as listed in Table 1-1.

Requirement level

Description

Required

Must be implemented on all TCP/IP-based hosts and gateways.

Recommended

Encouraged that all TCP/IP-based hosts and gateways implement the RFC specifications. Recommended RFCs are usually implemented.

Elective

Implementation is optional. Its application has been agreed to but never widely used.

Limited use

Not intended for general use.

Not recommended

Not recommended for implementation.

Table 1-1  Requirement Levels of RFCs

If an RFC is being considered as a standard, it goes through stages of development, testing, and acceptance. Within the Internet standards process, these stages are formally known as maturity levels.

Internet standards have one of three maturity levels, as listed in Table 1-2. Maturity levels are determined by the RFC's IETF working group and are independent of requirement levels.

Maturity level

Description

Proposed Standard

A Proposed Standard specification is generally stable, has resolved known design choices, is believed to be well understood, has received significant community review, and appears to enjoy enough community interest to be considered valuable.

Draft Standard

A Draft Standard specification must be well understood and known to be quite stable, both in its semantics and as a basis for developing an implementation.

Internet Standard

An Internet Standard specification (which may simply be referred to as a Standard) is characterized by a high degree of technical maturity and by a generally held belief that the specified protocol or service provides significant benefit to the Internet community.

Table 1-2  Maturity Levels of Internet Standards

If an RFC-based standard must change, the IETF publishes a new Internet draft and, after a period of review, a new RFC with a new number. The original RFC is never updated. Therefore, you should verify that you have the most recent RFC on a particular topic or standard. For example, we reference RFCs throughout the chapters of this online book. If you decide to look up the technical details of an Internet standard in its RFC, make sure that you have the latest RFC that describes the standard.

You can obtain RFCs from https://www.ietf.org/rfc.html.

TCP/IP Terminology

The Internet standards use a specific set of terms when referring to network elements and concepts related to TCP/IP networking. These terms provide a foundation for subsequent chapters. Figure 1-1 illustrates the components of an IP network.

Bb726991.tcpipf01(en-us,TechNet.10).gif

Figure 1-1  Elements of an IP network

Common terms and concepts in TCP/IP are defined as follows:

  • Node  Any device, including routers and hosts, which runs an implementation of IP.

  • Router  A node that can forward IP packets not explicitly addressed to itself. On an IPv6 network, a router also typically advertises its presence and host configuration information.

  • Host  A node that cannot forward IP packets not explicitly addressed to itself (a non-router). A host is typically the source and the destination of IP traffic. A host silently discards traffic that it receives but that is not explicitly addressed to itself.

  • Upper-layer protocol A protocol above IP that uses IP as its transport. Examples include Internet layer protocols such as the Internet Control Message Protocol (ICMP) and Transport layer protocols such as the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). (However, Application layer protocols that use TCP and UDP as their transports are not considered upper-layer protocols. File Transfer Protocol [FTP] and Domain Name System [DNS] fall into this category). For details of the layers of the TCP/IP protocol suite, see Chapter 2, "Architectural Overview of the TCP/IP Protocol Suite."

  • LAN segment  A portion of a subnet consisting of a single medium that is bounded by bridges or Layer 2 switches.

  • **Subnet  **One or more LAN segments that are bounded by routers and use the same IP address prefix. Other terms for subnet are network segment and link.

  • **Network  **Two or more subnets connected by routers. Another term for network is internetwork.

  • **Neighbor  **A node connected to the same subnet as another node.

  • **Interface  **The representation of a physical or logical attachment of a node to a subnet. An example of a physical interface is a network adapter. An example of a logical interface is a tunnel interface that is used to send IPv6 packets across an IPv4 network.

  • **Address  **An identifier that can be used as the source or destination of IP packets and that is assigned at the Internet layer to an interface or set of interfaces.

  • **Packet  **The protocol data unit (PDU) that exists at the Internet layer and comprises an IP header and payload.

TCP/IP Components in Windows

Table 1-3 lists the advantages of the TCP/IP protocol suite and the inclusion of TCP/IP components in Windows.

Advantages of the TCP/IP protocol suite

Advantages of TCP/IP components in Windows

A standard, routable enterprise networking protocol that is the most complete and accepted protocol available. All modern operating systems support TCP/IP, and most large private networks rely on TCP/IP for much of their traffic.

TCP/IP components in Windows enable enterprise networking and connectivity for Windows and non-Windows–based computers.

A technology for connecting dissimilar systems. Many TCP/IP application protocols were designed to access and transfer data between dissimilar systems. These protocols include HTTP, FTP, and Telnet.

TCP/IP components in Windows allow standards-based connectivity to other operating system platforms.

A robust, scaleable, cross-platform client/server framework.

TCP/IP components in Windows support the Windows Sockets application programming interface, which developers use to create client/server applications.

A method of gaining access to the Internet.

Windows-based computers are Internet-ready.

Table 1-3  Advantages of the TCP/IP protocol suite and TCP/IP components in Windows

Windows includes both an IPv4-based and an IPv6-based TCP/IP component.

Configuring the IPv4-based TCP/IP Component in Windows

The IPv4-based TCP/IP component in Windows Server 2003 and Windows XP is installed by default and appears as the Internet Protocol (TCP/IP) component in the Network Connections folder. Unlike in previous versions of Windows, you cannot uninstall the Internet Protocol (TCP/IP) component. However, you can restore its default configuration by using the netsh interface ip reset command. For more information about Netsh commands, see Windows Server 2003 or Windows XP Help and Support.

The Internet Protocol (TCP/IP) component can be configured to obtain its configuration automatically or from manually specified settings. By default, this component is configured to obtain an address configuration automatically. Figure 1-2 shows the General tab of the Internet Protocol (TCP/IP) Properties dialog box.

Bb726991.tcpipf02(en-us,TechNet.10).gif

Figure 1-2  The General tab of the properties dialog box for the Internet Protocol (TCP/IP) component

Automatic Configuration

If you specify automatic configuration, the Internet Protocol (TCP/IP) component attempts to locate a Dynamic Host Configuration Protocol (DHCP) server and obtain a configuration when Windows starts. Many TCP/IP networks use DHCP servers that are configured to allocate TCP/IP configuration information to clients on the network. For more information about DHCP, see Chapter 6, "Dynamic Host Configuration Protocol."

If the Internet Protocol (TCP/IP) component fails to locate a DHCP server, TCP/IP checks the setting on the Alternate Configuration tab. Figure 1-3 shows this tab.

Bb726991.tcpipf03(en-us,TechNet.10).gif

Figure 1-3  The Alternate Configuration tab of the Internet Protocol (TCP/IP) component

This tab contains two options:

  • Automatic Private IP Address  If you choose this option, Automatic Private IP Addressing (APIPA) is used. The Internet Protocol (TCP/IP) component automatically chooses an IPv4 address from the range 169.254.0.1 to 169.254.255.254, using the subnet mask of 255.255.0.0. The DHCP client ensures that the IPv4 address that the Internet Protocol (TCP/IP) component has chosen is not already in use. If the address is in use, the Internet Protocol (TCP/IP) component chooses another IPv4 address and repeats this process for up to 10 addresses. When the Internet Protocol (TCP/IP) component has chosen an address that the DHCP client has verified as not in use, the Internet Protocol (TCP/IP) component configures the interface with this address. With APIPA, users on single-subnet Small Office/Home Office (SOHO) networks can use TCP/IP without having to perform manual configuration or set up a DHCP server. APIPA does not configure a default gateway. Therefore, only local subnet traffic is possible.

  • User Configured  If you choose this option, the Internet Protocol (TCP/IP) component uses the configuration that you specify. This option is useful when a computer is used on more than one network, not all of the networks have a DHCP server, and an APIPA configuration is not wanted. For example, you might want to choose this option if you have a laptop computer that you use both at the office and at home. At the office, the laptop uses a TCP/IP configuration from a DHCP server. At home, where no DHCP server is present, the laptop automatically uses the alternate manual configuration. This option provides easy access to home network devices and the Internet and allows seamless operation on both networks, without requiring you to manually reconfigure the Internet Protocol (TCP/IP) component.

If you specify an APIPA configuration or an alternate manual configuration, the Internet Protocol (TCP/IP) component continues to check for a DHCP server in the background every 5 minutes. If TCP/IP finds a DHCP server, it stops using the APIPA or alternate manual configuration and uses the IPv4 address configuration offered by the DHCP server.

Manual Configuration

To configure the Internet Protocol (TCP/IP) component manually, also known as creating a static configuration, you must at a minimum assign the following:

  • IP address  An IP (IPv4) address is a logical 32-bit address that is used to identify the interface of an IPv4-based TCP/IP node. Each IPv4 address has two parts: the subnet prefix and the host ID. The subnet prefix identifies all hosts that are on the same physical network. The host ID identifies a host on the network. Each interface on an IPv4-based TCP/IP network requires a unique IPv4 address, such as 131.107.2.200.

  • Subnet mask  A subnet mask allows the Internet Protocol (TCP/IP) component to distinguish the subnet prefix from the host ID. An example of a subnet mask is 255.255.255.0.

For more information about IPv4 addresses and subnet masks, see Chapter 3, "IP Addressing," and Chapter 4, "Subnetting."

You must configure these parameters for each network adapter in the node that uses the Internet Protocol (TCP/IP) component. If you want to connect to nodes beyond the local subnet, you must also assign the IPv4 address of a default gateway, which is a router on the local subnet to which the node is attached. The Internet Protocol (TCP/IP) component sends packets that are destined for remote networks to the default gateway, if no other routes are configured on the local host.

You can also manually configure the IPv4 addresses of primary and alternate DNS servers. The Internet Protocol (TCP/IP) component uses DNS servers to resolve names, such as www.example.com, to IPv4 or IPv6 addresses.

Figure 1-4 shows an example of a manual configuration for the Internet Protocol (TCP/IP) component.

Bb726991.tcpipf04(en-us,TechNet.10).gif

Figure 1-4  An example of a manual configuration for the Internet Protocol (TCP/IP)

You can also manually configure the Internet Protocol (TCP/IP) using netsh interface ip commands at a command prompt.

Installing and Configuring the IPv6-based TCP/IP Component in Windows

Windows XP with Service Pack 1 (SP1) and Windows Server 2003 are the first versions of Windows to support IPv6 for production use. You install IPv6 as a component in Network Connections; the component is named Microsoft TCP/IP Version 6 in Windows Server 2003and Windows XP with Service Pack 2 (SP2) and Microsoft IPv6 Developer Edition in Windows XP with SP1.

Note The Microsoft IPv6 Developer Edition component included in Windows XP with no service packs was intended for application developers only, not for use in production environments. Therefore, all of the Help topics for that version contain a disclaimer describing its limitations and supported uses. Windows XP SP1 and SP2 include a version of IPv6 that is intended for production use. However, the Help topics were not updated for Windows XP SP1 or SP2. Therefore, you can disregard the disclaimer if you have installed Windows XP SP1 or SP2.

Unlike the Internet Protocol (TCP/IP) component, the IPv6 component is not installed by default, and you can uninstall it. You can install the IPv6 component in the following ways:

  • Using the Network Connections folder.

  • Using the netsh interface ipv6 install command.

To install the IPv6 component in Windows Server 2003 using the Network Connections folder, do the following:

  1. Click Start, point to Control Panel, and then double-click Network Connections.  

  2. Right-click any local area connection, and then click Properties.

  3. Click Install.

  4. In the Select Network Component Type dialog box, click Protocol, and then click Add.

  5. In the Select Network Protocol dialog box, click Microsoft TCP/IP Version 6, and then click OK.

  6. Click Close to save changes.

Unlike Internet Protocol (TCP/IP), the IPv6 component has no properties dialog box from which you can configure IPv6 addresses and settings. Configuration should be automatic for IPv6 hosts and manual for IPv6 routers.

Automatic Configuration

The Microsoft TCP/IP Version 6 component supports address autoconfiguration. All IPv6 nodes automatically create unique IPv6 addresses for use between neighboring nodes on a subnet. To reach remote locations, each IPv6 host upon startup sends a Router Solicitation message in an attempt to discover the local routers on the subnet. An IPv6 router on the subnet responds with a Router Advertisement message, which the IPv6 host uses to automatically configure IPv6 addresses, the default router, and other IPv6 settings.

Manual Configuration

You do not need to configure the typical IPv6 host manually. If a host does require manual configuration, use the netsh interface ipv6 commands to add addresses or routes and configure other settings.

If you are configuring a computer running Windows XP with SP1, Windows XP with SP2, or Windows Server 2003 to be an IPv6 router, then you must use the netsh interface ipv6 commands to manually configure the IPv6 component with address prefixes.

For more information about configuring an IPv6 router, see Chapter 5, "IP Routing."

Name Resolution Files in Windows

The Internet Protocol (TCP/IP) and Microsoft TCP/IP Version 6 components support the use of name resolution files to resolve the names of destinations, networks, protocols, and services. Table 1-4 lists these name resolution files, which are stored in the Systemroot\System32\Drivers\Etc folder.

File name

Description

Hosts

Resolves host names to IPv4 or IPv6 addresses. For more information, see Chapter 7, "Host Name Resolution."

Lmhosts

Resolves network basic input/output system (NetBIOS) names to IPv4 addresses. A sample Lmhosts file (Lmhosts.sam) is included by default. You can create a different file named Lmhosts or you can rename or copy Lmhosts.sam to Lmhosts in this folder. For more information, see Chapter 11, "NetBIOS over TCP/IP."

Networks

Resolves network names to IPv4 subnet prefixes.

Protocol

Resolves protocol names to RFC-defined protocol numbers. A protocol number is a field in the IPv4 header that identifies the upper-layer protocol (such as TCP or UDP) to which the IPv4 packet payload should be passed.

Services

Resolves service names to port numbers and protocol names. Port numbers correspond to fields in the TCP or UDP headers that identify the application using TCP or UDP.

Table 1-4  Name Resolution Files in Windows

TCP/IP Tools in Windows

Table 1-5 lists the TCP/IP diagnostic tools that are included with Windows Server 2003 and Windows XP. You can use these tools to help identify or resolve TCP/IP networking problems.

Tool

Description

Arp

Allows you to view and edit the Address Resolution Protocol (ARP) cache. The ARP cache maps IPv4 addresses to media access control (MAC) addresses. Windows uses these mappings to send data on the local network.

Hostname

Displays the host name of the computer.

Ipconfig

Displays current TCP/IP configuration values for both IPv4 and IPv6. Also used to manage DHCP configuration and the DNS client resolver cache.

Lpq

Displays the status of print queues on print servers running Line Printer Daemon (LPD) software.

Nbtstat

Checks the state of current NetBIOS over TCP/IP connections, updates the Lmhosts cache, and determines the registered names and scope ID.

Netsh

Displays and allows you to administer settings for IPv4 or IPv6 on either the local computer or a remote computer.

Netstat

Displays statistics and other information about current IPv4 and IPv6 connections.

Nslookup

Queries a DNS server.

Ping

Tests IPv4 or IPv6 connectivity to other IP nodes.

Route

Allows you to view the local IPv4 and IPv6 routing tables and to modify the local IPv4 routing table.

Tracert

Traces the route that an IPv4 or IPv6 packet takes to a destination.

Pathping

Traces the route that an IPv4 or IPv6 packet takes to a destination and displays information on packet losses for each router and subnet in the path.

Table 1-5  TCP/IP diagnostic tools in Windows

Windows Server 2003 and Windows XP also include command-line tools for data transfer using FTP, Trivial File Transfer Protocol (TFTP), Telnet, and connectivity to UNIX-based resources.

After you have configured TCP/IP, you can use the Ipconfig and Ping tools to verify and test the configuration and connectivity to other TCP/IP hosts and networks.

The Ipconfig Tool

You can use the Ipconfig tool to verify the TCP/IP configuration parameters on a host, including the following:

  • For IPv4, the IPv4 address, subnet mask, and default gateway.

  • For IPv6, the IPv6 addresses and the default router.

Ipconfig is useful in determining whether the configuration is initialized and whether a duplicate IP address is configured. To view this information, type ipconfig at a command prompt.

Here is an example of the display of the Ipconfig tool for a computer that is using both IPv4 and IPv6:

C:\>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : wcoast.example.com
   IP Address. . . . . . . . . . . . : 157.60.139.77
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   IP Address. . . . . . . . . . . . : 2001:db8:ffff:f282:204:76ff:fe36:7363
   IP Address. . . . . . . . . . . . : fec0::f282:204:76ff:fe36:7363%2
   IP Address. . . . . . . . . . . . : fe80::204:76ff:fe36:7363
   Default Gateway . . . . . . . . . : 157.60.136.1
                                       2001:db8:1:21ad:210:ffff:fed6:58c0

Tunnel adapter Automatic Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : wcoast.example.com
   IP Address. . . . . . . . . . . . : 2001:db8:ffff:f70f:0:5efe:157.60.139.77
   IP Address. . . . . . . . . . . . : fe80::5efe:157.60.139.77%2
   Default Gateway . . . . . . . . . : fe80::5efe:157.54.253.9%2

Type ipconfig /all at a command prompt to view the IPv4 and IPv6 addresses of DNS servers, the IPv4 addresses of Windows Internet Name Service (WINS) servers (which resolve NetBIOS names to IP addresses), the IPv4 address of the DHCP server, and lease information for DHCP-configured IPv4 addresses.

The Ping Tool

After you verify the configuration with the Ipconfig tool, use the Ping tool to test connectivity. The Ping tool is a diagnostic tool that tests TCP/IP configurations and diagnoses connection failures. For IPv4, Ping uses ICMP Echo and Echo Reply messages to determine whether a particular IPv4-based host is available and functional. For IPv6, Ping uses ICMP for IPv6 (ICMPv6) Echo Request and Echo Reply messages. The basic command syntax is ping Destination, in which Destination is either an IPv4 or IPv6 address or a name that can be resolved to an IPv4 or IPv6 address.

Here is an example of the display of the Ping tool for an IPv4 destination:

C:\>ping 157.60.136.1

Pinging 157.60.136.1 with 32 bytes of data:

Reply from 157.60.136.1: bytes=32 time<1ms TTL=255
Reply from 157.60.136.1: bytes=32 time<1ms TTL=255
Reply from 157.60.136.1: bytes=32 time<1ms TTL=255
Reply from 157.60.136.1: bytes=32 time<1ms TTL=255

Ping statistics for 157.60.136.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Here is an example of the display of the Ping tool for an IPv6 destination:

C:\>ping 2001:db8:1:21ad:210:ffff:fed6:58c0

Pinging 2001:db8:1:21ad:210:ffff:fed6:58c0 from 2001:DB8:1:21ad:204:76ff:fe36:7363 with 32 bytes of data:

Reply from 2001:db8:1:21ad:210:ffff:fed6:58c0: time<1ms
Reply from 2001:db8:1:21ad:210:ffff:fed6:58c0: time<1ms
Reply from 2001:db8:1:21ad:210:ffff:fed6:58c0: time<1ms
Reply from 2001:db8:1:21ad:210:ffff:fed6:58c0: time<1ms

Ping statistics for 2001:db8:1:21ad:210:ffff:fed6:58c0:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

To verify a computer’s configuration and to test for router connections, do the following:

  1. Type ipconfig at a command prompt to verify whether the TCP/IP configuration has initialized.

  2. Ping the IPv4 address of the default gateway or the IPv6 address of the default router to verify whether they are functioning and whether you can communicate with a node on the local network.

  3. Ping the IPv4 or IPv6 address of a remote node to verify whether you can communicate through a router.

If you start with step 3 and you are successful, then you can assume that you would be successful with steps 1 and 2.

Note  You cannot use the Ping tool to troubleshoot connections if packet filtering routers and host-based firewalls are dropping ICMP and ICMPv6 traffic. For more information, see Chapter 13, "Internet Protocol Security (IPsec) and Packet Filtering."

Network Monitor

You can use Network Monitor to simplify troubleshooting complex network problems because it monitors and captures network traffic for analysis. Network Monitor works by configuring a network adapter to capture all incoming and outgoing packets.

You can define capture filters so that only specific frames are saved. Filters can save frames based on source and destination MAC addresses, source and destination protocol addresses, and pattern matches. After a packet is captured, you can use display filtering to further isolate a problem. When a packet has been captured and filtered, Network Monitor interprets and displays the packet data in readable terms.

Note  Windows Server 2003 includes a version of Network Monitor that can capture data for the local computer only. Microsoft Systems Management Server includes a version that can capture data for remote computers.

To install Network Monitor in Windows Server 2003, do the following:

  1. Click Start, point to Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.

  2. In the Windows Components wizard, click Management and Monitoring Tools, and then click Details.

  3. In Management And Monitoring Tools, select the Network Monitor Tools check box, and then click OK.

  4. If you are prompted for additional files, insert the product CD, or type a path to the location of the files on the network.

    Note  To perform this procedure, you must be logged on as a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might also be able to perform this procedure.

To analyze network traffic with Network Monitor, you must start the capture, generate the network traffic you want to observe, stop the capture, and then view the data.

Starting a Capture

Network Monitor uses different windows to display data in different ways. One of the primary windows is the Capture window. Figure 1-5 shows an example of the Capture window.

Bb726991.tcpipf05(en-us,TechNet.10).gif

Figure 1-5  The Capture window in Network Monitor

When this window is active, the toolbar has options to start, pause, stop, or stop and view captured data. On the Capture menu, click Start to start a capture. While the capture is running, statistical information appears in the Capture window.

Stopping a Capture

After you have generated the network traffic that you want to analyze, on the Capture menu, click Stop to stop the capture. You can then start another capture or display the current capture data. To stop a capture and immediately open it for viewing, on the Capture menu, click Stop and View.

Viewing the Data

When you open a capture to view, a Summary window appears, showing the list of frames in the capture. Each frame contains a frame number, the time of frame reception, source and destination addresses, the highest-layer protocol used in the frame, and a description of the frame. Figure 1-6 shows an example Summary window.

Bb726991.tcpipf06(en-us,TechNet.10).gif

Figure 1-6  The Summary window of a capture in Network Monitor

For more detailed information about a specific frame, on the Window menu, click Zoom pane. In the zoom view, the Summary window shows two more panes, the Detail pane and the Hexadecimal pane. The Detail pane shows the protocol information in detail. The Hexadecimal pane shows the individual bytes in the frame. Figure 1-7 shows the zoom view of a frame within an example capture.

Bb726991.tcpipf07(en-us,TechNet.10).gif

Figure 1-7  Zoom view of a frame in a capture in Network Monitor

Chapter Summary

The chapter includes the following pieces of key information:

  • TCP/IP is an industry-standard suite of protocols that are designed for large-scale networks. The TCP/IP protocol suite includes both the IPv4 and IPv6 sets of protocols.

  • The standards for TCP/IP are published in a series of documents called RFCs.

  • On a TCP/IP-based network, a router can forward packets that are not addressed to the router, a host cannot, and a node is either a host or a router.

  • On a TCP/IP-based network, a subnet is one or more LAN segments that are bounded by routers and that use the same IP address prefix, and a network is two or more subnets connected by routers.

  • The IPv4-based TCP/IP component in Windows is the Internet Protocol (TCP/IP) component in Network Connections. This component is installed by default, and you cannot uninstall it. You configure it either automatically (by using DHCP or an alternate configuration) or manually (by using Network Connections or the Netsh tool).

  • The IPv6-based TCP/IP component in Windows is the Microsoft TCP/IP Version 6 or Microsoft IPv6 Developer Edition component in Network Connections. This component is not installed by default, and you can uninstall it. You configure it either automatically (by using router discovery) or manually (by using the Netsh tool).

  • Ipconfig and ping are the primary tools for troubleshooting basic IP configuration and connectivity.

  • You can use Network Monitor to troubleshoot complex network problems by capturing and viewing network traffic for analysis.

Chapter Glossary

address – An identifier that specifies the source or destination of IP packets and that is assigned at the IP layer to an interface or set of interfaces.

APIPA – See Automatic Private IP Addressing.

Automatic Private IP Addressing  – A feature in Windows Server 2003 and Windows XP that automatically configures a unique IPv4 address from the range 169.254.0.1 through 169.254.255.254 and a subnet mask of 255.255.0.0. APIPA is used when the Internet Protocol (TCP/IP) component is configured for automatic addressing, no DHCP server is available, and the Automatic Private IP Address alternate configuration option is chosen.

host – A node that is typically the source and a destination of IP traffic. Hosts silently discard received packets that are not addressed to an IP address of the host.

interface – The representation of a physical or logical attachment of a node to a subnet. An example of a physical interface is a network adapter. An example of a logical interface is a tunnel interface that is used to send IPv6 packets across an IPv4 network.

IP – Features or attributes that apply to both IPv4 and IPv6. For example, an IP address is either an IPv4 address or an IPv6 address.

IPv4 – The Internet layer protocols of the TCP/IP protocol suite as defined in RFC 791. IPv4 is in widespread use today.

IPv6 – The Internet layer protocols of the TCP/IP protocol suite as defined in RFC 2460. IPv6 is gaining acceptance today.

LAN segment – A portion of a subnet that consists of a single medium that is bounded by bridges or Layer 2 switches.

neighbor – A node that is connected to the same subnet as another node.

network – Two or more subnets that are connected by routers. Another term for network is internetwork.

node – Any device, including routers and hosts, which runs an implementation of IP.

packet – The protocol data unit (PDU) that exists at the Internet layer and comprises an IP header and payload.

Request for Comments (RFC) - An official document that specifies the details for protocols included in the TCP/IP protocol suite. The Internet Engineering Task Force (IETF) creates and maintains RFCs for TCP/IP.

RFC – See Request for Comments (RFC).

router – A node that can be a source and destination for IP traffic and can also forward IP packets that are not addressed to an IP address of the router. On an IPv6 network, a router also typically advertises its presence and host configuration information.

subnet – One or more LAN segments that are bounded by routers and that use the same IP address prefix. Other terms for subnet are network segment and link.

TCP/IP – See Transmission Control Protocol/Internet Protocol (TCP/IP).

Transmission Control Protocol/Internet Protocol (TCP/IP) – A suite of networking protocols, including both IPv4 and IPv6, that are widely used on the Internet and that provide communication across interconnected networks of computers with diverse hardware architectures and various operating systems.

upper-layer protocol – A protocol above IP that uses IP as its transport. Examples of upper-layer protocols include Internet layer protocols such as the Internet Control Message Protocol (ICMP) and Transport layer protocols such as the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).