How to Troubleshoot TCP/IP Connectivity with Windows XP

MORE INFORMATION

TCP/IP Troubleshooting Tools

The following list shows some of the TCP/IP diagnostic tools that are included with Windows XP.

Basic Tools

Network Diagnostics in Help and Support
Detailed information about the network configuration and the results of automated tests.

Network Connections Folder
Located in Control Panel, under Network and Internet Connections. Contains information and configuration for all network connections on the computer.

IPConfig
Displays current TCP/IP network configuration values; updates or releases Dynamic Host Configuration Protocol (DHCP) allocated leases; and displays, registers, or flushes Domain Name System (DNS) names.

Ping
Sends ICMP Echo Request messages to verify that TCP/IP is configured correctly and that a TCP/IP host is available.

 

Advanced Tools

Hostname
Displays the host name of the computer.

Nbtstat
Displays status of current NetBIOS over TCP/IP connections; updates the NetBIOS name cache; and displays the registered names and scope ID.

PathPing
Displays a path to a TCP/IP host and reports packet losses at each router along the way.

Route
Displays the IP routing table and adds or deletes IP routes.

Tracert
Displays the path to a TCP/IP host.

To view the proper command syntax to use with each of the preceding tools, at a command prompt, type -? after the name of the tool.

 

General Operating System Tools

In addition to the TCP/IP-specific tools, you can also use Windows XP Professional tools.

Event Viewer
Records system errors and events.

Computer Management
Allows changes to network interface drivers and other system components.

Troubleshooting Process

The procedure that you use to troubleshoot TCP/IP issues depends on the type of network connection that you are using and the connectivity problem that you are experiencing.

 

Automated Troubleshooting

For most issues that involve Internet connectivity, start by using the Network Diagnostics tool to identify the source of the issue. To use Network Diagnostics, follow these steps:

1. Click Start, and then click Help and Support.
2. Click the link to Use Tools to view your computer information and diagnose problems, and then click Network Diagnostics in the list on the left.
3. When you click Scan your system, Network Diagnostics gathers configuration information and performs automated troubleshooting of the network connection.
4. When the process finishes, check for any items marked "FAILED" in red, expand those categories, and view the additional details about what the testing showed.

You can either use that information to resolve the issue or you can provide the information to a network support professional for assistance. If you compare the tests that failed with the documentation in the Manual Troubleshooting section later in this article, you may be able to determine the source of the issue. To interpret the results for TCP/IP, expand the Network Adapters section of the results, and then expand the network adapter that failed the testing.

You can also start the Network Diagnostics interface directly by using the following command:

netsh diag gui

Manual Troubleshooting

Checking the Configuration by Using the IPConfig Tool
When you troubleshoot a TCP/IP networking issue, begin by checking the TCP/IP configuration on the computer that is experiencing the problem. Use the ipconfig command to get the host computer configuration information, including the IP address, the subnet mask, and the default gateway.

The /all parameter for IPConfig generates a detailed configuration report for all interfaces, including any remote access adapters. You can redirect IPConfig output to a file to paste the output into other documents. To do so, type:

ipconfig > \folder_name\file_name

The output receives the specified file name and is stored in the specified folder.

You can review the IPConfig output to identify issues that exist in the computer network configuration. For example, if a computer is manually configured with an IP address that duplicates an existing IP address that is already detected, the subnet mask appears as 0.0.0.0.

If your local IP address is returned as 169.254.y.z, with a subnet mask of 255.255.0.0, the IP address was assigned by the Automatic Private IP Addressing (APIPA) feature of Windows XP Professional. This means that TCP/IP is configured for automatic configuration, that no DHCP server was found, and no alternate configuration is specified. This configuration has no default gateway for the interface.

If your local IP address is returned as 0.0.0.0, the DHCP Media Sensing feature override went into effect either because the network adapter detected its lack of connection to a network or because TCP/IP detected an IP address that duplicates a manually configured IP address.

Testing Connectivity by Using the Ping Tool
If you do not identify any issues in the TCP/IP configuration, the next step is to see whether the computer can connect to other host computers on the TCP/IP network.

Ping is a tool that helps to verify IP-level connectivity. The ping command sends an ICMP Echo Request message to a destination host. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use Ping to isolate network hardware problems and incompatible configurations.

Note that if you ran the ipconfig /all command and the IP configuration is displayed, you do not need to ping the loopback address and your own IP address. IPConfig has already performed these tasks to display the configuration. When you troubleshoot, verify that a route exists between the local computer and a network host by first using Ping for the IP address of the network host that you want to connect to. The command syntax is:

ping IP address

Follow these steps when you use Ping:

1. Ping the loopback address to verify that TCP/IP is installed and correctly configured on the local computer. Use the following command:

   ping 127.0.0.1

   If the loopback test fails, the IP stack is not responding. Lack of response can occur if the TCP drivers are corrupted, if the network adapter is not working, or if another service is interfering with IP.

2. Ping the IP address of the local computer to verify that the computer was correctly added to the network. If the routing table is correct, this procedure just forwards the packet to the loopback address of 127.0.0.1. Use the following command:

   ping IP address of local host

   If the loopback test succeeds but you cannot ping the local IP address, there may be an issue that concerns the routing table or the network adapter driver.

3. Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network. Use the following command:

   ping IP address of default gateway

   An unsuccessful ping at this step can indicate an issue that concern the network adapter itself, the router/gateway device, the cabling, or other connectivity hardware.

4. Ping the IP address of a remote host to verify that you can communicate through a router. Use the following command:

   ping IP address of remote host

   An unsuccessful ping at this stage can indicate that the remote host is not responding or that there is a problem in the network hardware between computers. Use Ping again but to a different remote host, to eliminate the first possibility.

5. Ping the host name of a remote host to verify that you can resolve a remote host name. Use the following command:

   ping Host name of remote host

   Ping uses name resolution to resolve a computer name into an IP address. Therefore, if pinging by IP address succeeds but pinging by name does not succeed, the problem is host name resolution, not network connectivity. Check to ensure that DNS server addresses are configured for the computer, either manually in the properties of TCP/IP, or assigned automatically. If DNS server addresses are listed when you check through the use of "ipconfig /all", then try pinging the server addresses to ensure that they are accessible.

If you cannot use Ping successfully at any point:

• Make sure that the local computer's IP address is valid and that it is correct on the General tab of the Internet Protocol (TCP/IP) Properties dialog box or when it is used with the Ipconfig tool.
• Make sure that a default gateway is configured and that the link between the host and the default gateway is working. For troubleshooting purposes, make sure that only one default gateway is configured. Although you can configure more than one default gateway, gateways beyond the first one are used only if the IP stack determines that the original gateway is not working. The purpose of troubleshooting is to determine the status of the first configured gateway, so you can delete all other gateways to simplify your task.
• Make sure that IP Security (IPSec) is not currently enabled. Depending on IPSec policy, Ping packets might be blocked or might require security. For more information about IPSec, see "Checking IP Security" in this article.

Important: If the remote system that you are pinging is across a high-delay link, for example a satellite link, response might take longer. You can use the -w (wait) parameter to specify a longer timeout period than the default timeout of four seconds.

Verifying a Route by Using the PathPing Tool
PathPing is a tool that detects packet loss over multiple-hop paths. Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly. Use the following command:

pathping IP address of remote host

Clearing the ARP Cache by Using the Arp Tool
If you can ping both the loopback address (127.0.0.1) and your own IP address, but you cannot ping any other IP addresses, try clearing out the Address Resolution Protocol (ARP) cache. This can be done by using the Arp tool. Use arp -a or arp -g to display the cache entries. Use arp -d IP address to delete the entries. To flush the ARP cache, use the following command:

netsh interface ip delete arpcache

Verifying the Default Gateway
The gateway address must be on the same network as the local host, or messages from the host computer cannot be forwarded to any location outside the local network. If the gateway address is on the same network as the local host, make sure that the default gateway address is correct as entered. Finally, make sure that the default gateway is a router, not just a host, and that the router is enabled to forward IP datagrams.

Checking Communications by Using the Tracert Tool or the Route Tool
If the default gateway responds correctly, ping a remote host to make sure that network-to-network communications are operating as expected. If communications are not operating as expected, use the Tracert tool to trace the path to the destination. For IP routers that are computers running Microsoft Windows 2000 or Microsoft Windows NT, examine the IP routing table by using the Route tool or the Routing and Remote Access snap-in on those computers. For IP routers that are not computers running Windows XP Professional, Windows 2000, or Windows NT, use the vendor-designated appropriate tool or facility to examine the IP routing table.

The following four error messages are commonly returned by Ping during troubleshooting:
 

This error message means that the number of required hops exceeds the Time to Live (TTL). Increase TTL by using the ping-i parameter. A routing loop may exist. Use the tracert command to see whether misconfigured routers have caused a routing loop.
 

This error message means that no local or remote route does exists for a destination host, either at the sending host or at a router. Troubleshoot the local host or the router's routing table.
 

This error message means that the Echo Reply messages were not received within the designated timeout period (the default is four seconds). Use the ping -w command to increase the timeout.
 

This error message means that the destination host name cannot be resolved. Verify the name and the availability of DNS or WINS servers. Checking IP Security
Although using IPSec can increase the defenses of a network, using IPSec can also make it more difficult to change network configurations or troubleshoot problems. In some cases, IPSec policies require secured communication on a Windows XP Professional-based computer, and the requirements can make it difficult to connect to a remote host. If IPSec has been implemented locally, you can turn off the IPSEC Services service in the Services snap-in.

If the difficulties disappear when you stop the IPSec services, IPSec policies are either blocking the necessary traffic or requiring security for the needed traffic. Ask the security administrator to modify the IPSec policy.

Checking Packet Filtering
Mistakes in packet filtering can keep address resolution or connectivity from working. To find out whether packet filtering is the source of a network problem, turn off TCP/IP packet filtering. Follow these steps:

1. In Control Panel, click Network and Internet Connections, and then click Network Connections.
2. Right-click the local area connection that you want to modify, and then click Properties.
3. On the General tab, in the This connection uses the following items list, click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then click the Options tab.
5. In the Optional Settings dialog box, click TCP/IP Filtering, and then click the Properties tab.
6. Click to clear the Enable TCP/IP Filtering (All adapters) check box, and then click OK.

Try pinging an address by using its DNS name, its NetBIOS computer name, or its IP address. If pinging succeeds, the packet filtering options might be misconfigured, or they might be too restrictive. For example, the filtering might permit the computer to act as a Web server, but in the process the filtering might turn off tools, such as remote administration. You can restore a wider range of permissible filtering options by changing the permitted values for the TCP port, the UDP port, and the IP protocol.

Checking Failure to Connect to a Specific Server
To determine the cause of connectivity problems when you are trying to connect to a specific server through NetBIOS-based connections, use the nbtstat -n command on the server to determine what name the server registered on the network.

The nbtstat -n output command lists several names that the computer has registered. There should be a name that resembles the computer's name as the name is configured on the Computer Name tab under System in Control Panel. If not, try one of the other unique names that displayed by Nbtstat displays.

The Nbtstat tool can also display the cached entries for remote computers from either #PRE entries in the Lmhosts file or from recently resolved names. If the name that the remote computers are using for the server is the same, and the other computers are on a remote subnet, be sure that the other computers have the computer's name-to-address mapping in their Lmhosts files or WINS servers.

Determining Why a Remote Connection Stops Responding (Hangs)
To determine why a TCP/IP connection to a remote computer is not working properly, use the netstat -a command to show the status of all activity for TCP and UDP ports on the local computer.

A good TCP connection usually shows 0 bytes in the Sent and Received queues. If data is blocked in either queue or if the state of the queues is irregular, the connection is probably faulty. If data is not blocked and the state of the queues is normal, you are probably experiencing network or program delay.

Examining the Routing Table by Using the Route Tool
For two hosts to exchange IP datagrams, both hosts must have a route to each other or must use default gateways that know of a route. You can check the routing table on a Windows XP-based host by typing the following at a command prompt:

route print

Examining Paths by Using the Tracert Tool
Tracert is a route-tracing tool that sends ICMP Echo Request messages with incrementally higher values in the IP header TTL field to determine the path from one host to another through a network. Tracert then analyzes the ICMP messages that are returned. Tracert allows you to track the path from router to router for as many as 30 hops. If a router has failed or if the packet is routed into a loop, Tracert reveals the problem. After the problem router is found, you can contact the router administrator if the router is offsite, or you can restore the router to fully functional status if the router is under your control.

Troubleshooting Gateways
If you receive the following message during configuration, find out whether the default gateway is located on the same logical network as the computer's network adapter:
 

Compare the network ID portion of the default gateway IP address with the network IDs of the computer's network adapters. Specifically, check that the bitwise logical AND of the IP address and the subnet mask equals the bitwise logical AND of the default gateway and the subnet mask.

For example, a computer that has a single network adapter that is configured with an IP address of 172.16.27.139 and a subnet mask of 255.255.0.0 requires a default gateway of the form 172.16.y.z. The network ID for this IP interface is 172.16.0.0.

Finding Additional Resources
The following resources contain additional information about troubleshooting Microsoft TCP/IP:

"Configuring TCP/IP" topic in the documentation for the Microsoft Windows XP Professional Resource Kit.

"Introduction to TCP/IP" in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit for general information about the TCP/IP protocol suite.

"Unicast Routing Overview" in the Internetworking Guide of the Microsoft Windows 2000 Server Resource Kit for more information about routing principles.

"TCP/IP Troubleshooting" in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit for more information about IP packet filtering.