Certified Basic Network Support Professional Host networking commands of telnet tracert ipconfig arp netstat and nslookup

Host networking commands of telnet tracert ipconfig arp netstat and nslookup

nslookup is a network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record. The Internet Systems Consortium has deprecated nslookup in favor of host and dig.

nslookup operates in interactive or non-interactive mode. When used interactively by invoking it without arguments or when the first argument is -(minus sign) and the second argument is host name or internet address of name server, the user issues parameter configurations or requests when presented with the nslookup prompt (>).When no arguments are given, then the command queries to default server.The -(minus sign) invokes subcommands which are specified on command line and should precede nslookup commands. In non-interactive mode i.e.when first argument is name or internet address of the host being searched, parameters and the query are specified as command line arguments in the invocation of the program. The non interactive mode searches the information for specified host using default name server.

netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems.

It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.

Parameters used with this command must be prefixed with a hyphen (-) rather than a slash (/).

-a Displays all active connections and the TCP and UDP ports on which the computer is listening.
-b (Windows) Displays the binary (executable) program's name involved in creating each connection or listening port. (Windows XP, 2003 Server and newer Windows operating systems; not Microsoft Windows 2000 or older).
-b (OS X, NetBSD) Causes -i to report the total number of bytes of traffic.
-e Displays ethernet statistics, such as the number of bytes and packets sent and received. This parameter can be combined with -s.
-f (Windows) Displays fully qualified domain names <FQDN> for foreign addresses (only available on Windows Vista and newer operating systems).
-f Address Family (FreeBSD) Limits display to a particular socket address family, unix, inet, inet6
-g Displays multicast group membership information for both IPv4 and IPv6 (may only be available on newer operating systems)
-i Displays network interfaces and their statistics (not available under Windows)
-m Displays the memory statistics for the networking code (STREAMS statistics on Solaris).
-n Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.
-o (Windows) Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p. This parameter is available on Microsoft Windows XP, 2003 Server (and Windows 2000 if a hotfix is applied).[2]
-p protocol (Windows and BSD) Shows connections for the protocol specified by protocol. In this case, protocol can be tcp, udp, tcpv6, or udpv6. If this parameter is used with -s to display statistics by protocol, protocol can be tcp, udp, icmp, ip, tcpv6, udpv6, icmpv6, or ipv6.
-p (Linux) Show which processes are using which sockets (similar to -b under Windows) (you must be root to do this)
-P protocol (Solaris) Shows connections for the protocol specified by protocol. In this case, protocol can be ip, ipv6, icmp, icmpv6, igmp, udp, tcp, or rawip.
-r Displays the contents of the IP routing table. (This is equivalent to the route print command under Windows.)
-s Displays statistics by protocol. By default, statistics are shown for the TCP, UDP, ICMP, and IP protocols. If the IPv6 protocol for Windows XP is installed, statistics are shown for the TCP over IPv6, UDP over IPv6, ICMPv6, and IPv6 protocols. The -p parameter can be used to specify a set of protocols.
-t (Linux) Display only TCP connections.
-w (FreeBSD) Display wide output - doesn't truncate hostnames or IPv6 addresses
-v (Windows) When used in conjunction with -b it will display the sequence of components involved in creating the connection or listening port for all executables.
Interval Redisplays the selected information every Interval seconds. Press CTRL+C to stop the redisplay. If this parameter is omitted, netstat prints the selected information only once.
-h (unix)
/? (windows)
Displays help at the command prompt.

Netstat provides statistics for the following:

  •     Proto - The name of the protocol (TCP or UDP).
  •     Local Address - The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
  •     Foreign Address - The IP address and port number of the remote computer to which the socket is connected. The names that corresponds to the IP address and the port are shown unless the -n parameter is specified. If the port is not yet established, the port number is shown as an asterisk (*).
  •     State - Indicates the state of a TCP connection. The possible states are as follows: CLOSE_WAIT, CLOSED, ESTABLISHED, FIN_WAIT_1, FIN_WAIT_2, LAST_ACK, LISTEN, SYN_RECEIVED, SYN_SEND, and TIME_WAIT. For more information about the states of a TCP connection, see RFC 793.


To display the statistics for only the TCP or UDP protocols, type one of the following commands:

    netstat -sp tcp

    netstat -sp udp

To display active TCP connections and the process IDs every 5 seconds, type the following command (On Microsoft Windows, works on XP and 2003 only, or Windows 2000 with hotfix):

    netstat -o 5

Mac OS X version

    netstat -w 5

To display active TCP connections and the process IDs using numerical form, type the following command (On Microsoft Windows, works on XP and 2003 only, or Windows 2000 with hotfix):

    netstat -no

To display all ports open by a process with id pid

    netstat -aop | grep "pid"


traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.
traceroute outputs the list of traversed routers in simple text format, together with timing information

The traceroute command is available on a number of modern operating systems.

Traceroute sends a sequence of Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host. Determining the intermediate routers traversed involves adjusting the time-to-live (TTL), aka hop limit, Internet Protocol parameter. Frequently starting with a value like 128 (Windows) or 64 (Linux), routers decrement this and discard a packet when the TTL value has reached zero, returning the ICMP error message ICMP Time Exceeded.

Traceroute works by increasing the TTL value of each successive set of packets sent. The first set of packets sent have a hop limit value of 1, expecting that they are not forwarded by the first router. The next set have a hop limit value of 2, so that the second router will send the error reply. This continues until the destination host receives the packets and returns an ICMP Echo Reply message.

Traceroute uses the returned ICMP messages to produce a list of routers that the packets have traversed. The timestamp values returned for each router along the path are the delay (aka latency) values, typically measured in milliseconds for each packet.

An image is shown -


Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Telnet was developed in 1969 beginning with RFC 15, extended in RFC 854, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards.

Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a remote host. Most network equipment and operating systems with a TCP/IP stack support a Telnet service for remote configuration (including systems based on Windows NT). Because of security issues with Telnet, its use for this purpose has waned in favor of SSH.

Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically this protocol is used to establish a connection to Transmission Control Protocol (TCP) port number 23, where a Telnet server application (telnetd) is listening. Telnet, however, predates TCP/IP and was originally run over Network Control Program (NCP) protocols.

Security Concerns -
Telnet, by default, does not encrypt any data sent over the connection (including passwords), and so it is often practical to eavesdrop on the communications and use the password later for malicious purposes; anybody who has access to a router, switch, hub or gateway located on the network between the two hosts where Telnet is being used can intercept the packets passing by and obtain login, password and whatever else is typed with a packet analyzer.
Most implementations of Telnet have no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle.
Several vulnerabilities have been discovered over the years in commonly used Telnet daemons.

These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly, especially on the public Internet, in favor of the Secure Shell (SSH) protocol, first released in 1995. SSH provides much of the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be. As has happened with other early Internet protocols, extensions to the Telnet protocol provide Transport Layer Security (TLS) security and Simple Authentication and Security Layer (SASL) authentication that address the above issues. However, most Telnet implementations do not support these extensions; and there has been relatively little interest in implementing these as SSH is adequate for most purposes.

ipconfig (internet protocol configuration) in Windows is a console application that displays all current TCP/IP network configuration values and can modify Dynamic Host Configuration Protocol DHCP and Domain Name System DNS settings.

The standard path is %WINDIR%\System32\ipconfig.exe (which usually resolves to C:\WINDOWS\System32\ipconfig.exe). In most cases, the ipconfig command is used with the command-line switch /all. This results in more detailed information than ipconfig alone.

An image is shown -



Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your computer. Used without parameters, arp displays help.


arp [-a [InetAddr] [-N IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] [-d InetAddr [IfaceAddr]] [-s InetAddr EtherAddr [IfaceAddr]]


-a [InetAddr] [-N IfaceAddr] : Displays current ARP cache tables for all interfaces. To display the ARP cache entry for a specific IP address, use arp -a with the InetAddr parameter, where InetAddr is an IP address. To display the ARP cache table for a specific interface, use the -N IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. The -N parameter is case-sensitive.

-g [InetAddr] [-N IfaceAddr] : Identical to -a.

-d InetAddr [IfaceAddr] : Deletes an entry with a specific IP address, where InetAddr is the IP address. To delete an entry in a table for a specific interface, use the IfaceAddr parameter where IfaceAddr is the IP address assigned to the interface. To delete all entries, use the asterisk (*) wildcard character in place of InetAddr.

-s InetAddr EtherAddr [IfaceAddr] : Adds a static entry to the ARP cache that resolves the IP address InetAddr to the physical address EtherAddr. To add a static ARP cache entry to the table for a specific interface, use the IfaceAddr parameter where IfaceAddr is an IP address assigned to the interface.

/? : Displays help at the command prompt


The IP addresses for InetAddr and IfaceAddr are expressed in dotted decimal notation.

The physical address for EtherAddr consists of six bytes expressed in hexadecimal notation and separated by hyphens (for example, 00-AA-00-4F-2A-9C).

Entries added with the -s parameter are static and do not time out of the ARP cache. The entries are removed if the TCP/IP protocol is stopped and started. To create permanent static ARP cache entries, place the appropriate arp commands in a batch file and use Scheduled Tasks to run the batch file at startup.

This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network Connections

Top of pageTop of page


To display the ARP cache tables for all interfaces, type:

arp -a

To display the ARP cache table for the interface that is assigned the IP address, type:

arp -a -N

To add a static ARP cache entry that resolves the IP address to the physical address 00-AA-00-4F-2A-9C, type:

arp -s 00-AA-00-4F-2A-9C

Top of pageTop of page

Formatting legend

Format Meaning


Information that the user must supply


Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output


 For Support