Gathering Information on Application Layer Problems
Common TCP/IP commands

The TCP/IP protocol suite offers several commands to help troubleshoot Application Layer problems. Take time to fully understand the value of these commands.

Ping
Although it basically tests Layer 3 connectivity, it can be used to help solve application layer problems.

For example, a troubleshooting strategy using ping can be used to identify a DNS application layer problem.

If there is high latency due to congestion, it may cause application layer problems because of timeout issues. In a WAN setting, latency between packets should be expected. However, in a LAN setting, excessive latency between packets could be an indication of network problems.

Traceroute
Traceroute can be used to pinpoint a network problem. It identifies each intermediate router on the way from host A to host B.

As shown in Figure , traceroute sends the first packet with a TTL value of 1. The first router decrements this and since the value drops to zero, the router discards the packet and sends an ICMP Time-to-live Exceeded message back to the sender. Traceroute then sends a packet with a TTL value of 2, which the first router decrements and routes. But the second router decrements it to zero, and sends an ICMP error message back. Ultimately, the TTL gets high enough for the packet to reach the destination host, and traceroute is done, or some maximum value (usually 30) is reached and traceroute ends the trace.

Note that most traceroute programs send a UDP datagram to a randomly selected high UDP port. Microsoft’s tracert uses an ICMP echo request message instead, which may explain why some trace results do not match those of other users.

Pathping
Pathping is a Windows NT/2000/XP feature that combines the features of the ping and tracert commands with additional information-gathering features. The pathping command sends packets to each router on the way to a final destination over a period of time and then computes results based on the packets returned from each hop. Pathping displays the degree of packet loss at any given router or link.

Netstat
Netstat is used to report on the routing table of the system, TCP and UDP protocols, open connections and the remote systems ports. It gets this networking information by reading the routing tables in the memory, and then provides an ASCII format at the terminal.

The output of netstat – n and netstat – r on a Windows platform (netstat –r produces the same output as route print) is shown in Figure .

Other useful netstat commands include netstat -a, which displays all connections, and netstat -e, which displays Ethernet statistics.

Nslookup
The most useful tool for troubleshooting DNS problems is nslookup. It lets a user enter a host name and find out the corresponding IP address. It will also do reverse name lookup and find the host name for a specified IP address.

Nslookup sends a domain name query packet to a designated (or defaulted) DNS server. Depending on the system being used, the default may be the local DNS name server at the service provider, some intermediate name server, or the root server system for the entire domain name system hierarchy.