TCP/IP First-Step [Electronic resources] نسخه متنی

Information, Please!

Your first step in taking responsibility for your own internetworking success: becoming adept at gathering all the information you really need. This is what separates the newbies from the veterans. The veterans won't be satisfied with just knowing how to use a network. They want to figure out a little more clearly what happened if they suddenly can't connect to their favorite network destinations. Before you can figure out what's going on, you need to gather any information pertinent to your connection and destination.

The two tools that you need to start this information gathering exercise are whois and ipconfig. They are different tools and not necessarily even part of TCP/IP, but they are the place to start.

Checking Your Configuration

If you are a Windows XP user, your operating system comes with what's known as a command prompt. The command prompt used to be the old DOS prompt, but let's face it: DOS is dead, so why keep its name alive?

Accessing your command prompt is relatively simple:

Click the Start button in the lower left of your screen.

Select All Programs, which brings up a menu of all programs installed on your computer.

From there, slide your pointer or mouse to select Accessories. That brings up another submenu of applications, one of which is the command prompt.

Figure 14-1 shows you this last step of the process. Alternatively, depending on your version of Windows, you can also click Start > Run, and type CMD. Either way will work.

Figure 14-1. Select Command Prompt from the Accessories Menu

Clicking the Command Prompt opens a new window on your desktop. Inside that window is a command-line interface (CLI). Although it seems quaint, if not just plain crude, in comparison to the graphical user interfaces (GUI) found in today's applications, the CLI used to rule the world. In fact, the command prompt is all that's left of the original PC operating systems.

Type ipconfig in this window and your computer's operating system gets all the information it has on how IP was configured on your computer.

Figure 14-2 shows you the results of running ipconfig on my personal laptop computer with the Windows XP operating system.

Figure 14-2. Using the Command Prompt to Run the ipconfig Command

[View full size image]

The ipconfig command gives you some fairly important pieces of information. The things you can learn using this command include

Your computer's IP address. My IP address, at the time of this snapshot, was 192.168.1.101.

The size of the subnet being used by the network to which you are connected. Using a 255.255.255.0 subnet mask gives the ability to create 254 devices in a home network, for instance.

The IP address of the network device that connects you to the outside world. Known as a default gateway, this device is typically a router that connects your network to either the Internet or another network. My default gateway's IP address is 192.168.1.1.

There is even more vital information presented in this concise little tool. It tells you whether your computer is actually connected to the network. If you refer back to Figure 14-2, you see that my laptop has two network connections defined: One is a traditional Ethernet interface and the other is a more modern wireless Ethernet interface. To show you both the normal state and the error condition, the home network was connected to using a wireless connection and the Fast Ethernet connection was left disconnected.

The result is that all the current IP configuration data shows up under the wireless network connection. The wire-based Ethernet local-area network (LAN) connection shows this error message: media disconnected. If you are ever unable to access a network destination, first run ipconfig to determine whether your computer is actually connected to the network! Nothing is more embarrassing than opening a trouble ticket only to find out that you failed to physically connect to the network.

After you ascertain that you really are connected to the network, the rest of the information is of use to your network administrator: You will have saved that person some effort and she will probably hold you in higher esteem for that.

Internet's Yellow Pages

Now that you know how to get your own computer's IP address information, your next challenge is to learn more about the organization that owns the IP address of the destination you might be trying to access via the Internet. This is useful in many ways. It is most useful in figuring out if an Internet domain is legitimate or suspicious. It's not unlike using a phone book to look up a contractor or other business whose services you are considering employing.

The Internet doesn't really have a phone book, but it does have an incredibly useful tool that lets you find organizations connected to it. This tool is the utility called whois. That's spelled correctly. Remember, this is a text-based tool that predated the ability to insert spaces in filenames.

whois is a command that lets you search the Internet's databases to find organizations, their contact information, what IP address block(s) they use, and which Internet domain names they use. Unfortunately, most people never even realize that this tool exists, much less what types of information are contained in Internet databases. Consequently, whois often is relegated to just the engineering community. That's a shame because whois is remarkably easy to use and can be invaluable.

To be perfectly honest, whois really isn't a TCP/IP utility as much as it is a standardized naming convention for accessing data about Internet user communities.

There are actually two main types of whois queries. Both use the same command name (whois) but search different databases and return different information. The two databases are maintained by different Internet organizations, although many other groups maintain whois databases. The main two are maintained by American Registry for Internet Numbers (ARIN) and the InterNIC.

InterNIC's whois

InterNIC is the Internet's Network Information Center. InterNIC tracks such useful data as the name of the company that registered any given Internet domain, the date it created that domain, whether it is an active domain, and when that domain name expires. This information can be useful in a wide variety of ways.

I personally use it to track down spammers, but you might find it equally useful in checking to see if that nifty domain name you thought up is actually available (or if someone else had that same brilliant thought before you did). It might be easier to just guess and enter your guesses repeatedly in your browser, but this takes some of the risk out of that venture.

Guessing URLs used to be a safe and convenient way to find a new website. As the Internet matured, darker forces appeared. Consequently, guessing URLs is no longer as safe as it used to be. Many pornographers intentionally register domain names that are an easy typographical error away from globally recognized names. Another trick is to register variations of popular names. In these days of spyware and rampant viruses, it doesn't make as much sense to just guess at URLs. Thus, the InterNIC whois query is more valuable than ever!

To run an InterNIC whois query, enter www.internic.org in your browser. Figure 14-3 shows you the InterNIC home page.

Figure 14-3. InterNIC's Home Page

[View full size image]

Clicking that whois link takes you to another screen, which gives you the opportunity to specify which domain name in which you are interested in finding out more information.

For the sake of this example, assume you want to know more about Cisco Systems' Cisco.com domain. This is illustrated in Figure 14-4.

Figure 14-4. InterNIC's whois Query Screen

[View full size image]

After entering the domain (Cisco.com in this example, as indicated in the preceding figure), click the Submit button.

This performs looks up that piece of data in the InterNIC database. The results of an InterNIC whois query on the Cisco.com domain are presented for you in Figure 14-5.

Figure 14-5. InterNIC's whois Query on Cisco.com

[View full size image]

As you can see in the preceding screenshot, Cisco.com is a valid Internet domain that dates all the way back to 1987. All by itself, that creation date should assure you that clicking Cisco.com will bring you to the website of a true Internet pioneer.

Recent creation dates should be a warning sign to you that the organization you just looked up is either a brand new entity or has just decided to do business under that Internet domain. Either way, it should ratchet up one's discomfort level with respect to any website associated with that domain.

Packet Internet Groper

Before you see the other whois function, it's time for a little detour. Here's another trusty tool for checking out destinations on an IP network. Its full name shows that someone had a twisted sense of humor, which is why it goes by its acronym (which also shows its creator had a twisted sense of humor!).Packet Internet Groper (ping) is an awkward name with a negative connotation. However, it is a remarkably accurate description of what the utility actually does. This utility is better known by its abbreviation, ping, which forms a marvelous double entendre. You see, ping lets you feel your way through a network to see if any given destination is actually reachable.

A Little History

Ping, if you ever watched any old World War II Navy films, is the sonar sound emitted by a submarine when it uses sound to detect other ships in the vicinity. Sound emitted under water keeps traveling until it hits something. Then it is reflected back to its source. That reflected sound lets the sender know what's in the vicinity even though it can't physically see anything.

ping in an IP network works much the same way a Navy boat's ping works. It lets you reach out and test connectivity to a device that you cannot see.

To use ping, you have to open up the trusty old command prompt window.

Type the word ping followed by a space and either the IP address or fully qualified domain name of the computer you are trying to reach.

Press Enter and watch the results.

To show you just how useful ping can be, get back to the example of www.cisco.com.

I showed you how to use InterNIC's whois to determine if Cisco.com was a valid domain and worth the risk of accessing. Figure 14-6 takes this to the next step by running ping in a command prompt window to test whether the host of the Cisco Systems website is accessible.

Figure 14-6. Pinging Cisco.com

Internet Control Message Protocol (ICMP) packets that get sent to the destination you specified in the command prompt. The command prompt window displays the results of these test packets in terms of whether the packet was successfully delivered and how long it took to get there. ping is also nice enough to tally up the minimum time, maximum time, and average delivery times for that series of tests. All this is evident in Figure 14-6.

ping is one of the more useful of the native TCP/IP utilities that you will find. One of its nicer features is that it works with either fully qualified domain names (FQDNs) such as www.cisco.com or with IP addresses. If you feed ping an FQDN, it goes out and finds the corresponding IP address for you.

Figure 14-6 showed you how ping translated the IP address of www.cisco.com into an IP address. Now that you know the IP address, you can take advantage of the other Internet yellow pages: the ARIN whois service.

ARIN's whois

ARIN, the American Registry for Internet Numbers, is the official Internet registry service for IP addresses, autonomous system numbers, and other special-purpose numbers that are either reserved or registered for use in North America. Their whois service is available via their Internet home page on www.arin.net. Please be sure to use the .net suffix instead of .com or .org. That would result in a URL that brings you to someone else's site.

ARIN's charter is limited to North America. For checking on Internet numbers registered in other parts of the world, you need to rely upon whois queries via ARIN's counterparts. These counterparts are

APNIC for Asia Pacific at www.apnic.net

LACNIC for Latin America and some Caribbean countries at www.lacnic.net

RIPE at www.ripe.net for Europe, the Middle East, Central Asia, and African nations north of the equator

All have the same mission and maintain the same data for Internet customers in their respective regions.

Figure 14-7 shows you the ARIN home page. As you can see, there's quite a bit of information about ARIN. So much information that it won't all fit in one screenshot. For right now, just focus on the whois query in that upper-right corner.

Figure 14-7. ARIN's Home Page

[View full size image]

That query box is where you can plug in the IP address that you were able to glean courtesy of ping. To refresh your memory, the Cisco Systems website's IP address is 198.133.219.25. Figure 14-8 shows you the results of an ARIN whois query on this IP address.

Figure 14-8. Results of ARIN's Query on 198.133.219.25

[View full size image]

The differences between an ARIN whois query and an InterNIC whois query are immediately obvious when you compare Figures 14-8 and 14-5. Both use the same name for the command to query Internet databases, but the data contained is quite different. They are two different tools for two different jobs. Together, they enable you to find out quite a bit about any organization that connects to and uses the Internet.