Test Commands
There are few test commands available that can be used for various purposes. Following is a list of such commands:
-
ping Helps to determine the connectivity between devices on your network.
-
traceroute Provides a method of determining the route by which packets reach their destination from one device to another.
-
telnet Helps to find out if a TCP-based application is running and listening on a specific port.
-
nslookup Helps to determine if name resolution for a domain name or IP address is working correctly.
ping Command
To check host reachability and network connectivity, use the ping command, which can be invoked from any network device that has a TCP/IP stack. For IP, the ping command sends Internet Control Message Protocol (ICMP) Echo messages. ICMP is the Internet protocol that reports errors and provides information relevant to IP packet addressing. If a station receives an ICMP Echo message, it sends an ICMP Echo Reply message back to the source.
The extended command mode of the ping command permits you to specify the supported IP header options. Different Cisco security devices implement the ping command in different ways. For example, in a router, extended ping allows the router to perform a more extensive range of test options. To enter ping extended command mode, enter yes at the extended commands prompt of the ping command on the router.
There are various other usages for the ping command than just connectivity testing. For example, extended ping on the router can be used to initiate a LAN-to-LAN IPsec tunnel by generating interesting traffic. This helps in verifying if the tunnel configuration is correct, and if the tunnel is working as expected on the routers. If the tunnel is working with extended ping, then this indicates that the problem may be somewhere else in the network. You can use count, MTU, and DF bit option to find out the packet loss and fragmentation issues. More specific usage of the ping command is discussed in the chapter that is specific to each product.
traceroute Command
The traceroute (in a Windows platform, it is tracert) command discovers the routes that a packet follows when traveling to its destination. The traceroute command permits the supported IP header options to be specified, allowing the router to perform a more extensive range of test options.
The traceroute command works by using the error message generated by routers when a datagram exceeds its time-to-live (TTL) value. First, a probe datagram is sent with a TTL value of 1. This causes the first router to discard the probe datagram and send back "time exceeded" error messages. The traceroute command then sends several probes and displays the round-trip time for each. After every third probe, the TTL is increased by 1.
Each outgoing packet can result in one of two error messages. A "time exceeded" error message indicates that an intermediate router has seen and discarded the probe. A "port unreachable" error message indicates that the destination node has received the probe and discarded it because it could not deliver the packet to an application. If the timer goes off before a response comes in, traceroute prints an asterisk (*).
The traceroute command terminates when the destination responds, when the maximum TTL is exceeded, or when the user interrupts the trace with the escape sequence. Note that for traceroute to function correctly, you must ensure that you are allowing all the ICMP types traceroute command uses ("Time Exceeded" for example); otherwise, traceroute will not work. If that happens, you are limited to using only the ping command if only Echo and Echo Reply are allowed. For details on different ICMP types, go to the following link:
http://www.cisco.com/warp/public/110/31.html#messtype
Just as with ping, you can use the traceroute command for connectivity testing. But the real use of the traceroute command is to find out which device in the network is dropping the packets if there is a connectivity issue. Also, if you have a routing loop in the network or an asymmetric routing setup in the network, you can discover this by performing the trace a few times and comparing the hops the packet is taking each time.