Use the netstat command to become a Win 7 Security Expert

In Windows 7, reasonable use of some basic commands often plays a significant role in protecting network security. The following commands play a very prominent role, next we will teach you how to use the "netstat" command correctly to turn it into a Windows 7 security expert.

Detect Network Connections

If you suspect that someone else has installed a Trojan on your computer or is infected with a virus, but you do not have a complete tool in your hand to check whether such a thing has actually happened, you can use the network commands that come with Windows to check who is connecting to your computer. The specific command format is: netstat-an. This command can be used to view all the IP addresses that are connected to the local computer. It contains four parts: proto and local address), foreign address (the address that establishes a connection with the local device), state (the current port status ). With the detailed information of this command, we can fully monitor the connection on the computer to control the computer.

Enter the following in the command prompt: netstat-a displays all the ports currently open to your computer. netstat-s-e displays your network information in detail, this includes statistics on TCP, UDP, ICMP, and IP addresses. Have you ever thought of a better understanding of Vista and Windows7 display protocol statistics and current TCP/IP network connections?

The netstat command is used as follows (Note: The command is arranged in the order of a-B )--

NETSTAT: displays protocol statistics and current TCP/IP network connections under Vista/Windows 7. You can directly run netstat without adding parameters,

NETSTAT [-a] [-B] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [- t] [interval]

-A displays all connection and listening ports.

-B shows the executable programs involved in creating each connection or listening port. In some cases, it is known that the executable program carries multiple independent components, in which case the display

The component sequence involved in creating a connection or listening port. In this case, the name of the executable program is located in [] at the bottom, and the component it calls is located at the top until it reaches TCP/IP. Note:

Items may be time-consuming and may fail if you do not have sufficient permissions.

-E displays Ethernet statistics. This option can be used with the-s option.

-F displays the Fully Qualified Domain Name (FQDN) of the external address ).

-N: the address and port number are displayed in numbers.

-O displays the IDs of processes associated with each connection.

-P proto indicates the connection of the Protocol specified by proto. proto can be any of the following: TCP, UDP, TCPv6, or UDPv6. If it is used together with the-s option to display each association

For Statistics, proto can be any of the following: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP or UDPv6.

-R shows the route table.

-S displays statistics for each protocol. By default, statistics of IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6 are displayed. The-p option can be used to specify

The specified subnet.

-T: The current connection uninstallation status is displayed.

Interval re-displays the selected statistics. The interval (in seconds) between display pauses. Press CTRL + C to stop resending statistics.

Disable unknown services

Many friends may find that the computer speed slows down after the system is restarted one day. This may be because someone else opens a special service to you after intruding into your computer, for example, IIS Information Service. You can use "net start" to check whether any service is enabled in the system. If you find that it is not a self-opened service, we can disable it in a targeted manner. You can directly enter "net start" to view the service, and then use "net stop server" to disable the service.

Easily Check Accounts

For a long time, malicious attackers like to use the clone account method to control your computer. The method they use is to activate a default account in the system, but this account is not commonly used, and then use tools to escalate this account to administrator permissions. On the surface, this account is still the same as the original one, however, this cloned account is the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. To avoid this situation, you can use a simple method to detect the account.

First, enter the net user in the command line to view some users on the computer, and then use "net user + user Name" to view the permissions of this user, generally, administrators are in the administrators group, but not administrators! If you find that a system-built user belongs to the administrators group, you are almost certainly intruded, and someone else cloned your account on your computer. Use "net user username/del" to delete this user!