1. The most basic, most commonly used, test PING of a physical network
Ping 192.168.0.8-t, parameter-T is waiting for the user to interrupt the test
2. View DNS, IP, Mac, etc.
A.win98:winipcfg
b.win2000 above: Ipconfig/all
C.nslookup: See DNS in Hebei
C:>nslookup
Default Server:ns.hesjptt.net.cn
address:202.99.160.68
>server 202.99.41.2 changed DNS to 41.2
> pop.pcpop.com
Server:ns.hesjptt.net.cn
address:202.99.160.68
Non-authoritative Answer:
Name:pop.pcpop.com
address:202.99.160.212
3. Network Messenger (often asked ~)
Net Send computer name/IP * (broadcast) Transfer content, note cannot cross the network segment
net stop Messenger stop Messenger service can also be in panel-service modification
net start Messenger Messenger Service
4. Detect the other party's computer name, the group, domain and current user name (how the hunt works)
Ping-a ip-t, only NetBIOS name displayed
Nbtstat-a 192.168.10.146 is more than the whole
5.netstat-a shows all the ports that your computer is currently opening
Netstat-s-E More detailed display of your network data, including TCP, UDP, ICMP and IP statistics, etc.
6. Detect ARP Bindings (dynamic and Static) list, show all connected to my computer, display the other IP and MAC address
Arp-a
7. On the proxy server side
Bundled IP and MAC addresses to address local area network misappropriation ip!:
Arp-s 192.168.10.59 00-50-ff-6c-08-75
Unbind the IP of the NIC from the MAC address:
ARP-D Network card IP
8. Hide your computer from a network neighbor (let others see you!)
NET config Server/hidden:yes
NET config Server/hidden:no is the open
9. Several net commands
A. Displays the current workgroup server List net view, which displays a list on the current domain or computer on the network when this command is used without options.
For example: To view the shared resources on this IP, you can
C:>net View 192.168.10.8
Shared Resources in 192.168.10.8
Resource Share name Type purpose note
--------------------------------------
Website Service Disk
Command completed successfully.
B. View the list of user accounts on the computer net user
C. Viewing network links net use
For example, net use Z:192.168.10.8movie maps this IP's movie shared directory to a local Z-disk
D. Record link net session
For example:
C:>net session
Computer User name Customer type open idle time
-------------------------------------------------------------------------------
192.168.10.110 ROME Windows 2000 2195 0 00:03:12
192.168.10.51 ROME Windows 2000 2195 0 00:00:39
Command completed successfully.
10. Route tracking Commands
A.tracert pop.pcpop.com
B.pathping pop.pcpop.com, in addition to displaying routes, also provides 325S analysis to calculate the% of lost packets
11. Several commands for sharing security
A. View your machine's shared resources net share
B. Manually delete the share (you can make a bat file, start from run, the sharing is deleted!)
NET share C $/D
NET share d$/d
NET share ipc$/d
NET share admin$/d
Note that there are spaces after $.
C. Add a share:
C:net Share Mymovie=e:downloadsmovie/users:1
Mymovie shared success.
Limit the number of linked users to 1 people at the same time.
12. Set the static IP under DOS line
A. Setting up A static IP
Cmd
Netsh
Netsh>int
Interface>ip
Interface ip>set Add "local link" static IP address mask Gateway
B. View IP Settings
Interface Ip>show Address
Arp
Displays and modifies items in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more tables that are used to store IP addresses and their parsed Ethernet or token ring physical addresses. Each Ethernet or Token Ring network adapter that is installed on the computer has its own separate table. If used without parameters, the ARP command displays the help information.
Grammar
ARP [-A [INETADDR] [-N IfaceAddr]] [-G [InetAddr] [-N IfaceAddr]] [-D InetAddr [IfaceAddr]] [-S inetaddr etheraddr [ifacea DDR]]
Parameters
-A [inetaddr] [-N ifaceaddr]
Displays the current ARP cache table for all interfaces. To display the ARP cache entry for the specified IP address, use the arp-a with the InetAddr parameter, where the INETADDR represents the specified IP address. To display the ARP cache table for the specified interface, use the-n ifaceaddr parameter, where ifaceaddr represents the IP address assigned to the specified interface. The-n parameter is case-sensitive.
-G [InetAddr] [-N ifaceaddr]
Same as-a.
-D InetAddr [IfaceAddr]
Deletes the specified IP address entry, where the INETADDR represents the IP address. For the specified interface, to remove an item from the table, use the IFACEADDR
parameter, where the IFACEADDR represents the IP address assigned to the interface. To delete all items, use the asterisk (*) wildcard character instead of InetAddr.
-S InetAddr etheraddr [IfaceAddr]
Add static entries to the ARP cache that resolve IP address inetaddr to physical address etheraddr. To add a static ARP cache entry to a table of the specified interface, use the IFACEADDR parameter, where ifaceaddr represents the IP address assigned to the interface.
/?
Displays help at the command prompt.
Comments
The IP addresses of InetAddr and ifaceaddr are represented by decimal notation with dots.
The physical address etheraddr consists of six bytes, which are represented by hexadecimal notation and are separated by hyphens (for example, 00-aa-00-4f-2a-9c).
Items added through the-s parameter are static items that do not time out in the ARP cache. If the TCP/IP protocol is terminated and then started, the entries are deleted. To create a permanent static ARP cache entry, use the appropriate ARP command in the batch file and run the batch file at startup with the Scheduler program.
This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component of a network adapter property in a network connection.
Example
To display the ARP cache table for all interfaces, type:
Arp-a
For an interface with an assigned IP address of 10.0.0.99, to display its ARP cache table, you can type:
ARP-A-N 10.0.0.99
To add a static ARP cache entry that resolves IP address 10.0.0.80 to Physical address 00-aa-00-4f-2a-9c, you can type:
Arp-s 10.0.0.80 00-aa-00-4f-2a-9c
At
Plans to run commands and programs on the computer at a specified time and date. The AT command can only be used when the schedule service is running. If used without parameters, at lists the scheduled commands.
Grammar
at [ComputerName] [{[ID] [/delete]/delete [/yes]}]
at [[ComputerName] hours:minutes [/interactive] [{/every:date[,...]/next:date[,...]}] Command
Parameters
ComputerName
Specifies the remote computer. If this argument is omitted, the at schedule commands and programs on the local computer.
Id
Specifies the identification code assigned to the scheduled command.
/delete
Cancels the scheduled command. If the ID is omitted, all scheduled commands on the computer are canceled.
/yes
When you delete a scheduled event, answer Yes to all queries from the system.
Hours:minutes
Specifies the time at which the command runs. The time is expressed in 24-hour format (that is, from 00:00 [midnight] to 23:59) hours: minutes.
/interactive
Allows the command to interact with the user's desktop for the user who is logged on when the command is run.
/every:
The command command is run on the specified day of each week or month (for example, every Thursday, or the third day of the month).
Date
Specifies the date on which the command is run. You can specify a day or days of the week (that is, type M, T, W, Th, F, S, Su) or a day or days in one months (that is, type a number from 1 to 31). Separate multiple date items with commas. If date is omitted, the at uses the current day of the month.
/next:
Run command on the next specified date (for example, next Thursday).
Command
Specifies the Windows command, program (. exe or. com file) or batch program (. bat or. cmd file) to run. When the command requires a path as a parameter, use the absolute path, which is the entire path starting with the drive letter. If the command is on a remote computer, specify the Universal naming convention (UNC) symbol for the server and share name instead of the remote drive letter.
/?
Displays help at the command prompt.
Comments
Schtasks is a more powerful superset command-line scheduling tool that contains all the features in the AT command-line tool. For all command-line scheduled tasks, you can use schtasks instead of at. For more information about schtasks, see Related Topics.
Use at
When you use the AT command, you must be a member of the local Administrators group.
Load Cmd.exe
At does not automatically load Cmd.exe (command interpreter) until the command is run. If the executable file (. exe) is not running, the Cmd.exe must be specifically loaded at the beginning of the command using the method shown below:
cmd/c dir > C:test.out.
To view scheduled commands
When you use at with no command-line options, the scheduled task appears in a table that resembles the following format:
Status ID Day Time Command Line
OK 1 Each F leads net send group status due
OK 2 each M chkstor > Check.file
OK 3 each F 11:59 PM backup2.bat
Include identification number (ID)
When the order is raised
Netstat
Displays active TCP connections, the ports that the computer listens on, Ethernet statistics, IP routing tables, IPV4 statistics (for IP, ICMP, TCP, and UDP protocols), and IPV6 statistics (for IPV6, ICMPv6, TCP via IPV6, and IPV6 UDP protocol). When used without parameters, Netstat displays the active TCP connection.
Grammar
netstat [-a] [-e] [-n] [-O] [-P Protocol] [-R] [-S] [Interval]
Parameters
-A
Displays all active TCP connections and the TCP and UDP ports that the computer listens on.
-E
Displays Ethernet statistics, such as the number of bytes sent and received, and the number of packets. This parameter can be used in conjunction with-S.
-N
Displays the active TCP connection, however, the address and port number are only represented numerically, but no attempt is made to determine the name.
-O
Displays the active TCP connection and includes the process ID (PID) for each connection. You can find a PID-based application on the Processes tab in Windows Task Manager. This parameter can be used in combination with-a,-N, and-P.
-P Protocol
Displays the connection for the protocol specified by the Protocol. In this case, the Protocol can be TCP, UDP, Tcpv6, or Udpv6. If this parameter is used with-s to display statistics by protocol, the Protocol can be TCP, UDP, ICMP, IP, Tcpv6, Udpv6, ICMPv6, or IPv6.
-S
Displays statistics by protocol. By default, statistics are displayed for TCP, UDP, ICMP, and IP protocols. If you install the IPV6 protocol for Windows XP, statistics are displayed about the UDP, ICMPV6, and IPV6 protocols on IPV6 on TCP, IPv6. You can use the-p parameter to specify the protocol set.
-R
Displays the contents of the IP routing table. This parameter is equivalent to the route print command.
Interval
Displays the selected information again every Interval seconds. Press CTRL + C to stop displaying the statistics again. If this argument is omitted, Netstat will print only one time for the selected information.
/?
Displays help at the command prompt.
Comments
The parameters used with the command must be prefixed with a hyphen (-) instead of a short slash (/).
Netstat provides the following statistical information:
Proto
The name of the protocol (TCP or UDP).
Local Address
The IP address of the local computer and the port number being used. If you do not specify the-n parameter, the local computer name corresponding to the IP address and port name is displayed. If the port is not already established, the port is displayed as an asterisk (*).
Foreign Address
The IP address and port number of the remote computer that is connecting to the slot. If you do not specify the-n parameter, the name corresponding to the IP address and port is displayed. If the port is not already established, the port is displayed as an asterisk (*).
(state)
Indicates the status of the TCP connection. The possible statuses are as follows:
Close_wait
CLOSED
Established
Fin_wait_1
Fin_wait_2
Last_ack
LISTEN
Syn_received
Syn_send
Timed_wait
For information about the status of TCP connections, see RFC 793.
This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component of a network adapter property in a network connection.
Example
To display the statistics for the Ethernet statistics and all protocols, type the following command:
NETSTAT-E-S
To display only statistics for TCP and UDP protocols, type the following command:
Netstat-s-P TCP UDP
To display the active TCP connection and process ID every 5 seconds, type the following command:
Nbtstat-o 5
To display the active TCP connection and process ID numerically, type the following command:
Nbtstat-n? Co
Runas
Allows the user to run the specified tools and programs with other permissions, rather than the permissions provided by the user's current login.
Grammar
runas [{/profile/noprofile}] [/env] [/netonly] [/smartcard] [/showtrustlevels] [/trustlevel]/user:useraccountname Program
Parameters
/profile
Loads the user's configuration file. /profile is the default value.
/no Profile
/NOPROFILE specifies that the user's configuration file is not loaded. This allows the application to load faster, but it can also cause errors in some applications.
/env
Specifies the network environment that is currently being used, not the user's on-premises environment.
/netonly
Indicates that the specified user information is only used for remote access.
/smartcard
/smartcard Indicates whether the credentials are provided by a smart card.
/showtrustlevels
Lists the/trustlevel switch items.
/trustlevel
Specifies the authorization level at which the application runs. Use/showtrustlevels to view the available trust levels.
/user:useraccountname
Specifies the name of the user account under which the program is run. The format of the user account should be user@domain or domainuser.
Program
Specifies the program or command to run with the account specified in/user.
/?
Displays help at the command prompt.
Comments
An administrator can perform routine, non-administrative tasks with a restricted account, and only use a more privileged account when performing specific administrative tasks. Either log off and log back in to complete the task, you can sign in with a generic account, and then use the runas command to run a tool that requires greater permissions.
For examples of use of the RunAs command, see Related Topics.
Although RunAs is typically used by the Administrator account, it is not limited to Administrator accounts. Any user with multiple accounts can use alternate credentials to run a program, an MMC console, or a control Panel item using RunAs.
If you want to use the Administrator account on your computer, for/user:, type one of the following parameters:
/user:administratoraccountname@computername
/user:computernameadministratoraccountname
If you want to use this command as a domain administrator, type one of the following parameters:
/user:administratoraccountname@domainname
/useromainnameadministratoraccountname
The runas command allows you to run programs (*.exe), saved MMC consoles (*.msc), shortcuts to programs and saved MMC consoles, and Control Panel items. When you log on to the computer as a member of another group, such as the users or the Power Users group, you can run as an administrator.
You can use the RunAs command to start any program, MMC Controller, or Control Panel item. As long as the appropriate user account and password information is provided, the user account has the ability to log on to the computer, and the program, MMC console, control Panel items are available in the system and for that user's account.
The runas command allows you to manage servers for other domains (the computer that is running the tool and the server that you want to administer is in a different domain).
If you try to start a program, MMC console, or Control Panel item from a network location by using RunAs, it may fail because the credentials used to connect to the network share are different from the credentials used to start the program. The latter's credentials may not be able to access the same network share.
Some items, such as the Printers folder and desktop items, are opened indirectly by Windows 2000 and cannot be started with the runas command.
If the runas command fails, it is possible that the RunAs service is not running or the user account used is not valid. To check the status of the RunAs service, in Computer Management, click Services and Applications, and then click Services. To test a user account, try to log in to the appropriate domain using that account.
Example
To start the Windows 2000 command prompt instance as an administrator on the local computer, type:
Runas/user:localmachinenameadministrator cmd
When prompted, type the administrator password.
To start the Computer Management snap-in instance using a domain administrator account named Companydomaindomainadmin, type:
Runas/user:companydomaindomainadmin "mmc%windir%system32compmgmt.msc"
When prompted, type the account password.
To start the Notepad instance using the domain administrator account in the domain named domain.microsoft.com, type:
Runas/user:user@domain.microsoft.com "Notepad my_file.txt"
When prompted, type the account password.
To start a command prompt Lines window, a saved MMC console, a Control Panel item, or an instance of a program that manages another location server, type:
Runas/netonly/user:domainusername "Command"
Domainusername must be a user with sufficient rights to administer the server. When prompted, type the account password.
Route
Displays and modifies entries in the local IP routing table. Use a route without parameters to display help.
Grammar
Route [-F] [-P] [Command [Destination] [Mask Netmask] [Gateway] [metric metric]] [if Interface]]
Parameters
-F
Clears all routes that are not primary (the netmask is 255.255.255.255), loopback network route (destination 127.0.0.0, netmask is 255.255.255.0), or multicast routing (destination 224.0.0.0, netmask is 240.0.0.0 The route table for the entry. If it is used in conjunction with one of the commands (for example, add, change, or delete), the table is cleared before the command is run.
-P
When used in conjunction with the Add command, specifies that the route is added to the registry and initializes the IP routing table when the TCP/IP protocol is started. By default, the added route is not saved when the TCP/IP protocol is started. When used with the Print command, a list of persistent routes is displayed. This parameter is ignored by all other commands. The location where the permanent route is stored in the registry is hkey_local_machinesystemcurrentcontrolsetservicestcpipparameterspersistentroutes.
Command
Specifies the command to run. The following table lists the valid commands. Command purpose
Add route
Change existing routes
Delete Remove route
Print route
Destination
Specifies the network destination address of the route. The destination address can be an IP network address (where the host address bit of the network address is set to 0), the IP address for the host route, and 0.0.0.0 for the default route.
MASK Specifies the network mask value for the next parameter.
NETMASK Specifies the subnet mask value for this route entry.
If not specified, the default setting is 255.255.255.255.
Gateway to specify gateways.
interface specifies the interface number of the route.
METRIC Specifies the number of hops, such as the cost of the target.
All symbol names used for the target can be in the network database
Find in File NETWORKS. The symbol name used for the gateway can be in the host name
Locate the database file in the HOSTS.
If the command is PRINT or DELETE. The target or gateway can be a wildcard character,
(The wildcard character is specified as an asterisk "*"), otherwise the gateway parameter may be ignored.
If the Dest contains a * or?, it will be treated as Shell mode, and only
Print matches the destination route. "*" matches any string,
and "?" matches any one character. Examples: 157.*.1, 157.*, 127.*, *224*.
Pattern matching is only allowed in the PRINT command.
Diagnostic Information Note:
An invalid MASK produces an error, that is, when (DEST & MASK)! = DEST.
Example: > Route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
Route add failed: The specified mask parameter is invalid.
(Destination & Mask)! = Destination.
Example:
> Route PRINT
> Route PRINT-4
> Route PRINT-6
> Route PRINT 157* .... Only those items that match 157* are printed
> Route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
interface^
If not given if, it will try to find the best for a given gateway
Interface.
> Route ADD 3ffe::/32 3ffe::1
> Route change 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2
Change is used only to modify the gateway and/or metric.
> Route DELETE 157.0.0.0
> Route DELETE 3FFE::/32