Network-classic command line-a must for cyber security workers

Source: Internet
Author: User
Tags net send nslookup schtasks

1. The most basic and commonly used physical network testing

Ping 192.168.0.8-T. The-t parameter is used to wait for the user to interrupt the test.

2. View DNS, IP, Mac, etc.

A. Win98: winipcfg

B. Win2000 or above: ipconfig/all

C. NSLookup: for example, view the DNS in Hebei

C: \> NSLookup

Default Server: ns.hesjptt.net.cn

Address: 202.99.160.68

> Server 202.99.41.2: Change DNS to 41.2

> Pop.pcpop.com

Server: ns.hesjptt.net.cn

Address: 202.99.160.68

Non-Authoritative Answer:

Name: pop.pcpop.com

Address: 202.99.160.212

3. Network messenger

Net send computer name/IP * (broadcast) transfer content, note that cross-network segment is not allowed

Net stop messenger stops the messenger service, or you can modify the service on the panel.

Net start messenger starts the Messenger Service

4. Detect the peer computer name, group, domain, and current user name (Working Principle of tracing)

Ping-a ip-t to display only NetBIOS names

NBTSTAT-A 192.168.10.146

5. netstat-A shows all the ports currently open to your computer

Netstat-s-e displays your network information in detail, including statistics on TCP, UDP, ICMP, and IP addresses.

6. Check the ARP binding (Dynamic and Static) list. All the computers connected to me are displayed.

ARP-

7. On the proxy server side

Bind IP addresses and MAC addresses to prevent IP address theft in the LAN! :

ARP-s 192.168.10.59 00-50-ff-6c-08-75

Unbind the IP address of the NIC from the MAC address:

ARP-d nic ip Address

8. Hide your computer on the network neighbor

Net config server/hidden: Yes

Net config server/hidden: No is enabled

9. Several net commands

A. The net view of the current workgroup server list is displayed. When you use this command without the option, it displays the list of computers in the current domain or network.

For example, you can view the shared resources on this IP address.

C: \> net view 192.168.10.8

Share resources on 192.168.10.8

Resource Sharing name type usage comment

--------------------------------------

Website Service Disk

The command is successfully completed.

B. view the user account list on the computer. Net user

C. view the network connection. net use

For example, net use Z: \ 192.168.10.8 \ movie maps the movie shared directory of this IP address to a local Z disk.

D. Record the link to the net session

Example: C: \> net session

Computer User Name customer type open idle time

-------------------------------------------------------------------------------

\ 192.168.10.110 Rome Windows 2000 2195 0 00:03:12

\ 192.168.10.51 Rome Windows 2000 2195 0 00:00:39

The command is successfully completed.

10. Route Tracking command

A. tracert pop.pcpop.com

B. In addition to displaying routes, pathping pop.pcpop.com also provides S analysis to calculate the % of the dropped packets.

11. Several commands on shared security

A. view the shared resources of your machine. NET Share

B. manually delete the share (you can compile a BAT file, start the instance and run it, and delete all the shares !)

NET Share C $/d

NET Share d $/d

NET Share IPC $/d

NET Share ADMIN $/d

Note that there is a space after $.

C. Add a share:

C: \ net share mymovie = E: \ downloads \ movie/users: 1

Mymovie is shared successfully.

At the same time, the number of connected users is limited to 1.
12. Set static IP addresses in DOS lines

A. Set static IP addresses

CMD

Netsh

Netsh> int

Interface> ip

Interface ip> set Add "Local Link" static IP Address Mask Gateway

B. View IP settings

Interface ip> show address

ARP

Displays and modifies the items in the "Address Resolution Protocol (ARP)" cache. The ARP cache contains one or more tables, which are used to store IP addresses and Their resolved physical IP addresses over Ethernet or card rings. Each Ethernet or ring network adapter installed on the computer has its own independent table. If no parameters are available, the ARP command displays help information.

Syntax

ARP [-A [inetaddr] [-N ifaceaddr] [-G [inetaddr] [-N ifaceaddr] [-D inetaddr [ifaceaddr] [-s inetaddr etheraddr [ifaceaddr]

Parameters

-A [inetaddr] [-N ifaceaddr]

Displays the current ARP cache table for all interfaces. To display the ARP cache entry of the specified IP address, use ARP-A with the inetaddr parameter. inetaddr here represents the specified IP address. To display the ARP cache table for the specified interface, use the-n ifaceaddr parameter. ifaceaddr here represents the IP address assigned to the specified interface. The-N parameter is case sensitive.

-G [inetaddr] [-N ifaceaddr]

Same as-.

-D inetaddr [ifaceaddr]

Delete the specified IP address. inetaddr here represents the IP address. To delete an item in a table for the specified interface, use the ifaceaddr parameter. ifaceaddr here represents the IP address assigned to the interface. To delete all items, use the asterisk (*) wildcard to replace inetaddr.

-S inetaddr etheraddr [ifaceaddr]

Add a static entry that parses the IP address inetaddr into the physical address etheraddr to the ARP cache. To add a static ARP cache entry to the table of the specified interface, use the ifaceaddr parameter. ifaceaddr here represents the IP address assigned to the interface.

Display help at the command prompt.

Note

The IP addresses of inetaddr and ifaceaddr are represented in decimal notation with dots.

The physical address etheraddr consists of six bytes expressed in hexadecimal notation and separated by a hyphen (for example, 00-aa-00-4f-2 A-9C ).

The items added through the-S parameter are static items that do not time out in the ARP cache. If the TCP/IP protocol is terminated and then started, these items will be deleted. To create a permanent static ARP cache entry, use the appropriate ARP command in the batch file and useProgram"Run the batch processing file at startup.

This command is available only when the Internet Protocol (TCP/IP) is installed as a component of the network adapter attribute in a network connection.

Example

To display the ARP cache tables for all interfaces, type:

ARP-

For an interface with the assigned IP address 10.0.0.99, to display its ARP cache table, type:

ARP-a-n 10.0.0.99

To add a static ARP cache entry that resolves an IP address 10.0.0.80 to a physical address 00-aa-00-4f-2 A-9C, type:

ARP-s 10.0.0.80 000-aa-00-4f-2 A-9C

At

It is planned to run commands and programs on the computer at the specified time and date. The at command can only be used when the "scheduler" service is running. If you use it without parameters, at lists the scheduled commands.

Syntax

At [\ computername] [{[ID] [/delete]/Delete [/Yes]}]

At [[\ computername] hours: minutes [/interactive] [{/every: Date [,...]/next: Date [,...]}] command]

Parameters

\ Computername

Specify a remote computer. If this parameter is omitted, the at program plans commands and programs on the local computer.

ID

The identifier assigned to the scheduled command.

/Delete

Cancels scheduled commands. If the ID is omitted, all scheduled commands on the computer are canceled.

/Yes

When a scheduled event is deleted, all requests from the system are answered with "yes ".

Hours: minutes

Specifies the time when the command is run. The time is in the 24-hour format (from [Midnight].

/Interactive

For a user logging on when running a command, the command can interact with the user's desktop.

/Every:

Run the command on the specified day of each week or month (for example, every Thursday or the third day of each month.

Date

Specifies the date on which the command is run. You can specify a day or multiple days of a week (that is, type M, T, W, Th, F, S, su) or a day or multiple days of a month (that is, enter a number from 1 to 31 ). Multiple date items are separated by commas. If date is omitted, at uses the current day of the month.

/Next:

Run Command when the next specified date (for example, next Thursday) arrives.

Command

Specify the Windows Command Execution program (.exe or. com file) or batch processing program (. bat or. CMD file) to run ). When the Command needs a path as a parameter, use the absolute path, that is, the entire path starting from the drive letter. If the command is on a remote computer, specify the Universal Naming Convention (UNC) symbol for the server and shared name, instead of the remote drive letter.

/?

Display help at the command prompt.

Note

Schtasks is a more powerful superset command line planning tool that contains all the functions in the AT command line tool. Schtasks can be used to replace at for all command line scheduled tasks. For more information about schtasks, see related topics ".

Use

When using the AT command, you must be a member of the local Administrators Group.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.