Page 1/3 of network security configuration method under CMD

There are many built-in command line tools for networks, such as ping, tracert, ipconfig, telnet, ftp, tftp, netstat, and unfamiliar nbtstat, pathping, nslookup, finger, route, netsh ......
These commands can be divided into three types: network detection (such as ping), network connection (such as telnet), and network configuration (such as netsh ). The previous two are relatively simple. This article only describes two network configuration tools.

Netsh
To use netsh in a remote shell, you must first solve the problem of an interactive mode. As mentioned above, many shells cannot redirect output again, so they cannot use ftp or other command line tools interactively in this environment. Generally, interactive tools allow scripts (or response files ). For example, ftp-s: filename. The same is true for netsh: netsh-f filename.

The netsh command has many functions, including IAS, DHCP, RAS, WINS, NAT server, TCP/IP protocol, IPX protocol, and routing. We are not administrators. we generally do not need to know so much about it. We only need to use netsh to understand the network configuration information of the target host.

1. TCP/IP configuration

Echo interface ip> s
Echo show config> s
Netsh-f s
Del s

Therefore, you can know whether the host has multiple NICs and IP addresses, whether it is dynamically assigned IP addresses (DHCP), and what is the Intranet IP address (if any ).
This command is similar to ipconfig/all.

Note: The following command requires the target host to start the remoteaccess service. If it is disabled, first import the Registry to unban it, and then
Net start remoteaccess

2. ARP

Echo interface ip> s
Echo show ipnet> s
Netsh-f s
Del s

This is a bit more information than the arp-a command.

3. TCP/UDP connection

Echo interface ip> s
Echo show tcpconn> s
Echo show udpconn> s
Netsh-f s
Del s

This group of commands is the same as netstat-.

4. Nic Information
If the netsh command has other commands that can be replaced, what else is necessary? The replacement cannot be found below.

Echo interface ip> s
Echo show interface> s
Netsh-f s
Del s

Other functions of netsh, such as modifying the IP address, are generally not necessary (in case the IP address cannot be connected after the IP address is changed, it is "the day should not be called the ground"), so all of them are skipped.

IPSec
The first thing to note is that IPSec and TCP/IP filtering are different. Do not confuse them. The TCP/IP filtering function is very limited, far less flexible and powerful than IPSec. The following describes how to control IPSec under the command line.