Several network commands in Command Line Mode
Previous/Next article16:20:55
View (166) / Comment (0) / Rating ( 0 / 0 ) Several network commands in Command Line Mode
I. Ping Command
I. Ping Command
In the Windows Control Window (command interpreter for Windows 95/98/me and CMD interpreter for Windows NT/2000), run ping to view the command description, it is a command to detect the speed of information transfer between a local computer and a remote computer. This Command requires the support of TCP/IP protocol, ping will calculate the time required to send a piece of information from the local device to the remote device and then return it. The hacker uses this command to determine whether to attack the server, because the connection speed is too slow, it will waste time and excessive Internet access fees.
In addition, this command can also find the IP address of the other server through the domain name. We know that the domain name is only provided for Web browsing. When we see a good domain name address, we want to connect to it through Telnet, the IP address of the other party must be known, and the ping command must be used here.
The basic format of this command can be obtained by running Ping directly. Http://www.abc.com/ , You can enter Ping in the console Www.abc.com , The following information will be obtained after waiting:
Pinging Www.abc.com [204.202.136.32] with 32 bytes of data:
Reply from 204.202.136.32: bytes = 32 time = 302 Ms TTL = 240
Reply from 204.202.136.32: bytes = 32 time = 357 Ms TTL = 240
Reply from 204.202.136.32: bytes = 32 time = 288 Ms TTL = 240
Reply from 204.202.136.32: bytes = 32 time = 274 Ms TTL = 240
Ping statistics for 204.202.136.32:
Packets: Sent = 4, stored ED = 4, lost = 0 (0% loss ),
Approximate round trip times in Milli-seconds:
Minimum = 274 ms, maximum = 357 ms, average = 305 Ms
The information indicates: Http://www.abc.com The IP address is 204. 202... all time is 305 Ms.
In this way, we can understand the time used to connect to the server of the other party. In addition, this command also has some special usage, such as querying the server's NetBIOS name through the IP address, now taking 211.100.8.87 as an example, use Ping with "-a" and enter the command in the console
Ping-A 211.100.8.87,
The returned result is:
Pinging POPNET-FBZ9JDFV [211.100.8.87] with 32 bytes of data:
Reply from 211.100.8.87: bytes = 32 time = 96 Ms TTL = 120
Reply from 211.100.8.87: bytes = 32 time = 110 ms TTL = 120
Reply from 211.100.8.87: bytes = 32 time = 110 ms TTL = 120
Reply from 211.100.8.87: bytes = 32 time = 109 Ms TTL = 120
Ping statistics for 211.100.8.87:
Packets: Sent = 4, stored ED = 4, lost = 0 (0% loss ),
Approximate round trip times in Milli-seconds:
Minimum = 96 ms, maximum = 110 ms, average = 106 Ms
From this result we will know that the server's NetBIOS name is a POPNET-FBZ9JDFV. In addition, you can ping the target host to obtain the TTL value returned by the target host, and roughly determine whether the system type of the target host is Windows or UNIX or Linux, in general, the TTL value returned by Windows systems is between and, while that returned by Unix/Linux systems is between and. For example Http://www.abc.com The returned TTL is 240 ,?.. It may be windows.
In addition, Ping has many flexible applications. I will not introduce them too much here. For more information, see the help files related to this command.
Ii. Net command:
Net commands are a collection of many network commands. In Windows ME/NT/2000, many network functions start with net commands. You can see the detailed introduction of these commands through net help:
Net config display system network settings
Net diag runs Ms diagnostics Program Display diagnostic information of the Network
NET Help display help information
Net init does not load protocol or NIC Driver by binding
. Net logoff disconnected shared resources
Net Logon login in workgroup
. Net Password
Net print displays or controls print jobs and print queues
. Net start to start the service, or display the list of started services
Net stop
. NET Time: Synchronize the clock of a computer with the time of another computer or domain.
. Net use connection to the computer, disconnect the computer from the shared resources, or display the connection information of the computer.
Net ver displays the network connection types and information being used in the LAN
. Net view: displays the list of domains, computers, or shared resources of a specified computer.
These commands are rarely supported in Win95/98, and there are only a few common commands. In NT or 2000, Yuan is more than the above introduction. However, most of them do not need to be mastered by beginners, so I chose windowsme for introduction. Among them, net view and net use are the most commonly used, Learning Users can connect to a remote shared system on the network and obtain information. This remote sharing was originally designed for convenient operations, but many network administrators ignored its security, resulting in exposure of a lot of information that should not be shared. For learners, you can easily obtain the privacy information on your computer.
For example, enter net view [url = file: // 202.96.50.24/] File: // 202.96.50.24/[/url] on the console to obtain the system shared directory of the corresponding IP address, then find their shared files. Of course, this requires that the 202.96.50.24 system does have a shared directory. How can I find these shared systems? Article .
Iii. Telnet and FTP commands:
The two commands can remotely perform Telnet logon and FTP logon on the system. The two logon protocols belong to two different network services: FTP is a remote file sharing service, that is to say, the learner can upload and download his/her own data, but he/she does not have many rights to execute the uploaded files on a remote computer. Telnet is a remote login service, that is to say, you can log on to the remote system and get an interpreter permission. Having an interpreter means you have certain permissions, this permission may be a basic file operation, or the administrator permission of the system can be controlled.
Iv. netstat command:
This program helps us understand the overall usage of the network. It can display Activity Network connection details, such as the protocol type used, the IP addresses of the current host and the remote host (one or more), and the connection status between them. Use netstat? The Command Format and parameter description are displayed:
Netstat [-A] [-E] [-N] [-S] [-P proto] [-R] [interval] the parameters are described as follows:
-A: displays the port numbers of all hosts;
-E displays Ethernet statistics;
-N: the address and port are displayed in a digital table;
-P proto: displays the specific usage information of a specific protocol;
-R: displays the content of the local route table;
-S shows the status of each Protocol (including TCP, UDP, and IP );
Interval re-displays the selected status, the interval between each display (in seconds ).
The main purpose of the netstat command is to check the ports opened by the local system. In this way, you can understand the services opened by your system and preliminarily infer whether the system has Trojans, because the default ports opened by common network services are not easily occupied by Trojans, for example, port 21 for FTP (file transfer protocol) and telnet (Remote logon Protocol) the port is 23, the port used for SMTP (Mail Transfer Protocol) is 25, and the port used for DNS (Domain Name Service, that is, the conversion between domain name and IP) is 53; the port used for HTTP (Hypertext Transfer Protocol) is 80, the port used for POP3 (an email receiving Protocol) is 110, and the port opened for Windows is 139, if there are other unfamiliar ports in the system, they may be used by Trojans. You can use netstat or netstat-a to observe open ports. If the following port is found, it indicates that a trojan program already exists in the system:
Port 31337 is the default port of the BackOffice Trojan; port 1999 is the Yai Trojan; port 2140 or 3150 is the port used by the Deep Throat Trojan; trojan programs such as NetBus, glaciers, and sub7 can also customize ports. Therefore, you must be cautious when detecting unfamiliar ports by using firewalls or virus scanning software.
V. tracert command:
The function of this command is to determine the path of the data packet to the target host, display the list of relay nodes and the arrival time of the data packet. The tracert command format is as follows:
Tracert [-D] [-H maximum_hops] [-J host-list] [-W timeout] target_name
The-D parameter in the command line requires tracert not to parse the host name, and-h indicates the maximum number of rounds to search for the destination address. The-J function is to release the source route along the host list, -W is used to set the timeout interval.
Tracert can be used to determine whether a server is a domestic server or an international server (the physical unknown of the network server cannot be determined by the domain name). Based on the routing path, it can be used to determine whether the information is sent from its own system to the network, which IP addresses have been used to send traffic to the other server? This is like when the bus departs from the starting point to the terminal, there will be a lot of street signs in the middle, we know the transmission path of our information to better understand the network and attack the server.
Vi. winipcfg:
Both winipcfg and ipconfig are used to display the IP Protocol configuration information in the host. Only winipcfg applies to Windows 95/98, while ipconfig applies to Windows NT. If you run winipcfg directly without a parameter, it displays the specific information in the form of a Windows window. The information includes the physical address of the network adapter, the IP address of the host, the subnet mask, and the default gateway. Click "other information" to view the host information, for example: host Name, DNS server, and node type. The physical address of the network adapter is useful when detecting network errors.
The Command Format of ipconfig is as follows: ipconfig [/? |/All |/release [adapter] |/renew [adapter]
The parameters are described as follows:
Use the ipconfig command without parameters to obtain the following information: IP address, subnet mask, and default gateway. Ipconfig
/? The format and parameters of ipconfig are described in English;
/All: displays all configuration information;
/Release releases the IP address (only for DHCP) for the specified adapter (or all adapters );
/Renew updates the IP address (only for DHCP) for the specified adapter (or all adapters ).
/All, you can get more information: Host Name, DNS server, node type, physical address of the network adapter, IP address of the host, subnet mask, and default gateway.