Summary of common Windows Network command skills

I don't forget that Windows has evolved from a simple dos character interface. Although we usually operate on the GUI when using the Windows operating system, the DOS command is still very useful.

Let me look at the functions of these commands and learn how to use them.

I. Tips for using ping commands

Ping is an extremely frequent and practical application.ProgramTo determine whether the local host can exchange (send and receive) data packets with another host. Based on the returned information, we can infer whether the TCP/IP parameter is set correctly and whether the operation is normal. Note that successfully performing one or two exchanges with another host does not indicate that the TCP/IP configuration is correct, we must exchange data between a large number of local hosts and remote hosts to ensure the correctness of TCP/IP.

To put it simply, Ping is a test program. If Ping runs correctly, we can basically eliminate faults in the network access layer, Nic, modem input/output lines, cables, and routers, this reduces the scope of the problem. However, Ping can also be used as a DDoS (Denial of Service Attack) tool by someone with ulterior motives to customize the size and endless high-speed transmission of the datagram, for example, many large websites are paralyzed by hackers who use hundreds of computers that can access the Internet at high speed to send a large number of ping data packets.

According to the default settings, the ping command on Windows sends four ICMP (inter-network control packet protocol) Send back requests, each 32 bytes of data, if everything is normal, we should be able to receive four replies. Ping can display the time between sending a return request and returning a return response in milliseconds. If the response time is short, the datagram does not have to pass through too many routers or network connections. Ping can also display the TTL value. We can use the TTL value to estimate how many routers the data packet has passed: the start value of the TTL at the source location (that is, a 2th percentile value that is slightly greater than the returned TTL)-the TTL value returned. For example, if the returned TTL value is 119, the initial TTL value of the outbound data packet from the source address is 128, and the source point to the target location must pass 9 vro network segments (128-119 ); if the returned TTL value is 246, the start value of TTL is 256, and the source and target locations must pass through nine vro network segments.

1. Typical order of network faults detected by Ping

Under normal circumstances, when we use the ping command to find the problem or check the network running status, we need to use many ping commands. If all of them are running correctly, we can believe that the basic connectivity and configuration parameters are correct. If some ping commands fail, it can also specify where to locate the problem. The following describes a typical detection sequence and possible faults:

Ping 127.0.0.1
The Ping Command is sent to the IP address software of the local computer, which never exits. If this is not done, it indicates that the installation or running of TCP/IP has some basic problems.

Ping local IP Address
This command is sent to the IP address configured by our computer. Our computer should always respond to this ping command. If it does not exist, it indicates that there is a problem with the local configuration or installation. When this problem occurs, the LAN user must disconnect the network cable and then resend the command. If this command is correct after the network cable is disconnected, it indicates that the same IP address may be configured on the other computer.

Ping other IP addresses in the LAN
This command should leave our computer, go through the nic and network cable to other computers, and then return. If you receive a response, the NIC and carrier in the local network are running correctly. However, if you receive 0 replies, it indicates the subnet mask (when the subnet is split, the Network part of the IP address is separated from the host part ).Code) Incorrect, Nic configuration error, or cable system error.

Ping the gateway IP Address
If the command is correct, it indicates that the Gateway Router in the LAN is running and can respond.

Ping remote IP
If you receive four responses, the default gateway is successfully used. A dial-up Internet user can successfully access the internet (but it is not ruled out that the ISP's DNS may be faulty ).

Ping localhost
Localhost is a reserved network name for the system. It is an alias of 127.0.0.1. Every computer that is too computer can convert the name to this address. If this is not done, the host file (/Windows/host) is faulty.

Ping www.xxx.com (for example, www.yesky.com)
Ping www.xxx.com for this domain name. If the DNS server fails, the IP address of the DNS server is incorrectly configured or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set DNS servers ). By the way, we can also use this command to convert domain names to IP addresses.

If all the ping commands listed above can run properly, we can basically rest assured that the local and remote communication functions of our computers can be implemented. However, the success of these commands does not mean that all our network configurations are normal. For example, some subnet mask errors may not be detected using these methods.

2. Ping Command Parameters

Ping IP-T
Run the ping command on the IP address until the IP address is interrupted by Ctrl + C.

Ping IP-l 3000
The Data Length in the ping command is 3000 bytes instead of the default 32 bytes.

Ping IP-n
Run the ping command for a specified number of times.

Ii. netstat command usage skills

Netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols. It is generally used to check the network connection of each port on the local machine.

If the data packets received by our computer sometimes lead to data deletion or failure errors, we do not need to be surprised that TCP/IP can allow these types of errors and automatically resend the data packets. However, if the cumulative number of errors accounts for a considerable percentage of the received IP data packets, or the number of errors increases rapidly, then we should use netstat to check the cause.

1. Some common netstat options

Netstat-S

This option displays statistical data for each protocol. If our applications (such as Web browsers) run slowly or cannot display data such as web pages, we can use this option to view the displayed information. We need to carefully check the rows of statistics, find the keyword of the error, and then determine the problem.

Netstat-e

This option is used to display statistics about Ethernet. It lists items including the total number of bytes, number of errors, number of delimiters, number of datagram, and number of broadcasts. These statistics include both the number of sent and received data packets. This option can be used to calculate some basic network traffic ).

Netstat-R

This option displays information about the route table, similar to the information shown later when you use the route print command. In addition to valid routes, valid connections are also displayed.

Netstat-

This option displays a list of all valid connection information, including the established connections (established) and those that listen to the listening requests.

Netstat-n

All established valid connections are displayed.

The following is an output example of netstat:

C: \> netstat-e

Interface statistics
Received sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211

C: \> netstat-

Active connections
PROTO local address foreign address State
TCP corp1: 1572 172.16.48.10: nbsession established
TCP corp1: 1589 172.16.48.10: nbsession established
UDP corp1: 1025 *:*
UDP corp1: SNMP *:*
UDP corp1: nbname *:*

C: \> netstat-S

IP statistics
Packets received = 5378528
Inclued header errors = 738854
Received address errors = 23150
Required rams forwarded = 0
Unknown protocols committed ED = 0
Inclued packets discarded = 0
Received packets delivered = 4616524
Output requests = 132702
Routing discards = 157

2. The use of netstat

People who frequently access the Internet usually use ICQ. I wonder if we have been harassed by some annoying people. If we want to complain, we don't know how to get started? In fact, as long as we know the IP address of the other party, we can complain to its ISP. But how can I know the IP address of the other Party through ICQ? If the recipient chooses not to display the IP address when setting ICQ, we cannot see it in the Information bar. In fact, we only need to use netstat to easily achieve this: when he is connected to us through ICQ or other tools (for example, we send him an ICQ message or a message ), enter netstat-N or netstat-A at the DOS command prompt to view the IP address or ISP domain name used by the other party to access the Internet, and even the port used is completely exposed.

Iii. Tips for using the ipconfig command

The ipconfig utility and its equivalent graphic user interface-winipcfg in Windows 95/98 can be used to display the current TCP/IP configuration setting value. This information is generally used to check whether the manually configured TCP/IP settings are correct.
However, if our computer and the lan use the Dynamic Host Configuration Protocol (DHCP), the information displayed by this program may be more practical. In this case, ipconfig allows us to see if our computer has successfully rented an IP address. If so, we can see what address it has allocated. Understanding the current IP address, subnet mask, and default gateway of a computer is actually necessary for testing and fault analysis.

1. The most common ipconfig options

Ipconfig

When ipconfig is used without any Parameter options, it displays IP addresses, subnet masks, and default gateway values for each configured interface.

Ipconfig/all

When the all option is used, ipconfig can display the DNS and WINS servers with additional information (such as IP addresses) configured and used ), and displays the physical address (MAC) built in the local Nic ). If the IP address is rented from the DHCP server, ipconfig displays the IP address of the DHCP server and the expected expiration date of the lease address.

Ipconfig/release and ipconfig/Renew

These are two additional options that can only work on a computer that rents its IP address to the DHCP server. If we enter ipconfig/release, the lease IP addresses of all interfaces will be re-delivered to the DHCP server (return the IP address ). If we enter ipconfig/renew, the local computer will try to contact the DHCP server and lease an IP address. Note that in most cases, the NIC will be assigned the same IP address as previously assigned.

The following example shows the ipconfig/all command output. The computer is configured to use the DHCP server to dynamically Configure TCP/IP and use wins and DNS server to resolve the name.

Windows 2000 IP configuration

Node Type...: Hybrid

IP routing enabled...: No

Wins proxy enabled...: No

Ethernet Adapter local area connection:

Host Name ......: corp1.microsoft.com

DNS servers ......: 10.1.0.200

Description...: 3Com 3c90x Ethernet Adapter

Physical address...: 00-60-08-3e-46-07

DHCP enabled...: Yes

Autoconfiguration enabled.: Yes

IP address ......: 192.168.0.112

Subnet Mask ......: 255.255.255.0.0

Default Gateway...: 192.168.0.1

DHCP server...: 10.1.0.50

Primary WINS server...: 10.1.0.101

Secondary WINS server...: 10.1.0.102

Lease obtained ......: Wednesday, September 02,199 8 10:32:13 AM

Lease expires ......: Friday, September 18,199 8 10:32:13 AM

If we are using Windows 95/98, we should be more accustomed to using winipcfg instead of ipconfig, because it is a graphical user interface and the displayed information is the same as ipconfig, you can also publish and update Dynamic IP addresses.

Iv. ARP (Address Translation protocol) Skills

ARP is an important TCP/IP protocol used to determine the physical IP address of the NIC. The practical ARP command allows us to view the current content in the ARP cache of a local computer or another computer. In addition, you can manually enter static Nic physical/IP address pairs using ARP commands. We may use this method for common hosts such as the default gateway and local server, this helps reduce the amount of information on the network.

According to the default settings, items in the ARP high-speed cache are dynamic. ARP automatically adds a project whenever a datagram from a specified location is sent and the current project does not exist in the cache. Once the cached items are input, they begin to become invalid. For example, in a Windows NT/2000 network, if you do not enter a project for further use, the physical/IP address pair will expire within 2 to 10 minutes. Therefore, if there are few or no items in the ARP cache at all, do not be surprised. You can add them by using the ping command of another computer or router. Therefore, when you need to use the ARP command to view the content in the cache, you 'd better ping this computer first (not the Ping Command sent from the local machine ).

Common ARP Command Options:

ARP-A or ARP-G

View all items in the cache. The results of the-A and-G parameters are the same. For many years,-G has been the option used on UNIX platforms to display all items in the ARP cache, windows uses ARP-A (-A can be regarded as all, that is, all), but it can also accept more traditional-G options.

ARP-A IP

If we have multiple NICs, we can use the IP address of the ARP-A interface to display only the ARP cache items related to this interface.

Physical ARP-s IP Address

We can manually enter a static project into the ARP cache. The project remains valid during the computer boot process, or when an error occurs, the manually configured physical address automatically updates the project.

ARP-D IP

Use this command to manually delete a static project.

For example, at the command prompt, type ARP-A. If we use the ping command to test and verify the connectivity from this computer to the host whose IP address is 10.0.0.99, the ARP cache displays the following items:

Interface: 10.0.0.1 on interface 0x1

Internet address physical address type

10.0.0.99 00-e0-98-00-7c-dc dynamic

In this example, the cache item indicates that the remote host located in 10.0.0.99 is resolved to the Media Access Control Address of 00-e0-98-00-7c-dc, which is allocated in the NIC hardware of the remote computer. The Media Access Control Address is the address used by the computer to communicate with the remote TCP/IP host on the network.

Now we can use the ipconfig and ping commands to view our network configurations and determine if they are correct. We can use netstat to view the connections established between others and us and find out the IP addresses hidden by ICQ users, you can use ARP to view the MAC address of the NIC.

5. How to Use tracert, route, and NBTSTAT

1. tracert skills

If there is a network connectivity problem, you can use the tracert command to check the path of the destination IP address and record the result. The tracert command displays a group of IP Routers used to transmit data packets from the computer to the target location, and the time required for each hop. If the data packet cannot be transmitted to the target, the tracert command displays the last vro that successfully forwarded the data packet. When a datagram is transmitted from our computer through multiple gateways to the destination, the tracert command can be used to track the route (PATH) used by the datagram ). The path tracked by this utility is a path from the source computer to the destination. It cannot be guaranteed or considered that the datagram always follows this path. If our configuration uses DNS, we often get the name of the city, address, and common communication company from the response. Tracert is a slow command (If the destination address is too long), we need to give it about 15 seconds for each vro.

Tracert is easy to use. You only need to follow tracert with an IP address or URL. tracert will convert the domain name accordingly.

Tracert:

Tracert IP Address [-D] This command returns the list of routers that have arrived at the IP address. By using the-D option, the vro path is displayed faster, because tracert does not try to parse the name of the vro in the path.

Tracert is generally used to detect the location of a fault. We can use tracert IP to locate the fault. Although we still haven't determined what the problem is, it has already told us where the problem is located, we can also confidently tell someone else that something went wrong.

2. Route usage skills

Most hosts usually reside in the CIDR block that is connected to only one vro. Because there is only one vro, no vro is used to publish the data to a remote computer. the IP address of the vro can be input as the default gateway of all computers in the CIDR block.

However, when two or more vrouters exist on the network, we do not necessarily want to rely on the default gateway. In fact, we may want to transfer some of our remote IP addresses through a specific vro, while other remote IP addresses are transmitted through another vro.

In this case, we need the corresponding routing information, which is stored in the routing table. Each host and each router has its own unique route table. Most routers use dedicated routing protocols to exchange and dynamically update route tables between routers. However, in some cases, you must manually add the project to the router and Host Routing tables. Route is used to display, manually add, and modify route table items.

General options:

Route print

This command is used to display the current project in the route table and the output on the network segment of a single router. Because the network adapter is configured with an IP address, all these items are automatically added.

Route add

Use this command to add a mail route entry to the route table. For example, if you want to set a route to the destination network of 209.98.32.33, the route must go through five vro CIDR blocks. First, you must go through a vro on the local network with the IP address 202.96.123.5, if the subnet mask is too many then we should enter the following command:

Route add 209.98.32.33 mask merge limit 202.96.123.5 Metric 5

Route change

We can use this command to modify the data transmission route. However, we cannot use this command to change the data destination. In the following example, you can change the data route to another vro, which uses a straight path containing three CIDR blocks:

Route add 209.98.32.33 mask merge limit 202.96.123.250 metric 3

Route Delete

Use this command to delete a route entry from the route table. Example: Route Delete 209.98.32.33

3. NBTSTAT usage skills

Use the nbtstat command to release and refresh the NetBIOS name. The NBTSTAT (NetBIOS statistics on TCP/IP) utility is used to provide statistics about NetBIOS. With NETBIOS, we can view the NetBIOS name table on a local computer or remote computer.

Common options:

NBTSTAT-n

The local name and service program are displayed.

NBTSTAT-C

This command is used to display the content cached by NetBIOS name. The NetBIOS name cache is used to store the NetBIOS Name and IP address pairs of other computers that recently communicate with this computer.

NBTSTAT-R

This command is used to clear and reload the NetBIOS name cache.

NBTSTAT-A IP

The physical address and name list of the other computer are displayed through the IP address. The displayed content is the same as that of the other computer running nbtstat-n.

NBTSTAT-s IP

Displays the NetBIOS connection table of another computer that uses its IP address.

for example, at the command prompt, type: NBTSTAT-rr release and refresh progress to be displayed in the form of command line output. This information indicates whether all the local NetBIOS names currently registered in the wins of the computer have been released and renewed using the WINS server.