1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Network Commands in CMD

Discussion in 'Ethical hacking' started by prbindia, Oct 29, 2010.

  1. prbindia

    prbindia New Member

    Sometimes people think of these programs as MS-DOS commands, but they have nothing to do with the Disk Operating System! They are simply Command-Line (or Window's Console) programs which were included with the Windows 95/98 OSs. They are all full 32-bit programs which means they cannot be exectued until after Windows (a 32-bit operating system) is up and running. These programs are found in your WINDOWS directory.


    The Network programs discussed over here are:


    NETSTAT.exe (TCP/IP Net Connections)
    PING.exe
    TRACERT.exe (Trace Route)
    NBSTAT.exe
    ROUTE.exe
    ARP.exe

    NETSTAT.exe TCP/IP Network Statistics
    Displays protocol statistics and current TCP/IP network connections.

    NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

    -a Displays all connections and listening ports.

    -e Displays Ethernet statistics. This may be combined with the
    -s option.

    -n Displays addresses and port numbers in numerical form.

    -p proto Shows connections for the protocol specified by proto; proto
    may be TCP or UDP. If used with the -s option to display
    per-protocol statistics, proto may be TCP, UDP, or IP.

    -r Displays the routing table.

    -s Displays per-protocol statistics. By default, statistics
    are shown for TCP, UDP and IP; the -p option may be used
    to specify a subset of the default.

    interval Redisplays selected statistics, pausing interval seconds
    between each display. Press CTRL+C to stop redisplaying
    statistics. If omitted, netstat will print the current
    configuration information once.

    First, I would recommend that you always use the '-a' parameter so you can see UDP 'listening ports' as well (often used by trojans), and not just the active TCP connections; then switch between using the '-a' and no parameters at all, to see the differences. When you're offline, you normally shouldn't see any connection data! If you do see an OPEN PORT NUMBER 'listening' for a connection (using the '-a' parameter), it may be that your computer has been infected with a trojan! Click this link for a few more ideas on how you can check to see if your computer is Trojan Free?

    If you're running a server, such as the free XITAMI server, you might see something like this ("My_Comp" is the name of my computer):
    C:\WINDOWS>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP My_Comp:ftp localhost:0 LISTENING
    TCP My_Comp:80 localhost:0 LISTENING
    Or with the "-an" parameters:
    C:\WINDOWS>netstat -an

    By simply opening a browser connection to both the HTTP (port 80) and FTP (port 21) servers (while still offline!), I saw the following:
    C:\WINDOWS>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP My_Comp:ftp localhost:0 LISTENING
    TCP My_Comp:80 localhost:0 LISTENING
    TCP My_Comp:1104 localhost:0 LISTENING
    TCP My_Comp:ftp localhost:1104 ESTABLISHED
    TCP My_Comp:1102 localhost:0 LISTENING
    TCP My_Comp:1103 localhost:0 LISTENING
    TCP My_Comp:80 localhost:1111 TIME_WAIT
    TCP My_Comp:1104 localhost:ftp ESTABLISHED
    TCP My_Comp:1107 localhost:0 LISTENING

    PING.exe

    Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
    [-r count] [-s count] [[-j host-list] | [-k host-list]]
    [-w timeout] destination-list

    Options:
    -t Ping the specifed host until interrupted.
    -a Resolve addresses to hostnames.
    -n count Number of echo requests to send.
    -l size Send buffer size.
    -f Set "Don't Fragment" flag in packet.
    -i TTL Time To Live.
    -v TOS Type Of Service.
    -r count Record route for count hops.
    -s count Timestamp for count hops.
    -j host-list Loose source route along host-list.
    -k host-list Strict source route along host-list.
    -w timeout Timeout in milliseconds to wait for each reply.
    There's one special IP number everyone should know about:

    127.0.0.1 - localhost (or loopback).
    This is used to connect ( through a browser, for example) to a Web server on your own computer. (127 being reserved for this purpose.) You can use this IP number at all times. It doesn't matter if you're connected to the Internet or not.

    It's also called the loopback address because you can ping it and get returns even when you're offline (not connected to any network). If you don't get any valid replies, then there's a problem with the computer's Network settings. Here's a typical response to the 'ping' command:(Attachment)
     

    Attached Files:

  2. prbindia

    prbindia New Member

    TRACERT.exe Trace Route

    Usage:
    tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

    Options:
    -d Do not resolve addresses to hostnames.
    -h maximum_hops Maximum number of hops to search for target.
    -j host-list Loose source route along host-list.
    -w timeout Wait timeout milliseconds for each reply.

    Here's an example which traces the route from some ISP in Los Angeles to the main server at UCLA in California ( note how two computers relatively close to each other may be routed way round about! ):
    C:\WINDOWS>tracert [website]

    Tracing route to [website] [169.232.33.129]
    over a maximum of 30 hops:

    1 141 ms 132 ms 140 ms wla-ca-pm6.icg.net [165.236.29.85]
    2 134 ms 131 ms 139 ms whv-ca-gw1.icg.net [165.236.29.65]
    3 157 ms 132 ms 143 ms f3-1-0.lai-ca-gw1.icg.net [165.236.24.89]
    4 194 ms 193 ms 188 ms a0-0-0-1.dai-tx-gw1.icg.net [163.179.235.61]
    5 300 ms 211 ms 214 ms a1-1-0-1.ati-ga-gw1.icg.net [163.179.235.186]
    6 236 ms 237 ms 247 ms a5-0-0-1.was-dc-gw1.icg.net [163.179.235.129]
    7 258 ms 236 ms 244 ms 163.179.243.205
    8 231 ms 233 ms 230 ms wdc-brdr-03.inet.qwest.net [205.171.4.153]
    9 240 ms 230 ms 236 ms wdc-core-03.inet.qwest.net [205.171.24.69]
    10 262 ms 264 ms 263 ms hou-core-01.inet.qwest.net [205.171.5.187]
    11 281 ms 263 ms 259 ms hou-core-03.inet.qwest.net [205.171.23.9]
    12 272 ms 229 ms 222 ms lax-core-02.inet.qwest.net [205.171.5.163]
    13 230 ms 217 ms 230 ms lax-edge-07.inet.qwest.net [205.171.19.58]
    14 228 ms 219 ms 220 ms 63-145-160-42.cust.qwest.net [63.145.160.42]
    15 218 ms 222 ms 218 ms ISI-7507--ISI.POS.calren2.net [198.32.248.21]
    16 232 ms 222 ms 214 ms UCLA--ISI.POS.calren2.net [198.32.248.30]
    17 234 ms 226 ms 226 ms cbn5-gsr.calren2.ucla.edu [169.232.1.18]
    18 245 ms 227 ms 235 ms [website] [169.232.33.129]

    Trace complete.
     
  3. prbindia

    prbindia New Member

    ROUTE.exe

    Manipulates network routing tables.

    ROUTE [-f] [command [destination] [MASK netmask] [gateway]]



    -f Clears the routing tables of all gateway entries. If this is
    used in conjunction with one of the commands, the tables are
    cleared prior to running the command.

    command Specifies one of four commands

    PRINT Prints a route
    ADD Adds a route
    DELETE Deletes a route
    CHANGE Modifies an existing route

    destination Specifies the host to send command.

    MASK If the MASK keyword is present, the next parameter is
    interpreted as the netmask parameter.

    netmask If provided, specifies a sub-net mask value to be associated
    with this route entry. If not specified, if defaults to
    255.255.255.255.

    gateway Specifies gateway.

    All symbolic names used for destination or gateway are looked up in the
    network and host name database files NETWORKS and HOSTS, respectively.
    If the command is print or delete, wildcards may be used for the
    destination and gateway, or the gateway argument may be omitted.
     
  4. prbindia

    prbindia New Member

    ARP.exe Address Resolution Protocol

    ARP -s inet_addr eth_addr [if_addr]
    ARP -d inet_addr [if_addr]
    ARP -a [inet_addr] [-N if_addr]

    -a Displays current ARP entries by interrogating the current
    protocol data. If inet_addr is specified, the IP and Physical
    addresses for only the specified computer are displayed. If
    more than one network interface uses ARP, entries for each ARP
    table are displayed.
    -g (Same as -a)

    inet_addr Specifies an internet address.

    -N if_addr Displays the ARP entries for the network interface
    specified by if_addr.

    -d Deletes the host specified by inet_addr.

    -s Adds the host and associates the Internet address inet_addr
    with the Physical address eth_addr. The Physical address is
    given as 6 hexadecimal bytes separated by hyphens. The entry
    is permanent.

    eth_addr Specifies a physical address.

    if_addr If present, this specifies the Internet address of the
    interface whose address translation table should be
    modified. If not present, the first applicable interface
    will be used.
     
  5. prbindia

    prbindia New Member

    ARP.exe Address Resolution Protocol

    ARP -s inet_addr eth_addr [if_addr]
    ARP -d inet_addr [if_addr]
    ARP -a [inet_addr] [-N if_addr]

    -a Displays current ARP entries by interrogating the current
    protocol data. If inet_addr is specified, the IP and Physical
    addresses for only the specified computer are displayed. If
    more than one network interface uses ARP, entries for each ARP
    table are displayed.
    -g (Same as -a)

    inet_addr Specifies an internet address.

    -N if_addr Displays the ARP entries for the network interface
    specified by if_addr.

    -d Deletes the host specified by inet_addr.

    -s Adds the host and associates the Internet address inet_addr
    with the Physical address eth_addr. The Physical address is
    given as 6 hexadecimal bytes separated by hyphens. The entry
    is permanent.

    eth_addr Specifies a physical address.

    if_addr If present, this specifies the Internet address of the
    interface whose address translation table should be
    modified. If not present, the first applicable interface
    will be used.


    Guys this is my first post to this forum so please let me know if there is any mistake i will be careful by next time!!
     

Share This Page