When debugging TCP/IP functions, it is inevitable to deal with Windows system and do some network related operations. This paper combs the commonly used network related Dos commands in Windows environment.
ip related configuration tools, similar to ifconfig command in Linux system;
It may be the network command with the frequency of TOP3 under windows, which is almost a well-known command;
A route tracking utility for determining the path taken by the IP packet access target;
- Powerful network configuration tool;
- Reference link:
Network Shell (Netsh) Overview
For arp related operations, there are similar commands under Linux;
For routing related configuration, there are similar commands under Linux;
Domain name query is related, similar to the dig command of linux system;
The commonly used command is net use;
It is generally used to check the network connection of each port of the machine, and there are similar commands under Linux.
Command to view NETBIOS status;
Displays, sets, or deletes CMD Exe environment variable, similar to the setenv command of Linux.
route add 10.44.0.0 mask 255.255.0.0 10.46.40.129 -p # 10.44.0.0 is the destination IP; # 255.255.0.0 is the mask; # 10.46.40.129 is the gateway; # -p is permanent
route delete 10.44.0.0
Clear dns cache
Domain name query
nslookup #Interactive Query nslookup Domain nslookup domain [dns-server] #If DNS server is not specified, the default server will be used for query; If you specify a DNS server, go to the specified server to query the domain name nslookup -d Domain #Query more detailed domain name information nslookup -qt=cname Domain #Specify parameters to query other records, such as CNAME
C:\Users\qxhgd>nslookup www.baidu.com The server: nj.net.zte Address: 10.40.8.8 Non authoritative response: name: www.wshifen.com Address: 18.104.22.168 Aliases: www.baidu.com www.a.shifen.com
C:\Users\qxhgd>nslookup www.baidu.com 22.214.171.124 The server: public1.114dns.com Address: 126.96.36.199 Non authoritative response: name: www.a.shifen.com Addresses: 188.8.131.52 184.108.40.206 Aliases: www.baidu.com```
- Hosts has a higher request level than DNS.
- It is often used to shield specific domain names, accelerate domain name resolution (FQ), virtual domain name resolution and other scenarios.
View ARP entries
Clear ARP entry
Add static ARP entry
arp -s 220.127.116.11 00-aa-00-62-c6-09
windows view neighbor cache, IPv4 and IPv6
netsh interface ipv6 show neighbors netsh interface ipv4 show neighbors
netsh interface ipv4 set neighbors 11 "192.168.0.1" "c8-d3-a3-02-97-56" store=persistent netsh interface ipv4 set neighbors 11 "192.168.0.1" "c8-d3-a3-02-97-56" store=active
The operation of binding ARP is similar to that of adding ARP static entries before.
netsh interface ipv4 show subinterfaces
netsh interface ipv4 set subinterface "WLAN 2" MTU=2000 store=persist
ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer-list] | [-k computer-list]] [-w timeout] destination-list
Example 1: constant ping
C:\Users\qxhgd>ping 192.168.1.1 -t Is Ping 192.168.1.1 Data with 32 bytes: From 192.168.1.1 Reply from: byte=32 time<1ms TTL=64
Example 2: ping the specified length
C:\Users\qxhgd>ping 192.168.1.1 -l 128 Is Ping 192.168.1.1 Data with 128 bytes: From 192.168.1.1 Reply from: byte=128 time<1ms TTL=64
Network connection status
netstat -a #Display all socket s, commonly used netstat -an netstat -n #Replace the name with the network IP address to display the network connection; netstat -p #View by protocol, such as netstat -p tcp/ip netstat -s #View the usage of all protocols in use netstat -an #To view a list of all open ports: netstat -ano #Production depends on the occupation of computer ports netstat -ano | findstr "80" #Check whether a specific port is occupied tasklist | findstr "80" #Check whether a port is occupied by that application
netstat has many options:
C:\Windows\system32>netstat ? Display protocol statistics and current TCP/IP Network connection. NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval] -a Displays all connection and listening ports. -b Displays the information involved in creating each connection or listening port Executable program. In some cases, the executable bearer is known Multiple independent components, in these cases, Displays when a connection or listening port is created The sequence of components involved. In this case, the of the executable program Name at bottom  In, the component it calls is at the top, Until reached TCP/IP. Note that this option It can be time-consuming and when you don't have enough Permission may fail. -e Displays Ethernet statistics. This option can be used with -s option Combined use. -f Displays the full qualification of the external address domain name(FQDN). -n Displays the address and port number in numeric form. -o Displays the processes that are owned and associated with each connection ID. -p proto display proto Connection of the specified protocol; proto It can be any of the following: TCP,UDP,TCPv6 or UDPv6. If with -s Options are used together to display statistics for each protocol, proto It can be any of the following: IP,IPv6,ICMP,ICMPv6,TCP,TCPv6,UDP or UDPv6. -q Displays the of all connections, listening ports, and bindings Non listening TCP Port. Bound non listening port Not necessarily associated with activities. -r Displays the routing table. -s Displays statistics for each protocol. By default, display IP,IPv6,ICMP,ICMPv6,TCP,TCPv6,UDP and UDPv6 Statistics for; -p Option allows you to specify the default subnet. -t Displays the current connection uninstall status. -x display NetworkDirect Connections, listeners, and shares Endpoint. -y Show all connected TCP Connect the template. Cannot be used with other options. interval Redisplay the selected statistics and pause between displays Interval seconds. Press CTRL+C Stop redisplay Statistics. If omitted, then netstat The current will be printed Configure information once.
C:\Users\qxhgd>netstat Active connection Protocol local address External address state TCP 10.40.164.55:2009 10.40.164.9:9053 ESTABLISHED TCP 10.40.164.55:2026 10.40.164.9:9053 ESTABLISHED TCP 10.40.164.55:2174 10.41.134.23:8237 ESTABLISHED
Netbios connection status
nbtstat -A ip If one of the ports 136 to 139 of the other party is open, you can view the user name of the other party who has logged in recently
net use \\ip /user:user net use \\ip password /user:user net use \\ip /del
The following example may be used when different user names access samba of the same IP:
net use \\10.40.40.11 /user:Administrator net use \\10.40.40.11 "password" /user:"Administrator" net use \\10.40.40.11 "password" /del
Similar to the net use command, there is also a net user command. Don't confuse it.
Network card configuration
Fixed IP and DNS settings:
set netname="Ethernet" //adapter name set ip=192.168.90.66 //Native IP address set subnetmask=255.255.255.0 //Subnet mask set gateway=192.168.90.1 //gateway set dns1=18.104.22.168 //Default DNS set dns2=22.214.171.124 //Alternate DNS netsh interface ip set address name=%netname% source=static addr=%ip% mask=%subnetmask% gateway=%gateway% gwmetric=1 //Metric of default gateway netsh interface ip set dns name=%netname% source=static addr=%dns1% primary //major netsh interface ip add dns name=%netname% addr=%dns2% index=2 //Specify the DNS server address for
Automatic acquisition (IP and DNS)
set netname="Ethernet" //adapter name netsh interface ip set address name=%netname% source=dhcp netsh interface ip set dns name=%netname% source=dhcp
Generally, it is used when batch processing is used to dynamically operate the network card in the automatic test environment.
Start capturing bags
netsh trace start [OTHER OPTIONS] netsh trace start capture=YES report=YES persistent=YES #Basic ways to enable continuous tracking and generate reports
Stop capturing packets
netsh trace stop #The way to stop tracking is as follows:
Note: the message caught by netsh can only be opened through specific software (windows message analyzer).
- When debugging TCP/IP related functions, the above commands are often used, and different commands are selected for different scenarios.
- For example, in a scenario, the debugging PC has two network cards, which are connected to the internal and external networks at the same time. Now you need to use network card 1 for internal IP and network card 2 for external IP. At this time, static routing will come in handy.
If this article is of some help to you, welcome to reward: