[TCP/IP] [debugging] list of DOS commands related to Windows common network

preface

When debugging TCP/IP functions, it is inevitable to deal with Windows system and do some network related operations. This paper combs the commonly used network related Dos commands in Windows environment.

By command

ipconfig

ip related configuration tools, similar to ifconfig command in Linux system;

ping

It may be the network command with the frequency of TOP3 under windows, which is almost a well-known command;

tracert command

A route tracking utility for determining the path taken by the IP packet access target;

netsh

arp

For arp related operations, there are similar commands under Linux;

route

For routing related configuration, there are similar commands under Linux;

nslookup

Domain name query is related, similar to the dig command of linux system;

net

The commonly used command is net use;

netstat

It is generally used to check the network connection of each port of the machine, and there are similar commands under Linux.

nbtstat

Command to view NETBIOS status;

set

Displays, sets, or deletes CMD Exe environment variable, similar to the setenv command of Linux.

By function

route

see

route print

Add route

route add 10.44.0.0 mask 255.255.0.0 10.46.40.129 -p
# 10.44.0.0 is the destination IP;
# 255.255.0.0 is the mask;
# 10.46.40.129 is the gateway;
# -p is permanent

Delete route

route delete 10.44.0.0

DNS related

View dns

ipconfig /displaydns

Clear dns cache

ipconfig /flushdns

Domain name query

nslookup                                   #Interactive Query 
nslookup Domain nslookup domain [dns-server] #If DNS server is not specified, the default server will be used for query; If you specify a DNS server, go to the specified server to query the domain name
nslookup -d Domain                            #Query more detailed domain name information
nslookup -qt=cname Domain                     #Specify parameters to query other records, such as CNAME

example:

C:\Users\qxhgd>nslookup www.baidu.com
 The server:  nj.net.zte
Address:  10.40.8.8

Non authoritative response:
name:    www.wshifen.com
Address:  103.235.46.39
Aliases:  www.baidu.com
          www.a.shifen.com
C:\Users\qxhgd>nslookup www.baidu.com 114.114.114.114
 The server:  public1.114dns.com
Address:  114.114.114.114

Non authoritative response:
name:    www.a.shifen.com
Addresses:  36.152.44.96
          36.152.44.95
Aliases:  www.baidu.com```

hosts file

C:\Windows\System32\drivers\etc\hosts
  • Hosts has a higher request level than DNS.
  • It is often used to shield specific domain names, accelerate domain name resolution (FQ), virtual domain name resolution and other scenarios.

ARP

View ARP entries

arp /a

Clear ARP entry

arp /d

Add static ARP entry

arp -s 157.55.85.212   00-aa-00-62-c6-09

Neighbor table

windows view neighbor cache, IPv4 and IPv6

netsh interface ipv6 show neighbors
netsh interface ipv4 show neighbors

Bind ARP

netsh interface ipv4 set neighbors 11 "192.168.0.1" "c8-d3-a3-02-97-56" store=persistent
netsh interface ipv4 set neighbors 11 "192.168.0.1" "c8-d3-a3-02-97-56" store=active

The operation of binding ARP is similar to that of adding ARP static entries before.

MTU

MTU view

netsh interface ipv4 show subinterfaces

MTU modification

netsh interface ipv4 set subinterface "WLAN 2" MTU=2000 store=persist

ping package

ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer-list] | [-k computer-list]] [-w timeout] destination-list

Example 1: constant ping

C:\Users\qxhgd>ping 192.168.1.1 -t

Is Ping 192.168.1.1 Data with 32 bytes:
From 192.168.1.1 Reply from: byte=32 time<1ms TTL=64

Example 2: ping the specified length

C:\Users\qxhgd>ping 192.168.1.1 -l 128

Is Ping 192.168.1.1 Data with 128 bytes:
From 192.168.1.1 Reply from: byte=128 time<1ms TTL=64

Network connection status

netstat -a                     #Display all socket s, commonly used netstat -an
netstat -n                     #Replace the name with the network IP address to display the network connection;
netstat -p                     #View by protocol, such as netstat -p tcp/ip
netstat -s                     #View the usage of all protocols in use
netstat -an                    #To view a list of all open ports:
netstat -ano                   #Production depends on the occupation of computer ports
netstat -ano | findstr "80"    #Check whether a specific port is occupied
tasklist | findstr "80"        #Check whether a port is occupied by that application

netstat has many options:

C:\Windows\system32>netstat ?
Display protocol statistics and current TCP/IP Network connection.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]

  -a            Displays all connection and listening ports.
  -b            Displays the information involved in creating each connection or listening port
                Executable program. In some cases, the executable bearer is known
                Multiple independent components, in these cases,
                Displays when a connection or listening port is created
                The sequence of components involved. In this case, the of the executable program
                Name at bottom [] In, the component it calls is at the top,
                Until reached TCP/IP. Note that this option
                It can be time-consuming and when you don't have enough
                Permission may fail.
  -e            Displays Ethernet statistics. This option can be used with -s option
                Combined use.
  -f            Displays the full qualification of the external address
                domain name(FQDN). 
  -n            Displays the address and port number in numeric form.
  -o            Displays the processes that are owned and associated with each connection ID. 
  -p proto      display proto Connection of the specified protocol; proto
                It can be any of the following: TCP,UDP,TCPv6 or UDPv6. If with -s
                Options are used together to display statistics for each protocol, proto It can be any of the following:
                IP,IPv6,ICMP,ICMPv6,TCP,TCPv6,UDP or UDPv6. 
  -q            Displays the of all connections, listening ports, and bindings
                Non listening TCP Port. Bound non listening port
                 Not necessarily associated with activities.
  -r            Displays the routing table.
  -s            Displays statistics for each protocol. By default,
                display IP,IPv6,ICMP,ICMPv6,TCP,TCPv6,UDP and UDPv6 Statistics for;
                -p Option allows you to specify the default subnet.
  -t            Displays the current connection uninstall status.
  -x            display NetworkDirect Connections, listeners, and shares
                Endpoint.
  -y            Show all connected TCP Connect the template.
                Cannot be used with other options.
  interval      Redisplay the selected statistics and pause between displays
                Interval seconds. Press CTRL+C Stop redisplay
                Statistics. If omitted, then netstat The current will be printed
                Configure information once.

Example:

C:\Users\qxhgd>netstat
 Active connection
  Protocol local address          External address        state
  TCP    10.40.164.55:2009      10.40.164.9:9053       ESTABLISHED
  TCP    10.40.164.55:2026      10.40.164.9:9053       ESTABLISHED
  TCP    10.40.164.55:2174      10.41.134.23:8237      ESTABLISHED

Netbios connection status

nbtstat -A ip If one of the ports 136 to 139 of the other party is open, you can view the user name of the other party who has logged in recently

Network sharing

net use \\ip /user:user 
net use \\ip password /user:user 
net use \\ip /del

The following example may be used when different user names access samba of the same IP:

net use \\10.40.40.11 /user:Administrator 
net use \\10.40.40.11 "password" /user:"Administrator" 
net use \\10.40.40.11 "password" /del

Similar to the net use command, there is also a net user command. Don't confuse it.

Network card configuration

Fixed IP and DNS settings:

set netname="Ethernet"  //adapter name
set ip=192.168.90.66 //Native IP address
set subnetmask=255.255.255.0 //Subnet mask
set gateway=192.168.90.1 //gateway
set dns1=8.8.8.8 //Default DNS
set dns2=8.8.4.4 //Alternate DNS

netsh interface ip set address name=%netname% source=static addr=%ip% mask=%subnetmask% gateway=%gateway% gwmetric=1 //Metric of default gateway
netsh interface ip set dns name=%netname% source=static addr=%dns1% primary //major
netsh interface ip add dns name=%netname% addr=%dns2% index=2 //Specify the DNS server address for

Automatic acquisition (IP and DNS)

set netname="Ethernet"  //adapter name
netsh interface ip set address name=%netname% source=dhcp
netsh interface ip set dns name=%netname% source=dhcp

Generally, it is used when batch processing is used to dynamically operate the network card in the automatic test environment.

Grab bag

Start capturing bags

netsh trace start [OTHER OPTIONS]
netsh trace start capture=YES report=YES persistent=YES #Basic ways to enable continuous tracking and generate reports

Stop capturing packets

netsh trace stop #The way to stop tracking is as follows:

Note: the message caught by netsh can only be opened through specific software (windows message analyzer).

Summary

  • When debugging TCP/IP related functions, the above commands are often used, and different commands are selected for different scenarios.
  • For example, in a scenario, the debugging PC has two network cards, which are connected to the internal and external networks at the same time. Now you need to use network card 1 for internal IP and network card 2 for external IP. At this time, static routing will come in handy.

If this article is of some help to you, welcome to reward:
Alipay links

Tags: Windows TCPIP Network Communications dos

Posted by logicsound on Sat, 16 Apr 2022 06:30:56 +0300