Windows networking
and the Command line
Author:
JEREMY MARTIN
jeremy@dbaseprogrammers.com
http://www.visualdbaseprogrammer.com
Information
contained in this manual came from several different sources. Most of the
detailed parameters for each command came from the ever useful “/?”
command. It was written to help the
network admin more easily do their job.
This is in no way for the average user.
With this, an average user can severely damage the reliability of their
station and the network the station is on.
If used properly, these following command line tools can add power to
your arsenal of networking skills.
Windows networking in command line
ARP: Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP).
-a Displays
current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and
Physical addresses for only the specified computer are displayed. If more then one network interface uses ARP,
entries for each ARP table are displayed.
-g Same as –a.
inet_addr Specifies an internet address.
-N inet_addr Displays the ARP entries for the network interface specified by if_addr.
-d Deletes the host specified by inet_addr.
-s Adds
the host and associates the Internet address inet_addr with the Physical
address eth_addr. The Physical address is given as 6 hexadecimal
bytes separated by hyphens. The entry
is permanent
eth_addr Specifies the Physical address.
if_addr If present,
this specifies the Internet address of the interface whose address translation
table should be modified. If not
present, the first applicable interface will be used.
IPConfig : gives you the IP Addresses of all your network adapters. This is useful for network troubleshooting.
Example:
c:\>ipconfig /all /batch c:\>ip.txt (releases the IP Addresses of you
adapters and writes them to c:\>ip.txt)
/ALL - Display detailed information.
/Batch [file] - Write to file or /winipcfg.out
/renew_all - Renew all adapters
/release_all - Release all adapters
/renew N - Renew adapter N
/release N - Release adapter N
FTP: opens up an ftp client in windows. There are many settings for this command. There is also the ability to automate a file transfer through text files. This can only be used if the Server that you are trying to access has an FTP Server active.
Example: c:\>ftp -i -s:in.txt 10.10.1.3 (automates a multiple file transfer using the ftp commands in the "in.txt" file).
-v Suppresses display of remote server response.
-n Suppresses auto-login upon initial connection.
-i Turns off interactive prompting during multiple file transfers.
-d Enables debugging.
-g Displays filename globing (see GLOB command)
-s:filename Specifies a text file containing FTP commands; the commands will automatically run after FTP starts.
-a Use any local when binding data connection.
-A Login as anonymous.
-w:buffersize Overrides the default transfer buffer size of 4096
NBTSTAT: Displays protocol statistics and current TCP/IP connection using NBT (NetBOIS over TCP/IP).
NBTSTAT can provide VERY useful information. It will tell you a computer’s MAC Address, login name”<03>”, network name “<20>”, workgroup “<1E>”, INET SERVICES “<1C>”, IS~SERVER “<00>”, and if NetBIOS/MSBROWSE is enabled “<01>”. The Mac Address will tell you what NIC (Network Interface Card) is installed on the machine. A Mac Address is like a fingerprint for NICs. Sometimes, you can look up a Mac Address and find out what system they are running… Example, a proprietary NIC on a specific server… Unfortunately, this is a security issue that gives “HACKERS” two out of three pieces of the puzzle when trying to access your network without your knowledge. Username, and Domain. With those two down, it is only a matter of time before they can crack the password. There are programs out there that use brute force attacks that randomly pick letters until the right password is found. Once the password is found, the attacker can log right into your system…
Nbtstat [-a Remotename] [-A IP Address] [-c] [-n] [-r] [-R] [-s] [-S] [interval]
-a (adapter status) Lists the remote machine’s name table given its name.
-A (Adapter status) Lists the remote machine’s name table given its IP Addresses.
-c (cache) Lists the remote name cache including the IP Addresses.
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS.
-R (Reload) Purges and reloads the remote cache name table
-R releases
NetBIOS names registered with a WINS server and then renews their
registration..
-S (Sessions) Lists sessions table with the destination IP addresses.
-s (Sessions) Lists sessions table converting destination IP addresses to host names via the hosts file.
RemoteName: Remote host machine name.
IP Address: Dotted decimal representation of the IP address.
NET Config: Displays your current workgroup settings. (local machine)
NET DIAG: Runs the
Microsoft Network Diagnostics program to display diagnostic information about
your network
Example: c:\>net diag
/NAMES Specifies
a diagnostic server name in order to avoid conflicts when NET DIAG is used
simultaneously by multiple users. This
option works only when the network uses netbois protocol.
/STATUS Enables you to specify a customer about which you want network diagnostics information
NET HELP: Lists the DAMN HELP FILES!!! (AKA : RTFM!)
Example: c:\>net help help
Example:
c:\>net help 53
NET INIT: Loads protocol and network-adapter drivers without binding them to Protocol Manager
/DYNAMIC Loads the protocol Manager dynamically. This is useful with third-party networks
NET LOGOFF: Breaks the connection between your computer and the shared resources to which it is connected. (can't be run in MS-DOS window)
/YES Carries
out the NET LOGOFF command without first prompting you to provide information
or confirm the action
NET LOGON: Identifies you as a member of a workgroup. (can't be run in MS-DOS window)
Example:
c:\>NET LOGON user password |
? /DOMAIN:name /YES /SAVEPW:NO
User Specifies
the name that identifies you in your workgroup. The name you specify can contain up to 20 characters
Password The unique string
of characters that authorizes you to gain access to your password-list
file. The password can contain up to 14
characters
? Specifies
that you want to be promted for your password
/DOMAIN Specifies that you
want to log on to a Microsoft Windows or LAN Manager domain.
Name Specifies
the Windows NT or LAN Manager domain that you want to log on to.
/YES Carries
out the NET LOGON command without prompting you to provide information to
confirm your actions.
/SAVEPW:NO Carries out the NET LOGON
command without prompting you to create a password-list file
NET PASSWORD: Changes your logon password. (can't be run in MS-DOS window)
Example:
c:\>NET PASSWORD oldpassword
newpassword
Example:
c:\>NET PASSWORD \\computer |
/DOMAIN:name user oldpassword newpassword
Oldpassword Specifies your current password
Newpassword Specifies your new password. It can have up to 14 characters
Computer Specifies the Windows NT or LAN Manager server where you want to change the password
/DOMAIN Specifies the Windows NT or LAN Manager domain password for your account
name Specifies the Windows NT or LAN Manager domain that owns your account
user Specifies
your Windows NT or LAN Manager user name (account) Oldpassword
NET PRINT: tells you what is in the printer queues of a network computer
Example:
c:\>net print \\server or net
print \\10.10.1.3
Example: c:\>net print \\computer\printer | Port /YES
Example: c:\>net print \\computer | port job# /PAUSE \ /RESUME | /DELETE | /YES
Printer Specifies the name of the printer
Port Specifies the name of the parallel (LPT) port on the local system that is connected to the network printer
Job# Specifies the number assigned to a queues print job.
/Delete Cancels Print job
/Pause Pauses Print job
/Resume Restarts a Paused Print job
/YES Carries out the NET PRINT command without confirming actions
NET START: Starts services
BASIC Starts the basic redirector.
NWREDIR Starts the Microsoft Novell (R) compatible redirector
WORKSTATION Starts the default redirector
NETBIND Binds protocols and network-adapter drivers.
NWLINK Starts the IPX/SPX-compatible interface.
/LIST Displays a list of services that are running
/YES Skips prompting
/VERBOSE Display information about drivers and services
NET STOP: Stops services
BASIC Stops the basic redirector.
NWREDIR Stops the Microsoft Novell (R) compatible redirector
WORKSTATION Stops the default redirector
NWLINK Stops the IPX/SPX-compatible interface.
/YES Skips prompting
NET TIME: tells you what time it is on a network computer.
Example: c:\>net time \\server or net time \\10.10.1.3
/WORKGROUP:wgname Specifies a different workgroup
wgname workgroup
/SET Synchronizes
your clock with the one specified
/YES Skips prompting
NET USE: is used to use resources on networked computers. The main use of this command uses the NetBIOS function. This allows you to view a computer name on your network. Example: c:\>net use z: \\server\c (this will map the C: drive on the server to Z: drive on the local machine). Another thing I've found out is that this also goes for IP Addresses. Example: c:\>net use z: \\10.10.1.3\c (this will map the C: drive on IP Address 10.10.1.3 to Z: drive on the local machine). This is a very helpful network tool, but is also a major security hazard. Anyone connected to the same network can map your drive. This also includes the Internet. If you both have a "real" IP Address, "File and Printer Sharing" enabled and a drive (or printer) shared, someone can access your machine. Unfortunately, Microsoft never really tells you this. Remember that the Internet is just one big network. LAN (Local Area Networks) that connects one or more computers to the Internet through a modem line is the most vulnerable. When using "net use" by itself, you can see all the network resources that you have mapped (like the Z: drive in the example above). This is great for network printing to remote sights and trading files on a secure network.
Example: c:\>net use z: \\server\c test
Example: c:\>net use z: \\10.10.1.3\c test (maps server's c drive to z on local drive/password test)
drive Specifies the drive letter you assign to a shared directory.
* Specifies the next available drive letter.
port Specifies the parallel (LPT) port name you assign to a shared printer.
/SAVEPW:NO Specifies that the
password you type should not be saved in your password-list file. You need
to retype the password the next time you connect to this resource.
/YES Skips prompting
/DELETE Breaks the specified connection to a shared resource
/NO Skips prompting with the answer as NO
/HOME Makes a
connection to your home directory if one is specified in your LAN Manager or
Windows NT user account.
To list all your connections, type NET USE without options
NET VER: Displays the type and version
of the workgroup redirector you are using
NET VIEW: can view the shared resources of the networked computer. With this, you can see (even on the
Internet) what drives, and printers a computer has shared (both through naming
conventions and IP Addresses). This is
a BIG security issue, and how many of today’s viruses spread so easily.
Example:
c:\>net view \\server
Example: c:\>net view \\10.10.1.3.
/WORKGROUP:wgname Specifies a different workgroup
wgname workgroup
/YES Skips prompting
/NETWORK:NW Browses NetWare Networks
Compatibility issues between a Microsoft Windows Network, and a NetWare Network
SYSCON can be run on an NT station from a NetWare server by \\NWSERVERNAME\SYS\PUBLIC\SYSCON at the command prompt, but the program will not run without errors unless you map the drive. Without the drive mapped, SYSCON will not be able to find it’s supporting files. Most NetWare utilities can be run on an NT system using GSNW or CSNW.
NETSTAT: Displays protocol statistics and current TCP/IP network connections.
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the –s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows
connections for the protocol specified by proto: proto may be TCP or UDP. If used with the –s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays
per-protocol statistics. By default,
statistics are shown for TCP, UDP, and IP; the –p option may be used to specify
a subnet of the default.
PING: sends a packet of data to a remote IP Address and returns
that packet. This is essential for network troubleshooting. What this tells you
is if the connection is working, and the latency (speed) of the
connection. This is the most useful
network trouble-shooting tool available.
Ping is very easy to use, and is extremely easy to remember. If you are having connectivity issues on the
network, the first thing you should do is pint the address you are having
problems getting to. “PING address –t”
will also give you a throughput average to test how long each ping takes.
Example: c:\>ping 10.10.1.3 -t (pings a specific host until stopped)
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C
-a Resolve addresses to hostnames.
-n count Number of echo requests to send
-l size Send buffer size
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
ROUTE: Manipulates network routing tables
Route will allow your computer or server to access another subnet or netmask. Route Print will list the complete routing table. Netstat –r lists the same table, but also lists active connetions.
{route add destination mask netmask gateway}
Example: c:\>route add 192.168.0.0 mask 255.255.0.0 192.168.0.10
-f Clears
the routing tables of all gateway entries.
If this is used in conjunction with one of the commands, the tables are
cleared prior to running the commands.
Command. Must be one of four
Print Prints a route
Add Adds a route
Delete Deletes a route
Change Modifies an existing route
destination Specifies the
destination host.
MASK Specifies
that the next parameter is the ‘netmask’ value.
netmask Specifies a subnet mask value to be associated with this route entry. If not specified, it defaults to 255.255.255.255
gateway Specifies gateway (Your system)
METRIC Specifies that the next parameter ‘metric’ is the cost for the destination.
Telnet: Telnet is a command line interface for remote administration of IP servers. It starts a session on the remote server that is apart from what the server can see. A user on the server can not see what the telnet connection is doing unless they are administering the Telnet server. Some servers have the ability to log all activities while accessing it. Telnet is also a way to communicate with any open port on a computer. Telnet is a very powerful tool for multiple reasons. For Example: c:\>telnet 10.10.1.13 110 will connect to the POP3 mail server on 10.10.1.13. Once in the mail server, you can log in, and actually read your email (for the exception of attachments). If there is a web server, you can even telnet into a web server. Example: c:\>telnet 10.10.1.13 80. You more then likely will not see anything, but if you know the correct commands to pass to the web server (depending on what HTTP version they are using) you can see the code of html. IIS 4 had the security hole of allowing this type of connection to view the source of .ASP pages. Being allowed to view server side programming such as Active Server Pages would give you the locations to the hidden code, and high sensitive materials such as company databases. Most databases that .ASP pages use are Access or .mdb files. IIS 4 also had a sever bug that would crash if a certain command was passed in this fashion.
You can even send an email through telnet by connecting to port 25 on an email server. Once connected, the commands would go as follows:
HELO “negotiates the connection to the email server”
RCPT TO: recipient@ips.com “this is the email address that you want to send”
MAIL FROM: sender@isp.com “this is the email address that you have traced back”
DATA: “extra data such as subject, CC, BCC, priority, supposed message id…”
. “The single period end the email message and tells the server that the data is finished”
This is how people can spam so easily. Most of the data in an email can be altered.
[host[port]]
Example:
c:\>telnet 10.10.1.3 23
Host Specifies the hostname or the IP address of the remote computer you want to connect to
Port Specifies the port number or the service name
Tracert: sends a packet of data to a remote IP Address and reports all of the HOPs it has to travel to get to the destination. If you ping an IP Address, and the ping times out, tracert will track down how far you are able to get to the address. This is essential for network troubleshooting. If you are having issues accessing a particular network address (Internet, or wide area network with more then one HOP), this will tell you where the connection is broken. If used on the opposite side, this will verify the exact location of the Break. Besides PING, this is the most useful network utility when it comes to troubleshooting connectivity issues.
Example:
c:\>tracert 10.10.1.3
-d Do not resolve addresses to hostnames.
-h maximum hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply
WINDOWS NT COMMANDS
Same as above plus the following
AT: The
AT command schedules commands and programs to run on a computer at a specified
time and date. The Schedule services
must be running to use th AT command.
AT \\COMPUTERNAME
“ID” /DELETE | /DELETE /YES
AT \\COMPUTERNAME
TIME /INTERACTIVE /EVERY:DATE,…|
NEXT:DATE,… “COMMAND”
\\COMPUTERNAME Specifies a remote computer. Commands are scheduled on the local computer
if this parameter is omitted
ID Is
an identification number assigned to a scheduled command
/delete Cancels
a scheduled command. If id is omitted,
all the scheduled commands on the computer are canceled
/yes Used
with cancel all jobs command when no further confirmation is desired
time Specifies
the time when the command is to run
/interactive Allows
the job to interact with the desktop of the user who is logged on at the time
the job runs.
/every:date,… Runs
the specified command on each specified day(s) of the week or month. If date is omitted, the current day of the
month is assumed
/next:date,… Runs
the specified command on the next occuuence of the day. If date is omitted, the current day of the
month is assumed
“command” is
the Windows NT command, or batch program to be run
FINGER: Displays information about a user on a specified system running the Finger service. Output varies on each system
Example: c:\>FINGER bob@info.com
-l Displays information in long list format.
NET ACCOUNTS: Show or set account policy.
/FORCELOGOFF:{minutes | no}
/MINPWLEN : length
/MAXPWAGE : {days | UNLIMITED}
/MINPWAGE : DAYS
/UNIQUEPW : number
/DOMAIN
NET COMPUTER: Adds or deletes computers in a domain.
\\COMPUTERNAME
/ADD : /DEL
NET CONFIG SERVER: Displays or changes settings for the server service
/AUTODISCONNECT:time
/SRVCOMMENT:”TEXT”
/HIDDEN:{YES | NO}
NET CONTINUE: Reactivates service that has been net paused.
NET CONTINUE SERVICE
NET FILE:
Lists open files on server. Sometimes
there are cases that do to network issues, a file may be left open even though
there is no one currently accessing it.
This command forces the file closed.
NET FILE “ID” /CLOSE
NET GROUP:
Adds, displays or modifies global groups
GROUPNAME /COMMENT:”TEST” /DOMAIN
GROUPNAME {/ADD /COMMENT:”TEST” | /DELETE} /DOMAIN
GROUPNAME USERNAME “…” /ADD | /DELETE} /DOMAIN
NET HELPMSG: Enter with 4 digit error message code. This gives you info and suggestions for solutions.
NET HELPMSG MESSAGE#
NET LOCALGROUP: Displays, creates, or modifies local groups.
GROUPNAME /COMMENT:”TEST” /DOMAIN
GROUPNAME {/ADD /COMMENT:”TEST” | /DELETE} /DOMAIN
GROUPNAME USERNAME “…” /ADD | /DELETE} /DOMAIN
NET NAME:
adds or deletes a messaging name.
NET NAME “NAME” /ADD | /DELETE
NET PAUSE:
Suspends a NT service or resource.
NET PAUSE SERVICE
NET SEND: will send a message to another NT system, and will send messages to windows computers that have WINPOPUP running. Example: c:\>net send server hello! (This will send a message to server saying "hello!") Win2k can net send to IP Addresses also. This opens up an interesting networking possibility, live communications through windows messaging.. With Net send can be a useful internal and external network communication device.
NET SESSION: Lists all sessions between a server and other stations.
NET SESSION \\COMPUTERNAME /DELETE
NET SHARE:
Make resources available to network stations.
SHARENAME=DRIVE:PATH
/USERS:NUMBER | /UNLIMITED
/REMARK:”TEXT”
/CACHE:MANUAL
| AUTOMATIC | NO
SHARENAME /USERS:NUMBER |
UNLIMITED
/REMARK:”TEXT”
/CACHE:MANUAL
| AUTOMATIC | NO
SHARENAME | DEVICENAME |
DRIVE:PATH
NET STATISTICS: Lists statistics for server or workstation.
NET STATISTICS WORKSTATION |
SERVER
NET USER:
Creates, lists, and delete users.
USERNAME PASSWORD | * OPTIONS
/DOMAIN
USERNAME {PASSWORD | *} /ADD
OPTIONS /DOMAIN
USERNAME
/DELETE /DOMAIN
PATHPING: ( WINDOWS NT ONLY) The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.
Example: C:\>pathping -n 10.10.0.13
-t Pings the specified host until stopped.
To see statistics and continue – press Ctrl-Break;
To stop pathping - press Ctrl-C
-a Resolve the IP addresses to hostnames.
-n count Number of echo requests to send to the remote system
-l size Buffer size
-i TTL Time To Live.
-v TOS Type Of Service.
-r # Record route for specified hops.
-s # Timestamp for specified hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply from host.
The commands
discussed in the previous pages can also be used in “Batch files” to
automate processes. Batch files come in
two flavors, (.bat) and (.cmd). Batch
files that end in the .bat extension are used for Windows 9x machines, while
files ending in the .cmd extension are used on Windows NT systems. The following is an example of a batch file
that will check to see if app.exe exists on the z drive. If app.exe does not exist on the z drive,
the simple batch file will ping the ip address 4 times, sending the results to
“test.log”, connect to the server’s network share through an IP address, and
run app.exe.
@echo off
if not exist z:/app.exe goto connect
goto run
:connect
ping 10.10.1.3 -n 10 >> test.log
net use z: \\10.10.1.3\f /y
z:
app.exe
goto end
:run
z:
app.exe
goto end
:end
quit
This proves to be
very useful if you are on separate domains, and cannot see the other system
when running the net view command. This
allows in some circumstances for communications over Extranets with only
knowing the remote IP address.
Unfortunately, this also allows unauthorized access if using routable IP
addresses over the Internet. This works
with all IP addresses with file and printer sharing enabled on that
adapter. A lot of viruses spread using
this method. Some of these commands how
are sensitive on how you send the computer name to. Net View only sees a system’s shares if the NETBios portion of
the protocol is active. This is proven
with the a simple mathematical calculation where the decimal value of the IP
address of 192.168.0.14 would turn into 3232235534. If there was a computer at the address of 192.168.0.14 and had a
network drive shared as J, then you would use “net view \\192.168.0.14” to view
the share. If you where to use “net
view \\3232235534”, then you would get an error 53. Another command that will let you differentiate an IP address
form a NETBios name is NBTSTAT.
“NBTSTAT –A 192.168.0.14” and “NBTSTAT –a 192.168.0.14” will produce the
same result as “NBTSTAT –A 3232235534”.