Hacker Essential: Batch of common network commands and symbols - network commands

Two. Common network commands and symbols

2.1 Learn the ping ipconfig arp start shutdown taskkill command

Key Learning Points:

1. Test IP connection: ping

2. Check the IP configuration: ipconfig

3. Resolution address: arp

4. Open command: start

5. Shut down or restart your computer: shutdown

6. Close the specified process taskkill

One. Test IP connection: ping

A command to check whether the network is unobstructed or the speed of the network connection. Here, we will only know some basic parameters.

-n count Sends the number of Echo packets specified by count.

Defines the number of times packets are sent to the destination IP, which defaults to 4 times. Some information can be gathered from this command. For example, what is the average time it takes for a packet to return,

What is the fastest time, what is the slowest time, and so on.

Example 1

C:\Documents and Settings\mzybar>ping -n 3 www.baidu.com

Pinging www.a.shifen.com [121.14.88.14] with 32 bytes of data:

Reply from 121.14.88.14: bytes=32 time=3ms TTL=57

Reply from 121.14.88.14: bytes=32 time=3ms TTL=57

Reply from 121.14.88.14: bytes=32 time=2ms TTL=57

Ping statistics for 121.14.88.14:

Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 3ms, Average = 2ms

Let's break it down:

Ping statistics for 121.14.88.14:

Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

From here, you can see that in the process of sending 3 packets to the www.baidu.com, 3 were returned without packet loss.

Approximate round trip times in milli-seconds:

Minimum = 2ms, Maximum = 3ms, Average = 2ms

Among these three packets, the fastest return speed is 2ms, the slowest is 3ms, and the average speed is 2ms.

Example 2

ping -n 11 127.0.0.1 >null

Ping the unit 11 times can be used for batch processing delay of 10 seconds. The > nul in the command is masked output.

The short formula can be written as:

ping -n 11 127.1 >null

-w timeout specifies the timeout interval in milliseconds.

Example 3

ping 1 -n 1 -w 10000 2>nul 1>null

It can be used for a delay of 10 seconds in the batch.

Two. View IP configuration: ipconfig

Since the TCP/IP configuration information of the computer is often intercepted in batching, here we will only talk about the /all parameter.

/all parameter

What it does: Displays complete TCP/IP configuration information for all adapters. When using IPConfig without any parameter options, then it is configured for each already configured

The interface displays the IP address, subnet mask, and default gateway values.

Example 1

C:\Documents and Settings\mzybar>ipconfig

Windows IP Configuration

Ethernet adapter Local connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.0.73

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.254

The information displayed here is:

1. The local connection name of the computer is: Local Area Connection

2. The local IP is: 192.168.0.73

3. The subnet mask is: 255.255.255.0

4. The default gateway is: 192.168.0.254

Example 2

C:\Documents and Settings\mzybar>ipconfig /all

Windows IP Configuration

Host Name .

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Connection: //The name of the computer's local connection

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit E // NIC models

thernet NOTHING

Physical Address. . . . . . . . . : 00-E0-4C-59-9B-57 // MAC address of the NIC

Dhcp Enabled. . . . . . . . . . . : No

IP Address.

Subnet Mask . . . . . . . . . . . : 255.255.255.0 // Subnet mask

Default Gateway . . . . . . . . . : 192.168.0.254 // Default gateway address

DNS Servers . . . . . . . . . . . : 61.144.56.100 // Primary DNS address

202.96.128.166 // Secondary DNS address

The ipconfig command displays the full TCP/IP configuration information for all adapters when the /all parameter is displayed, if your computer has multiple network cards

Orders will list their information one by one.

Three. Resolution address: arp

Displays and modifies items in the Address Resolution Protocol (ARP) cache. The ARP cache contains one or more tables that store IP addresses and their passages

The resolved Ethernet or Token Ring physical address. Each Ethernet or Token Ring network adapter installed on the computer has its own separate table.

The -a parameter or the -g parameter is used to view all items in the cache. The result of the -a and -g parameters is the same, and -g has been on UNIX platforms for many years

The option to display all items in the ARP cache, while Windows uses arp -a (-a can be thought of as all, meaning all), but it can also do it

Accept the more traditional -g option.

　　arp -a IP

　　If we have multiple NICs, using arp –a plus the IP address of the corresponding NIC to display only the ARP cache items associated with that NIC.

With the default IP, all current ARP cache tables are displayed.

Example 1

C:\Documents and Settings\mzybar>arp -a

Interface: 192.168.0.20 --- 0x2

Internet Address Physical Address Type

192.168.0.1 00-1a-92-90-19-fe static

192.168.0.2 00-1a-92-90-19-eb static

192.168.0.3 00-1a-92-49-1c-a9 static

192.168.0.4 00-1a-92-90-19-32 static

192.168.0.5 00-1a-92-38-07-09 static

192.168.0.252 00-23-54-a9-f5-4a dynamic

192.168.0.253 00-1d-60-1d-aa-d1 dynamic

192.168.0.254 00-0a-eb-0d-96-ff dynamic

Analyze the data above:

Internet Address: Represents an IP address.

Physical Address: represents the physical address of the network card, that is, the MAC address of the network card.

Type: represents the type of ARP table, "dynamic" is dynamic; "static" is static.

　　arp -s IP physical address

　　We can manually enter a static item into the ARP cache. The item remains valid during the computer boot process, or an error occurs

When incorrectly configured, the manually configured physical address will automatically update the item. ARP binding can be implemented through this command.

Example 2

arp -s 192.168.1.1 00-1a-92-90-19-fe

Add static ARP to 192.168.1.1 to implement ARP binding.

　　arp -d IP

　　Use this command to manually delete a static project. You can enter the arp -d command, and the arp table for the current computer will be deleted by default IP.

In dealing with ARP spoofing, we generally delete the arp table of the current computer before implementing ARP binding.

Example 3

@echo off

arp –d

arp –s 192.168.0.1 00-1a-92-90-19-fe

arp –s 192.168.0.2 00-1a-92-90-19-eb

arp –s 192.168.0.3 00-1a-92-49-1c-a9

arp –s 192.168.0.4 00-1a-92-90-19-32

arp –s 192.168.0.5 00-1a-92-38-07-09

pause

Four. Open command: start

基本式:start "title" filename

The title can be omitted, and the filename is enclosed in "" if it has a space or a special symbol.

Example 1

start http://www.baidu.com

Here is to open Baidu, the title is omitted.

Example 2

start "" "%windir%\system32\NOTEPAD.EXE" "%userprofile%\desktop\abc.txt"

USE NOTEPAD (NOTEPAD) TO OPEN THE ABC .txt ON THE DESKTOP.

Example 3

start "" "%userprofile%\desktop\abc.doc"

Here start must be followed by "" to start the file abc.doc, otherwise it cannot be started.

If there is no " " after start, it means that the title is omitted, and if the file name has """, start will treat it as the title, thus becoming an omission

file name, cmd is enabled by default. So adding "" after start prevents this unexpected situation.

The parameters /min and /max minimize and maximize the open window.

Example 4

start /min "" "%windir%\system32\NOTEPAD.EXE" "%userprofile%\桌面\abc.txt"

Use Notepad to minimize the abc .txt that opens the desktop.

Five. Shut down or restart your computer: shutdown

用法: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

No parameter This message is displayed (same as ?

-i Displays the GUI interface and must be the first option

-l logout (cannot be used with option -m)

-s Shut down this computer

-r Shut down and restart this computer

-a Discards system shutdown

-m \\computername The remote computer shuts down/restarts/gives up

-t xx sets the timeout off to xx seconds

-c "comment" turns off comments (maximum 127 characters)

-f Forces the running application to close without warning

-d [u][p]:xx:yy Close the reason code

u is the user code

p is a scheduled shutdown code

xx is a major reason code (positive integer less than 256)

yy is a minor reason code (positive integer less than 65536)

Example 1

shutdown -l

This command can only log off the native user and is not applicable to remote computers.

Example 2

at 12:00 shutdown -s

With the -s parameter, shut down the computer at 12:00.

Example 3

shutdown -r -t 60

Restart the computer after 60 seconds. Here is the setting of the restart countdown to 60 seconds. If no time is set, the default is 30 seconds.

Example 4

shutdown -f -s -t 300

Force the computer to shut down after 300 seconds with the -f parameter.

Example 5

shutdown -a

When we encounter a shockwave or shockwave virus, or execute the above shutdown command, we can use shutdown -a to terminate the current shutdown

program, so that you can avoid the loss caused by shutdown.

Six. Closes the specified process taskkill

The Taskkill command can end one or more tasks or processes based on the process ID or image name.

/in ImageName

Specifies the image name of the process that will be terminated.

Example 1

taskkill /im qq.exe

/f process

Specifies the process that will be forcibly terminated. This parameter can be ignored for remote processes and all remote processes will be forcibly terminated.

Example 2

taskkill /f /im spoolsv.exe

/pid process id Specifies the PID of the process to terminate

Example 3

taskkill /pid 1230 /pid 1241 /pid 1253

Here is the process to stop PIDs 1230 1241 1253 respectively.