Windows networking
and the Command line

 

Author:

JEREMY MARTIN

jeremy@dbaseprogrammers.com
http://www.visualdbaseprogrammer.com

 

 


            Information contained in this manual came from several different sources. Most of the detailed parameters for each command came from the ever useful “/?” command.  It was written to help the network admin more easily do their job.  This is in no way for the average user.  With this, an average user can severely damage the reliability of their station and the network the station is on.   If used properly, these following command line tools can add power to your arsenal of networking skills.


Windows networking in command line

 

Windows 98 commands

 

ARP: Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP).

Example: c:\>ARP -a

-a                                             Displays current ARP entries by interrogating the current protocol data.  If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed.  If more then one network interface uses ARP, entries for each ARP table are displayed.

-g                                            Same as –a.

inet_addr                               Specifies an internet address.

-N inet_addr                          Displays the ARP entries for the network interface specified by if_addr.

-d                                            Deletes the host specified by inet_addr.

-s                                             Adds the host and associates the Internet address inet_addr with the Physical address eth_addr.    The Physical address is given as 6 hexadecimal bytes separated by hyphens.  The entry is permanent

eth_addr                                                Specifies the Physical address.

if_addr                                   If present, this specifies the Internet address of the interface whose address translation table should be modified.  If not present, the first applicable interface will be used.

 

IPConfig : gives you the IP Addresses of all your network adapters.  This is useful for network troubleshooting.

Example: c:\>ipconfig /all /batch c:\>ip.txt (releases the IP Addresses of you adapters and writes them to c:\>ip.txt)

/ALL                       -               Display detailed information.

/Batch [file]           -               Write to file or /winipcfg.out

/renew_all              -               Renew all adapters

/release_all            -               Release all adapters

/renew N                -               Renew adapter N

/release N              -               Release adapter N

 

FTP: opens up an ftp client in windows.  There are many settings for this command.  There is also the ability to automate a file transfer through text files.  This can only be used if the Server that you are trying to access has an FTP Server active.

Example: c:\>ftp -i -s:in.txt 10.10.1.3 (automates a multiple file transfer using the ftp commands in the "in.txt" file).

-v                                            Suppresses display of remote server response.

-n                                            Suppresses auto-login upon initial connection.

-i                                              Turns off interactive prompting during multiple file transfers.

-d                                            Enables debugging.

-g                                            Displays filename globing (see GLOB command)

-s:filename                             Specifies a text file containing FTP commands; the commands will automatically run after FTP starts.

-a                                             Use any local when binding data connection.

-A                                           Login as anonymous.

-w:buffersize                         Overrides the default transfer buffer size of 4096

 

NBTSTAT: Displays protocol statistics and current TCP/IP connection using NBT (NetBOIS over TCP/IP). 

NBTSTAT can provide VERY useful information.  It will tell you a computer’s MAC Address, login name”<03>”,  network name “<20>”, workgroup “<1E>”,  INET SERVICES “<1C>”, IS~SERVER “<00>”, and if NetBIOS/MSBROWSE is enabled “<01>”.  The Mac Address will tell you what NIC (Network Interface Card) is installed on the machine.  A Mac Address is like a fingerprint for NICs.  Sometimes, you can look up a Mac Address and find out what system they are running… Example, a proprietary NIC on a specific server…  Unfortunately, this is a security issue that gives “HACKERS” two out of three pieces of the puzzle when trying to access your network without your knowledge.  Username, and Domain.  With those two down, it is only a matter of time before they can crack the password.  There are programs out there that use brute force attacks that randomly pick letters until the right password is found.  Once the password is found, the attacker can log right into your system…

Nbtstat [-a Remotename] [-A IP Address] [-c] [-n] [-r] [-R] [-s] [-S] [interval]

Example: c:\>NBTSTAT –A 10.10.1.13 (You can even enter an interval here if needed.  Cycles NETSTAT every X seconds)

-a           (adapter status)      Lists the remote machine’s name table given its name.

-A          (Adapter status)    Lists the remote machine’s name table given its IP Addresses.

-c           (cache)                     Lists the remote name cache including the IP Addresses.

-n           (names)                   Lists local NetBIOS names.

-r            (resolved)               Lists names resolved by broadcast and via WINS.

-R           (Reload)  Purges and reloads the remote cache name table

-R                                            releases NetBIOS names registered with a WINS server and then renews their registration..

-S           (Sessions)               Lists sessions table with the destination IP addresses.

-s            (Sessions)              Lists sessions table converting destination IP addresses to host names via the hosts file.

 

RemoteName:        Remote host machine name.

IP Address:           Dotted decimal representation of the IP address.

 

 

NET Config: Displays your current workgroup settings.  (local machine)

 

NET DIAG: Runs the Microsoft Network Diagnostics program to display diagnostic information about your network

Example: c:\>net diag

/NAMES                                Specifies a diagnostic server name in order to avoid conflicts when NET DIAG is used simultaneously by multiple users.  This option works only when the network uses netbois protocol.

/STATUS                              Enables you to specify a customer about which you want network diagnostics information

 

NET HELP: Lists the DAMN HELP FILES!!!  (AKA : RTFM!)

Example: c:\>net help help

Example: c:\>net help 53

 

NET INIT: Loads protocol and network-adapter drivers without binding them to Protocol Manager

Example: c:\>NET INIT /DYNAMIC

/DYNAMIC                           Loads the protocol Manager dynamically.  This is useful with third-party networks

 

NET LOGOFF: Breaks the connection between your computer and the shared resources to which it is connected.  (can't be run in MS-DOS window)

/YES                                       Carries out the NET LOGOFF command without first prompting you to provide information or confirm the action                                             

 

NET LOGON: Identifies you as a member of a workgroup.  (can't be run in MS-DOS window)

Example: c:\>NET LOGON user password | ? /DOMAIN:name /YES /SAVEPW:NO

User                                        Specifies the name that identifies you in your workgroup.  The name you specify can contain up to 20 characters

Password                               The unique string of characters that authorizes you to gain access to your password-list file.  The password can contain up to 14 characters

?                                              Specifies that you want to be promted for your password

/DOMAIN                             Specifies that you want to log on to a Microsoft Windows or LAN Manager domain.

Name                                      Specifies the Windows NT or LAN Manager domain that you want to log on to.

/YES                                       Carries out the NET LOGON command without prompting you to provide information to confirm your actions.

/SAVEPW:NO                      Carries out the NET LOGON command without prompting you to create a password-list file

 

NET PASSWORD: Changes your logon password.  (can't be run in MS-DOS window)

Example: c:\>NET PASSWORD oldpassword newpassword

Example: c:\>NET PASSWORD \\computer | /DOMAIN:name user oldpassword newpassword

Oldpassword                        Specifies your current password

Newpassword                       Specifies your new password.  It can have up to 14 characters

Computer                               Specifies the Windows NT or LAN Manager server where you want to change the password

/DOMAIN                             Specifies the Windows NT or LAN Manager domain password for your account

name                                       Specifies the Windows NT or LAN Manager domain that owns your account

user                                        Specifies your Windows NT or LAN Manager user name (account) Oldpassword

 

NET PRINT: tells you what is in the printer queues of a network computer

Example: c:\>net print \\server or net print \\10.10.1.3

Example: c:\>net print \\computer\printer | Port /YES

Example: c:\>net print \\computer | port job# /PAUSE \ /RESUME | /DELETE | /YES

Computer                               Specifies the name of the computer whose print queue you want to see

Printer                                    Specifies the name of the printer

Port                                         Specifies the name of the parallel (LPT) port on the local system that is connected to the network printer

Job#                                       Specifies the number assigned to a queues print job. 

                                                /Delete   Cancels Print job

/Pause    Pauses Print job

                                                /Resume Restarts a Paused Print job

/YES                                       Carries out the NET PRINT command without confirming actions

 

NET START: Starts services

BASIC                                    Starts the basic redirector.

NWREDIR                             Starts the Microsoft Novell (R) compatible redirector

WORKSTATION Starts the default redirector

NETBIND                              Binds protocols and network-adapter drivers.

NWLINK                               Starts the IPX/SPX-compatible interface.

/LIST                                      Displays a list of services that are running

/YES                                       Skips prompting

/VERBOSE                             Display information about drivers and services

 

NET STOP: Stops services

BASIC                                    Stops the basic redirector.

NWREDIR                             Stops the Microsoft Novell (R) compatible redirector

WORKSTATION Stops the default redirector

NWLINK                               Stops the IPX/SPX-compatible interface.

/YES                                       Skips prompting

 

NET TIME: tells you what time it is on a network computer. 

Example: c:\>net time \\server or net time \\10.10.1.3

/WORKGROUP:wgname    Specifies a different workgroup

wgname                                 workgroup

/SET                                       Synchronizes your clock with the one specified

/YES                                       Skips prompting

 

NET USE: is used to use resources on networked computers.  The main use of this command uses the NetBIOS function.  This allows you to view a computer name on your network.  Example: c:\>net use z: \\server\c (this will map the C: drive on the server to Z: drive on the local machine).  Another thing I've found out is that this also goes for IP Addresses.  Example: c:\>net use z: \\10.10.1.3\c (this will map the C: drive on IP Address 10.10.1.3 to Z: drive on the local machine).  This is a very helpful network tool, but is also a major security hazard.  Anyone connected to the same network can map your drive.  This also includes the Internet.  If you both have a "real" IP Address,  "File and Printer Sharing" enabled and a drive (or printer) shared, someone can access your machine.  Unfortunately, Microsoft never really tells you this. Remember that the Internet is just one big network.   LAN (Local Area Networks) that connects one or more computers to the Internet through a modem line is the most vulnerable. When using "net use" by itself, you can see all the network resources that you have mapped (like the Z: drive in the example above).  This is great for network printing to remote sights and trading files on a secure network.

Example: c:\>net use z: \\server\c test

Example: c:\>net use z: \\10.10.1.3\c test (maps server's c drive to z on local drive/password test)

drive                                       Specifies the drive letter you assign to a shared directory.

*                                              Specifies the next available drive letter.

port                                         Specifies the parallel (LPT) port name you assign to a shared printer.

/SAVEPW:NO                      Specifies that the password you type should not be saved in your password-list file.  You need  to retype the password the next time you connect to this resource.

/YES                                       Skips prompting

/DELETE                                Breaks the specified connection to a shared resource

/NO                                         Skips prompting with the answer as NO

/HOME                                  Makes a connection to your home directory if one is specified in your LAN Manager or Windows NT user account.

To list all your connections, type NET USE without options

NET VER: Displays the type and version of the workgroup redirector you are using


NET VIEW
: can view the shared resources of the networked computer.  With this, you can see (even on the Internet) what drives, and printers a computer has shared (both through naming conventions and IP Addresses).  This is a BIG security issue, and how many of today’s viruses spread so easily.

Example: c:\>net view \\server 

Example: c:\>net view \\10.10.1.3.

/WORKGROUP:wgname    Specifies a different workgroup

wgname                                 workgroup

/YES                                       Skips prompting

                /NETWORK:NW Browses NetWare Networks

                Compatibility issues between a Microsoft Windows Network, and a NetWare Network

SYSCON can be run on an NT station from a NetWare server by \\NWSERVERNAME\SYS\PUBLIC\SYSCON at the command prompt, but the program will not run without errors unless you map the drive.  Without the drive mapped, SYSCON will not be able to find it’s supporting files.  Most NetWare utilities can be run on an NT system using GSNW or CSNW.

               

NETSTAT: Displays protocol statistics and current TCP/IP network connections.

Example: c:\>NETSTAT –a –n (You can even enter an interval here if needed.  Cycles NETSTAT every X seconds)

-a                                             Displays all connections and listening ports.

-e                                             Displays Ethernet statistics.  This may be combined with the –s option.

-n                                            Displays addresses and port numbers in numerical form.

-p proto                                  Shows connections for the protocol specified by proto: proto may be TCP or UDP.  If used with the –s option to display per-protocol statistics, proto may be TCP, UDP, or IP.

-r                                             Displays the routing table.

-s                                             Displays per-protocol statistics.  By default, statistics are shown for TCP, UDP, and IP; the –p option may be used to specify a subnet of the default.

 

PING: sends a packet of data to a remote IP Address and returns that packet. This is essential for network troubleshooting. What this tells you is if the connection is working, and the latency (speed) of the connection.  This is the most useful network trouble-shooting tool available.  Ping is very easy to use, and is extremely easy to remember.  If you are having connectivity issues on the network, the first thing you should do is pint the address you are having problems getting to.  “PING address –t” will also give you a throughput average to test how long each ping takes.
Example: c:\>ping 10.10.1.3 -t (pings a specific host until stopped)

-t                                             Ping the specified host until stopped.

                                                To see statistics and continue - type Control-Break;

                                                To stop - type Control-C

-a                                             Resolve addresses to hostnames.

-n count                                 Number of echo requests to send

-l size                                      Send buffer size

-i TTL                                     Time To Live.

-v TOS                                   Type Of Service.

-r count                                  Record route for count hops.

-s count                                 Timestamp for count hops.

-j host-list                              Loose source route along host-list.

-k host-list                             Strict source route along host-list.

-w timeout                             Timeout in milliseconds to wait for each reply.

ROUTE: Manipulates network routing tables

Route will allow your computer or server to access another subnet or netmask.  Route Print will list the complete routing table.  Netstat –r lists the same table, but also lists active connetions.

{route add destination mask netmask gateway}

Example: c:\>route add 192.168.0.0 mask 255.255.0.0 192.168.0.10

Example: c:\>route print

-f                                             Clears the routing tables of all gateway entries.  If this is used in conjunction with one of the commands, the tables are cleared prior to running the commands.

Command.  Must be one of four

Print                                        Prints a route

Add                                        Adds a route

Delete                                     Deletes a route

Change                                  Modifies an existing route

destination                            Specifies the destination host.

MASK                                   Specifies that the next parameter is the ‘netmask’ value.

netmask                                 Specifies a subnet mask value to be associated with this route entry.  If not specified, it defaults to 255.255.255.255

gateway                                 Specifies gateway (Your system)

METRIC                                Specifies that the next parameter  ‘metric’ is the cost for the destination.

 

Telnet: Telnet is a command line interface for remote administration of IP servers.  It starts a session on the remote server that is apart from what the server can see.  A user on the server can not see what the telnet connection is doing unless they are administering the Telnet server. Some servers have the ability to log all activities while accessing it.  Telnet is also a way to communicate with any open port on a computer.  Telnet is a very powerful tool for multiple reasons.  For Example: c:\>telnet 10.10.1.13 110 will connect to the POP3 mail server on 10.10.1.13.  Once in the mail server, you can log in, and actually read your email (for the exception of attachments).  If there is a web server, you can even telnet into a web server. Example: c:\>telnet 10.10.1.13 80.  You more then likely will not see anything, but if you know the correct commands to pass to the web server (depending on what HTTP version they are using) you can see the code of html.  IIS 4 had the security hole of allowing this type of connection to view the source of .ASP pages.  Being allowed to view server side programming such as Active Server Pages would give you the locations to the hidden code, and high sensitive materials such as company databases.  Most databases that .ASP pages use are Access or .mdb files.  IIS 4 also had a sever bug that would crash if a certain command was passed in this fashion.

                You can even send an email through telnet by connecting to port 25 on an email server.  Once connected, the commands would go as follows:

HELO “negotiates the connection to the email server”

RCPT TO: recipient@ips.com “this is the email address that you want to send”

MAIL FROM: sender@isp.com “this is the email address that you have traced back”

DATA:  “extra data such as subject, CC, BCC, priority, supposed message id…”

 

. “The single period end the email message and tells the server that the data is finished”

 

This is how people can spam so easily.  Most of the data in an email can be altered.

 

[host[port]]

Example: c:\>telnet 10.10.1.3 23

Host                                       Specifies the hostname or the IP address of the remote computer you want to connect to

Port                                         Specifies the port number or the service name

Tracert: sends a packet of data to a remote IP Address and reports all of the HOPs it has to travel to get to the destination.  If you ping an IP Address, and the ping times out, tracert will track down how far you are able to get to the address.  This is essential for network troubleshooting.  If you are having issues accessing a particular network address (Internet, or wide area network with more then one HOP), this will tell you where the connection is broken.  If used on the opposite side, this will verify the exact location of the Break.  Besides PING, this is the most useful network utility when it comes to troubleshooting connectivity issues.

Example: c:\>tracert 10.10.1.3

-d                                            Do not resolve addresses to hostnames.

-h maximum hops                 Maximum number of hops to search for target.

-j host-list                              Loose source route along host-list.

-w timeout                             Wait timeout milliseconds for each reply

 

WINDOWS NT COMMANDS

 

Same as above plus the following

 

AT: The AT command schedules commands and programs to run on a computer at a specified time and date.  The Schedule services must be running to use th AT command.

                AT \\COMPUTERNAME “ID” /DELETE | /DELETE /YES

                AT \\COMPUTERNAME TIME /INTERACTIVE          /EVERY:DATE,…| NEXT:DATE,… “COMMAND”

\\COMPUTERNAME          Specifies a remote computer.  Commands are scheduled on the local computer if this parameter is omitted

ID                                            Is an identification number assigned to a scheduled command

/delete                                    Cancels a scheduled command.  If id is omitted, all the scheduled commands on the computer are canceled

/yes                                        Used with cancel all jobs command when no further confirmation is desired

time                                         Specifies the time when the command is to run

/interactive                            Allows the job to interact with the desktop of the user who is logged on at the time the job runs.

/every:date,…                       Runs the specified command on each specified day(s) of the week or month.  If date is omitted, the current day of the month is assumed

/next:date,…                          Runs the specified command on the next occuuence of the day.  If date is omitted, the current day of the month is assumed

“command”                           is the Windows NT command, or batch program to be run

 

FINGER: Displays information about a user on a specified system running the Finger service.  Output varies on each system

Example: c:\>FINGER bob@info.com

-l                                              Displays information in long list format.

 

NET ACCOUNTS: Show or set account policy.

                /FORCELOGOFF:{minutes | no}

                /MINPWLEN : length

                /MAXPWAGE : {days | UNLIMITED}

                /MINPWAGE : DAYS

                /UNIQUEPW : number

                /DOMAIN

 

NET COMPUTER: Adds or deletes computers in a domain.

                \\COMPUTERNAME /ADD : /DEL

 

NET CONFIG SERVER: Displays or changes settings for the server service

                /AUTODISCONNECT:time

                /SRVCOMMENT:”TEXT”

                /HIDDEN:{YES | NO}

 

NET CONTINUE: Reactivates service that has been net paused.

                NET CONTINUE SERVICE

 

NET FILE: Lists open files on server.   Sometimes there are cases that do to network issues, a file may be left open even though there is no one currently accessing it.  This command forces the file closed.

                NET FILE “ID” /CLOSE

 

NET GROUP: Adds, displays or modifies global groups

                GROUPNAME /COMMENT:”TEST” /DOMAIN

GROUPNAME {/ADD /COMMENT:”TEST” | /DELETE} /DOMAIN

GROUPNAME USERNAME “…” /ADD | /DELETE} /DOMAIN

 

NET HELPMSG: Enter with 4 digit error message code.  This gives you info and suggestions for solutions.

                NET HELPMSG MESSAGE#

 

NET LOCALGROUP: Displays, creates, or modifies local groups.

GROUPNAME /COMMENT:”TEST” /DOMAIN

GROUPNAME {/ADD /COMMENT:”TEST” | /DELETE} /DOMAIN

GROUPNAME USERNAME “…” /ADD | /DELETE} /DOMAIN

 

NET NAME: adds or deletes a messaging name.

                NET NAME “NAME” /ADD | /DELETE

 

NET PAUSE: Suspends a NT service or resource.

                NET PAUSE SERVICE

NET SEND: will send a message to another NT system, and will send messages to windows computers that have WINPOPUP running.  Example: c:\>net send server hello! (This will send a message to server saying "hello!")  Win2k can net send to IP Addresses also.  This opens up an interesting networking possibility, live communications through windows messaging..  With Net send can be a useful internal and external network communication device.

NET SESSION: Lists all sessions between a server and other stations.

                NET SESSION \\COMPUTERNAME /DELETE

 

NET SHARE: Make resources available to network stations.

                SHARENAME=DRIVE:PATH /USERS:NUMBER | /UNLIMITED

                                                /REMARK:”TEXT”

                                                /CACHE:MANUAL | AUTOMATIC | NO

                SHARENAME /USERS:NUMBER | UNLIMITED

                                                /REMARK:”TEXT”

                                                /CACHE:MANUAL | AUTOMATIC | NO

                SHARENAME | DEVICENAME | DRIVE:PATH

 

NET STATISTICS: Lists statistics for server or workstation.

                NET STATISTICS WORKSTATION | SERVER

 

NET USER: Creates, lists, and delete users.

                USERNAME PASSWORD | * OPTIONS /DOMAIN

                USERNAME {PASSWORD | *} /ADD OPTIONS /DOMAIN

                USERNAME /DELETE /DOMAIN

PATHPING: ( WINDOWS NT ONLY) The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.

Example: C:\>pathping -n 10.10.0.13

-t                                             Pings the specified host until stopped.

                                                To see statistics and continue – press Ctrl-Break;

                                                To stop pathping - press Ctrl-C

-a                                             Resolve the IP addresses to hostnames.

-n count                                 Number of echo requests to send to the remote system

-l size                                      Buffer size

-i TTL                                     Time To Live.

-v TOS                                   Type Of Service.

-r #                                          Record route for specified hops.

-s #                                         Timestamp for specified hops.

-j host-list                              Loose source route along host-list.

-k host-list                             Strict source route along host-list.

-w timeout                             Timeout in milliseconds to wait for each reply from host.

 

 

The commands discussed in the previous pages can also be used in “Batch files” to automate processes.  Batch files come in two flavors, (.bat) and (.cmd).  Batch files that end in the .bat extension are used for Windows 9x machines, while files ending in the .cmd extension are used on Windows NT systems.  The following is an example of a batch file that will check to see if app.exe exists on the z drive.  If app.exe does not exist on the z drive, the simple batch file will ping the ip address 4 times, sending the results to “test.log”, connect to the server’s network share through an IP address, and run app.exe. 

@echo off

               

if not exist z:/app.exe goto connect

goto run

               

:connect

ping 10.10.1.3 -n 10 >> test.log

net use z: \\10.10.1.3\f /y

z:

app.exe

goto end

               

:run

z:

app.exe

goto end

               

:end

quit

 

This proves to be very useful if you are on separate domains, and cannot see the other system when running the net view command.  This allows in some circumstances for communications over Extranets with only knowing the remote IP address.  Unfortunately, this also allows unauthorized access if using routable IP addresses over the Internet.  This works with all IP addresses with file and printer sharing enabled on that adapter.  A lot of viruses spread using this method.  Some of these commands how are sensitive on how you send the computer name to.  Net View only sees a system’s shares if the NETBios portion of the protocol is active.  This is proven with the a simple mathematical calculation where the decimal value of the IP address of 192.168.0.14 would turn into 3232235534.  If there was a computer at the address of 192.168.0.14 and had a network drive shared as J, then you would use “net view \\192.168.0.14” to view the share.  If you where to use “net view \\3232235534”, then you would get an error 53.  Another command that will let you differentiate an IP address form a NETBios name is NBTSTAT.  “NBTSTAT –A 192.168.0.14” and “NBTSTAT –a 192.168.0.14” will produce the same result as “NBTSTAT –A 3232235534”.