Difference between revisions of "Essential Windows Commands"
(→NSLOOKUP) |
(→NSLOOKUP) |
||
| Line 95: | Line 95: | ||
'''Syntax''' | '''Syntax''' | ||
Lookup the ip address of MyHost: NSLOOKUP [-option] MyHost | Lookup the ip address of MyHost: NSLOOKUP [-option] MyHost | ||
| − | + | ||
| + | |||
Lookup ip address of MyHost on MyNameServer: NSLOOKUP [-option] MyHost MyNameServer | Lookup ip address of MyHost on MyNameServer: NSLOOKUP [-option] MyHost MyNameServer | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | Example: | + | '''Example:''' |
| − | C:\> nslookup | + | C:\> nslookup 172.18.2.1 |
Revision as of 00:33, 3 October 2009
Very often when new users are having problems, its very hard for admins to find the problem. By learning these basic commands, you can help yourself and help your admin find the cause of your problem much quicker. Below is a list some basic, but very usefull Windows command prompt tools.
PING
Test a network connection - if successful, ping returns the ip address.
Syntax
PING [options] destination_host
Options
-w timeout Timeout in milliseconds to wait for each reply. -i TTL Time To Live. -v TOS Type Of Service. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -t Ping the destination host until interrupted. -l size Send buffer size. -f Set Don't Fragment flag in packet. -r count Record route for count hops. -s count Timestamp for count hops. -j host_list Loose source route along host_list. -k host_list Strict source route along host_list. destination_host The name of the remote host
- A response of "Request timed out" means there was no response to the ping attempt in the default time period of one second.
If the latency of the response is more than one second. Use the -w option on the ping command to increase the time-out. For example, to allow responses within five seconds, use ping -w 5000.
- A successful PING does NOT always return an %errorlevel% == 0. Therefore to reliably detect a successful ping - pipe the output into FIND and look for the text "TTL"
- Note that "Reply" in the output of PING does not always indicate a positive response. You may receive a message from a router such as: Reply from 192.168.1.254: Destination Net Unreachable.
Four steps to test an IP connection with ping:
- Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer.
PING 127.0.0.1
- Ping the IP address of the local computer to verify that it was added to the network correctly.
PING IP_address_of_local_host
- Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network.
PING IP_address_of_default_gateway
- Ping the IP address of a remote host to verify that you can communicate through a router.
PING IP_address_of_remote_host
TRACERT
Trace Route - Find the IP address of any remote host. TRACERT is useful for troubleshooting large networks where several paths can be taken to arrive at the same point, or where many intermediate systems (routers or bridges) are involved.
Syntax
TRACERT [options] target_name
Key
target_name The HTTP or UNC name of the host
Options:
-d Do not resolve addresses to hostnames.
(avoids performing a DNS lookup)
-h max_hops Maximum number of hops to search for target.(default=30)
-j host-list Trace route along given host-list.
up to 9 hosts in dotted decimal notation, separated by spaces.
-w timeout Wait timeout milliseconds for each reply.
The functionality of TRACERT is the same under all versions of windows but the output is cosmetically improved under XP.
Tracert uses the IP TTL field and ICMP error messages to determine the route from one host to another through a network.
Care must be taken with tracert as it shows the optimal route, not necessarily the actual route. To be accurate, it is possible to ping from a UNIX machine back to the PC using the -R option to record the route taken - but only if the particular network devices support it.
This diagnostic tool determines the path taken to a destination by sending ICMP Echo Request messages with varying Time to Live (TTL) values to the destination.
TTL (Time to Live) calculation TTL is effectively a count of the (maximum) number of links to the destination host. Each router along the path decrements the TTL in an IP packet by at least 1 before forwarding it.
When the TTL on a packet reaches 0, the router is expected to return an ICMP Time Exceeded message to the source computer.
Tracert determines the path by sending the first Echo Request message with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until either the target host responds or the maximum number of hops is reached.
This process relys on intermediate routers to return ICMP Time Exceeded messages. However, some routers do not return Time Exceeded messages for packets with expired TTL values and are invisible to the tracert command. In this case, a row of asterisks (*) is displayed for that hop.
Firewalls Many firewalls will block ICMP traffic by default. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path you didn't intend.
Examples
TRACERT www.ctwug.za.net TRACERT 172.18.1.1
NSLOOKUP
Lookup IP addresses on a NameServer.
Syntax
Lookup the ip address of MyHost: NSLOOKUP [-option] MyHost
Lookup ip address of MyHost on MyNameServer: NSLOOKUP [-option] MyHost MyNameServer
Example:
C:\> nslookup 172.18.2.1
