Repost from: unknown
As a network management, it will definitely encounter a variety of network faults, but a huge network, nodes are sometimes distributed around, all over, even a few or several different places, if there is no online test tool. Difficulties can be imagined. Of course, there must be special test tools, usually hardware, the price is quite expensive, a small and medium business or family is generally unlikely to spend so huge sums of money, in order to solve these network failures. In fact, in my operating system, some very useful software network test tools, if you can use it, and master certain test skills, you can fully meet the general needs, some or even hacked as a hacker tool ! Although these tools cannot be secured for professional hacker tools, there are many hacker tool software to be prepared based on these built-in network test software. Let's take a brief introduction on these tools, I hope to have some help for friends who have not mastered these tools!
First, ping
I believe that people who have played the network will understand or earnes the "ping" command. The ping command is a test tool for the TCP / IP protocol integrated in Windows9x / NT. The ping command is used to see if the host is working in the network, which is the purpose of testing the ICMP ECHO_REQUEST package to the host. . Generally, the local or wide area network to apply TCP / IP protocols, whether you are only a few computers, office LAN, or campus network, enterprise network or even Internet international internet network, when the client and client are not normal When visiting or online work, there are various instability, it is recommended that you must first try this command to test whether the network's communication is normal, most of the time can work.
Ping is a tool for testing network coupling status and packet sending and receiving conditions, is the most commonly used command for network testing. Ping Sends a return request packet to the target host (address), requiring the target host to respond to the request, thus determining the response time of the network and the local Unicom communication with the target host (address). If you do not succeed, you can predict that the fault appears in the following aspects: the network cable fault, the network adapter configuration is incorrect, the IP address is incorrect. If the network is still unusable, the network is still unusable, then the problem is likely to have a software configuration in the network system, and the success can only ensure that there is a connection between the unit and the target host.
1. Syntax format of ping command
The ping command seems to be a small tool, but it has many parameters. It is really not easy to fully understand its usage. It is more difficult to get skilled use, but no matter what we have to come. Its true face, first we still start from the most basic command format!
The complete format of the ping command is as follows:
Ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-V TOS] [-r count] [-S count] [[-j-host list ] | [-K host-list]] [-w timeout] destination-list
It can be seen from this command to have its complexity, and the ping command itself is its execution parameters, now explain it in detail!
-t-- When you have this parameter, when you ping a host, the system keeps running this command until you press Control-C.
-a - Analysis of the host's NetBIOS hostname, if you want to know that your Ping's computer name is added to add this parameter, it is generally displayed in the first line after using the PING command.
-n count - Defines the number of items used to test the test packets sent, the default is 4. Through this command, you can define the number of senders, which is very helpful to measure the network speed. For example, how much time I want to test the return of 20 packets, how much is the fastest time, how much is the slowest time can pass Perform a command with this parameter is known. -l length - Define the size of the packet of the transmit buffer, in the default, the packet size of Windows Ping is 32Byt, or you can define it yourself, but there is a limit, that is, the maximum can only send 6500BYT, more than At this number, the other party is likely to craf in the case due to the receipt of the data package, so Microsoft has limited ping's packet size to solve this security vulnerability.
-f - Send a "Do not segment" flag in the packet, and the packets you send will be sent to the other party via routing segmentation, plus the route will not reside again.
-i TTL - Specifies the time to stay in the other party's system, this parameter is also helping you check the network operation.
-V TOS - Set the Service Type field to the value specified by "TOS".
-r count - Record the route of the outgoing and returning packets in the Record Routing field. Under normal circumstances, the packet you sent is to reach the other party through a route, but what is the route? This parameter can set the number of routes you want to detect, but limit 9, that is, you can only track 9 routes.
-s count - Specifies the timestamp of the number of hops specified by "count", this parameter and -r are similar, but this parameter does not record the route passed through the packet, and only 4 is recorded.
-j Host-List - Route packets using the computer list specified by "Computer-List". A continuous computer can be separated by an intermediate gateway to a maximum number of 9.
-k host-list - Route packets using the computer list specified by "Computer-List". Continuous computers cannot be separated by the intermediate gateway to separated the maximum number of 9.
-w Timeout - Specifies a timeshooting, unit is millisecond.
Destination-List - refers to the host name or IP address to be tested
2. Application of ping command
(1) Test the smoothness of the network
We know that you can use the ping command to test whether the network is smooth, which is often used in the maintenance of the LAN, and the method is simple. You only need to use the ping command in the "run" subkey under the DOS or Windows start menu. Test target computer IP address or hostname (Target computer should be connected to a network with a computer you run in the same network or other lines or other dedicated lines), and other parameters can be all incompatible. If you want to test the station IP address of 196.168.1.21, if you have successful network, you can run on the server: ping -a 196.68.123.56, if the TCP / IP protocol is working properly on the workstation, will be DOS The screen is displayed as shown below:
Pinging cindy [196.168.1.21] with 32 bytes of data:
Reply from 196.168.1.21: Bytes = 32 TIME <10MS TTL = 254
Reply from 196.168.1.21: Bytes = 32 TIME <10MS TTL = 254
Reply from 196.168.1.21: Bytes = 32 TIME <10MS TTL = 254
Reply from 196.168.1.21: Bytes = 32 TIME <10MS TTL = 254
Ping statistics for 196.168.1.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% Loss), Approximate Round Trip Times in Milli-Seconds: minimum = 0ms, Maximum = 0ms, Average = 0ms
From above we can see that the target computer is successful, the TCP / IP protocol works fine because the "-a" parameters can also be found in the IP 196.168.1.21's NetBIOS name Cindy.
If the network is not successful, the following error message is displayed:
Pinging [196.168.1.21] with 32 bytes of data
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping StatiStice for 196.168.1.21:
Packets: SENT = 4, Received = 0, Lost = 4 (100% LOSS),
Approximate Round Trip Times in Milli-Seconds
Minimum = 0ms, maximum = 0ms, Average = 0ms
Why is there any information on four times in the prompt information? (As above "reply from 196.168.1.21: bytes = 32 TIME <10MS TTL = 254" and "Request Timed Out"), that is because The system defaults to send four packets every time you use ping test, which is to tell you the sending of the four packets sent.
When there is a case where the above error prompt appears, you should carefully analyze the causes of network failures and the online nodes that may have problems. Generally don't anxiously check the physical line, start from the following aspects: First, see A TCP / IP protocol has been installed; the other is to check if the NIC installation is correct and whether it has been connected; the third is to look at the TCP / IP protocol of the test computer and whether the network card is valid ( The specific method is to view by selecting "Start → Settings → Control Panel"; 4 is to check if the network service function of the Windows NT server has started (can be selected "start → set → control panel → service" In the dialog box, find "Server", see if "Status" is "started"). If the problem is not found through the above four steps, the problem is not found. At this time, then check the physical connection, we can use the display of the Hub or switch port of the target computer to determine the connection of the target computer now network.
(2) Get the IP address of the computer
Using the PING tool we can get the IP address of the other party, especially in the LAN, we often use NT or Win2K DHCP dynamic IP address services to automatically assign dynamic IP addresses to all workstations. At this time, we must know what we want to test. The computer's NetBIOS name, that is, "computer name" we usually see in "Network Neighbors". When using the ping command, we only use the ping command to add the target computer name. If the network connection is normal, the dynamic IP address of the PING will be displayed. In fact, we can use it in the Internet to get the dynamic IP address of the other party. This is more useful for hackers. Of course, the first thing is that you must know the other's computer name.
(3), the above application skills are actually the application of the ping command in the local area network. In fact, the ping command is not only widely used in the LAN, but also uses it in the Internet Internet to detect the remote connection of the network. Usually, when we encounter two cases, it is necessary to use the PING tool to test the connection between the network. For example, when a website is unacceptable, you can use the ping command to detect. In addition, we can test the connectivity of the network before sending E-mail. Many Internet users often receive information such as "Retund Mail: User Unknown" after sending E-mail, indicating that your email is not sent to the destination. In order to avoid such events again, it is recommended that everyone develops the habit of ping each other mail server addresses before sending E-MAIL. For example, when you send a message to the 163 website mail, type "ping 163.com" (in fact, 163.com is one of the server names of Netease), if you return to "Bad IP Address 163.com "Or" Request Times Out "or" unknow host 163.com ", etc., indicating that the host of the other mail server is not open or the network is not connected. At this time, even if the email is sent, the other party cannot be received. Second, ipconfig / winipcfg
Different from ping, using the IPConfig and WiniPCFG tools to view and modify configurations of TCP / IP protocols in the network, such as IP addresses, gateways, subnet masks, etc. These two tools can be used in Windows 95/98, which is basically the same, just IPConfig is displayed in DOS characters, and Winipcfg is displayed with graphical interfaces, that is, the two tools are a tool, but one is The version under DOS, the other is the version under Windwos, but pays attention to the IPConfig tool in the DOS mode in Windows NT.
1. IpConfig command syntax format
Ipconfig [/ all] [/ batch file] [/ renew all] [/ release all] [/ rent n] [/ release n]
All - Displays all detail information related to the TCP / IP protocol, including the host name, IP address, subnet mask, node type, whether IP routing, network card physical address, default gateway, etc.
Batch file - put the results of the test into the specified "file" file name for item by item, if the File file name is omitted, the system saves the results of this test in the "Winipcfg.out" file of the system. .
Renew All - Updates the communication configuration of all adapters, and all tests restart.
Release All - Releases the communication configuration of all adapters,
Renew N - Update the communication configuration of the Nth adapter, all tests restart.
Release N - Releases the communication configuration of the NSE adapter,
2. Winipcfg command
The functionality of the WinIPCFG tool is basically the same as IPConfig, but WiniPCFG is displayed in a graphical interface, as shown in Figure 1. It is more convenient to operate, and it can be displayed in a 32-bit graphical interface of Windows. When the user needs to see the configuration of the TCP / IP protocol on any machine, simply select "Start → Run" on Windows 95/98, enter the command "WinipCFG" in the dialog that appears, and the test results will appear. Click the Details button, you can view and change the relevant configuration paradigm of TCP / IP in the subsequent dialog box. When you install multiple network cards on a machine, you can find the physical address of each network card and The binding situation of the agreement is particularly useful to us some at some time. If you want to get more information, click the Details button in the figure, you can see the more comprehensive information in the dialog box. 3, IPCONFIG / WINIPCFG application
I told some usage of these two sisters TCP / IP test tools. I will talk about some of them.
(1) Find the IP address of the target host and other information about the TCP / IP protocol, the method is as follows: Press the "Start" menu to execute the "Run" menu item, enter WiniPCFG, there will be an IP configuration window, here will display About some detailed settings of your current network IP. Alternatively, you can also enter ipconfig in MS-DOS mode, or the same can display detailed IP information, but this picture is under DOS.
(2) IPCONFIG / WINIPCFG should be a network reconnaissance tool, especially when setting DHCP (Dynamic IP Address Configuration Protocol) in the user's network, allowing users to easily understand the IPConfig used The actual configuration of the IP address of the / WiniPCFG machine. Because it has an "/ all" parameter, it can detect the IP address allocation of all the networks on this machine, which is more detailed than the ping command. If we run "IPConfig / All / Batch WINDA.TXT" on the computer room WINDA client, open the Winda.txt file, which will display the content shown below, which shows all configurations related to TCP / IP protocols very detailed. . Of course, there is also its shortcomings compared to ping that it can only be tested on this machine and cannot use network functions.
Third, NetStat
Similar to the above network detection software, the NetStat command is also a tool that can be running on the DOS prompt of Windows 95/98 / NT. Using this tool to display statistics and current TCP / IP network connections, users or networks Managers can get very detailed statistics. When there is no special network management software installed in the network, it is a matter of detailing the use of the entire network, it is when NetStat shows the performance.
It can be used to get information for your system network connection (port used by using and protocols used), received and issued data, ports of connected remote systems, and the like.
1, the syntax format of the netstat command
NBTSTAT format: netstat [-a] [-e] [-n] [-s] [-P protocol] [-r] [interval]
The parameter is explained as follows:
-A - The external connection used to appear on the local machine, which also displays the ports we remotely connected, local and remote system connections, and the status of local and remote system connections. This parameter is usually used to get your local system open port, you can check your system you have installed Trojans, if you run NetStat on your machine, if you find such as: Port 12345 (TCP Netbus, Port 31337 (UDP) The information such as BACK Orific is very likely to infect Trojans on your machine. -n - This parameter is basically the digital form of the -a parameter, which is used in the form of numbers to display the above information. This parameter is usually used to check your IP, and some people use him because it is more likely to use numbers. Form to display the host name.
-e - Displays Static Net Statistics, which can be used in conjunction with the -s option.
-p protocol - It is used to display specific protocol configuration information, its format is: netstat -p xxx, XXX can be UDP, IP, ICMP, or TCP, if we want to display TCP protocol configuration on the machine, we can use: NetStat -P TCP.
-S - Display Machine Default Configuration Statistics of each protocol, including TCP, IP, UDP, ICMP, etc. in default.
-r - used to display the route allocation table.
Interval - repeatedly displays the configuration of the selected protocol every "interval" second until "Ctrl C" is interrupted.
2, NetStat application
From the above parameters, we can see that the NetStat tool has at least the following application:
(1), display the connection state of the remote machine connected to the local or connected, including the use of TCP, IP, UDP, ICMP protocol, understand the port of the local opener open;
(2) Check if the network interface has been installed correctly. If you cannot display some network interfaces after using the NetStat, it means that the network interface does not connect properly and needs to re-find the reason.
(3), the router address allocation that is connected to this machine is queried by joining the "-r" parameter;
(4), you can also check some hacker programs such as Trojans because any hacker program needs to achieve the purpose of communicating with its servers by opening a port, but this first must make your machine into the internet. Otherwise, these ports cannot be opened, and these hackers do not play the original purpose of intrusion.
Four, NBTSTAT
NBTSTAT command: Used to see the current NetBIOS-based TCP / IP connection status, you can get the group names and machine names for remote or local machines through this tool. Although users use IPConfig / WiniPCFG tools to accurately get the host's NIC address, for a large-scale LAN, it is too much to go to each machine. The network management personnel use the DOS command NBTSTAT on the machine on the Internet, you can get another NIC address of another Internet host. Let's first take a look at its grammar format:
NBTSTAT [[-A Remotename] [-A ip address] [-c] [-n] [-r] [-r] [-r] [-s] [-s] [interval]]
Parameter Description:
-a remoteename - Description List its name table using the name of the remote computer, this parameter can view his current state via the NetBIOS name of the remote computer.
-A IP address - Description IP addresses using the remote computer are listed in the name table. This and -a is that this can only use IP, in fact -A, includes -a's functionality.
-c - Lists the NetBIOS name of the remote computer and the IP address of each name this parameter is used to list the IP you connect to the computer you connect to your NetBIOS.
-n - List the NetBIOS name of the local machine, this parameter is similar to the "NetStat" in the tool software described above, but this is to check the local, if the IP behind Netstat -a In exchange, it is the same as NBTSTAT -N. -r - lists the name resolution statistics of the Windows network name resolution. On the Windows 2000 computer configured to use WINS, this option returns the number of names to resolve and register by broadcast or WINS.
-R - Remove all names in the NetBIOS Name Cache, reload the LMHOSTS file, this parameter is to clear the IP in the cache that NBTSTAT -C can see.
-S - only the IP address of the remote computer is displayed in the client and server session table.
-s - Displays the client and server session and convert the remote computer IP address to the NetBIOS name. This parameter is similar to -s, but this will put the other party's NetBIOS name to the resolution.
-Rr - release the NetBIOS name registered on the WINS server and refreshes their registration.
Interval - Re-displays the selected statistics every Interval until the "Ctrl C" button stops the statistics. If this parameter is omitted, NBTSTAT will print a current configuration information. Like NetStat, this parameter is used, the "interval" parameter in NBTSTAT is used with -s and -s.
Ok, about NBTSTAT's application, I don't talk about it. I believe that some of its parameters are also understood, just pay special attention to some parameters in this tool are large, lower-written, and use Special payment! In addition, there are many tools in the system. If the ARP command is used to display and modify the address conversion table for the Internet to Ethernet; the function of the nslookup command is to query the IP address of a machine and its corresponding domain name. It usually requires a domain name server to provide domain name services. If the user has set a domain name server, you can use this command to see the domain name corresponding to the IP address of the different hosts ... There is not much tailor here, and there is another point to explain. It may be different from the corresponding command parameter settings in different systems, but the general function is consistent. I hope that everyone will pay attention to the application. These tool software parameters used in this article are all for Win9xwinme, in NT and UNIX. There are some differences in the Linux system.
V. Tracert
Use the tracert command to display the packet to the path passed by the target host and display the time to each node. The command function is similar to ping, but the information it gets is much more detailed than the ping command. It shows the full path, the IP of the node, and the time taken time. This command is compared to a large network.
Command format:
Tracert IP address or hostname [-d] [- h maximumhops] [- j host_list] [-w timeout]
Parameter meanings:
-d does not resolve the name of the target host;
-h maximum_hops Specifies the maximum number of jumps to search for destination;
-j host_list is released according to the address of the address in the host list;
-w Timeout Specifies timeout intervals, the program default time unit is millisecond.
For example, everyone wants to understand the detailed transmission path information between your computer and the target host www.cce.com.cn, you can enter Tracert www.cce.com.cn in MS-DOS.
If we add some parameters after the tracert command, we can also detect other more detailed information, such as using parameter -D, which can specify the program host's domain name when the program is tracked by the path information of the program.
appendix:
First, command ARP
Show and modify "Address Resolution Protocol" (ARP) to the Ethernet IP or token Ring Physical Address Translation Table. This command is only available after the TCP / IP protocol is installed.
ARP -A [inet_addr] [-n [if_addr]]]]
arp -d inet_addr [if_addr]
ARP -S INET_ADDR Ether_ADDR [if_addr]
Example 1. How do you know who is connecting to my computer?
ARP -A
Example 2, using bundled IP and Mac to resolve the problem of IP in the local area network.
View the NIC MAC address and use ipconfig. Record the network card MAC address, and then let the network administrator let the network administrator bundle the static IP address of your Internet with the network card address recorded. The specific command is:
ARP -S 192.168.0.16 00-EO-4C-6C-08-75
In this way, you will be bound by a computer that is 44-55-43-54-00-00. Even if others are stealing your IP address 192.168.0.4; Server Internet. It should be noted that this command is only useful in the network of the network in the local area network, but also a static IP address.
Second, ROUTE command
This command manages the routing table.
Example 1. Display this routing information to help solve network routing problems.
Route Print / NetStat -R
Example 2, use the route command to achieve cross-network segment access
A computer has two network cards (IP is 192.168.0.6 and 10.41.0.14 respectively), and the local area networks of different network segments are connected separately. Use the route command to access across network segments under Win98.
Route delete 0.0.0.0
Route Add 192.168.0.0 Mask 255.255.255.0 10.41.0.14 Metric 1
Route Add 0.0.0.0 Mask 255.255.255.0 10.41.0.254 Metric 1
The 10.41.0.254 is a local area network gateway.
Example 3, the problem that the local area network cannot be accessed after the dial-up Internet is resolved.
One computer (10.41.221.17) is a local area network, and other networks are connected via router 10.41.221.254 (10.41.220.0). After 10.41.221.17 dial-up Internet, the phenomenon that cannot be connected to other networks via the router. The reason is of course the default gateway is modified. The solution is:
Route Add 10.41.220.0 Mask 255.255.255.0 10.41.221.254
