Whoa, did you know Win2K had a comand line?

**breakology** · August 27th, 2003, 04:20 AM

I responded to a post the other day about where to start when it comes to networking & security. I advised someone to start with their own OS, and learn as much about it as possible. I thought I would post a little tutorial about command line network utilities available in Windows 2000 & XP, and how to use them.
If you are experienced with TCP/IP and networking you won't get much from this, but if you are new to the field it will be a useful reference.

ping
Ping is used to verify other hosts on a network. Ping works by issuing a ICMP echo request to a target host.

--------------------------------------------------------------
C:\>ping 198.182.196.56

Pinging 198.182.196.56 with 32 bytes of data:

Reply from 198.182.196.56: bytes=32 time=91ms TTL=41
Reply from 198.182.196.56: bytes=32 time=70ms TTL=41
Reply from 198.182.196.56: bytes=32 time=70ms TTL=41
Reply from 198.182.196.56: bytes=32 time=70ms TTL=41

Ping statistics for 198.182.196.56:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 91ms, Average = 75ms
--------------------------------------------------------------

from this we see that 4 requests (the window default) were sent, size of the packet in bytes (again, the windows default is 32) and time in milliseconds the packet traveled.
Using the command "ping -t" windows will continue to send requests untill stopped with ctrl -c is pressed by the user. "Ping -n" allows you to specify a number of echo requests and "ping -t" allows you to manipulate the byte size of the packets.
"Ping -a" is also useful, when used it resolves IP addresses to host names:
(try ping/? for a complete list of options)

--------------------------------------------------------------
C:\>ping -a 198.182.196.56

Pinging www.linux.org [198.182.196.56] with 32 bytes of data:

Reply from 198.182.196.56: bytes=32 time=70ms TTL=42
Reply from 198.182.196.56: bytes=32 time=80ms TTL=42
Reply from 198.182.196.56: bytes=32 time=70ms TTL=42
Reply from 198.182.196.56: bytes=32 time=81ms TTL=42

Ping statistics for 198.182.196.56:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 81ms, Average = 75ms
--------------------------------------------------------------

Ping is also a useful tool to check DNS by pinging a domain name. If DNS is up and working properly, the domain name will automaticly be resolved to an IP address:

--------------------------------------------------------------
C:\>ping antionline.com

Pinging antionline.com [63.146.109.212] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 63.146.109.212:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
--------------------------------------------------------------

See above how the doamin name was resolved to an IP, but the packets were dumped by the target host. Some hosts, especially web servers, sometimes are configured to ignore ping requests for security reasons.

tracert
tracert is used to view the path a ICMP packet uses when sent over a network.

--------------------------------------------------------------
C:\>tracert monster.com

Tracing route to monster.com [63.112.169.1]
over a maximum of 30 hops:

1 20 ms 10 ms 10 ms 10.73.0.1
2 10 ms 10 ms 30 ms srp5-0.wacotxmhe-rtr1.hot.rr.com [24.26.192.122]

3 20 ms 20 ms 30 ms srp3-0.austtxrdc-rtr4.texas.rr.com [24.93.33.124]
4 30 ms 40 ms 20 ms son0-1-1.hstqtxl3-rtr1.texas.rr.com [24.93.33.221]
5 20 ms 30 ms 30 ms pop1-hou-P0-1.atdn.net [66.185.133.145]
6 30 ms 30 ms 20 ms bb1-hou-P2-0.atdn.net [66.185.150.148]
7 40 ms 50 ms 30 ms bb1-dls-P6-0.atdn.net [66.185.152.132]
8 40 ms 30 ms 41 ms pop1-dls-P0-0.atdn.net [66.185.133.81]
9 30 ms 30 ms 60 ms ATT.atdn.net [66.185.134.38]
10 40 ms 30 ms 50 ms tbr1-p012101.dlstx.ip.att.net [12.123.17.82]
11 70 ms 61 ms 70 ms tbr2-cl1.attga.ip.att.net [12.122.2.90]
12 70 ms 60 ms 61 ms tbr1-p012501.attga.ip.att.net [12.122.9.157]
13 70 ms 60 ms 60 ms tbr2-p013801.wswdc.ip.att.net [12.122.10.69]
14 70 ms 60 ms 60 ms tbr2-cl1.n54ny.ip.att.net [12.122.10.53]
15 70 ms 90 ms 70 ms tbr1-p012501.cb1ma.ip.att.net [12.122.10.21]
16 61 ms 70 ms 60 ms gbr1-p40.cb1ma.ip.att.net [12.122.11.194]
17 70 ms 70 ms 91 ms ar6-p310.cb1ma.ip.att.net [12.123.40.145]
18 80 ms 80 ms 70 ms 12.127.84.10
19 80 ms 91 ms 90 ms www.ma.monster.com [63.112.169.1]

Trace complete.
--------------------------------------------------------------

Notice above that tracert will also resolve domain names to IP addresses.
The output of this command shows every router and IP address that it had to pass through to reach it's destination. The default number of hops is 30, but can be changed useing the switch tracert -h <hop_count> hostname. Tracert is a great way to trouble shoot a network when packets are getting lost somewhere and you must pinpoint the problem.

ipconfig
Ipconfig is used to view all the IP information on you own machine. "Ipconfig /all" gives us lots of useful information:

--------------------------------------------------------------
C:\>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : nameofhostX
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hot.rr.com

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . : hot.rr.com
Description . . . . . . . . . . . : D-Link DFE-530TX+ PCI Adapter
Physical Address. . . . . . . . . : 00-51-B4-B5-22-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 24.242.xxx.xxx
Subnet Mask . . . . . . . . . . . : 255.255.xxx.xxx
Default Gateway . . . . . . . . . : 24.242.44.xxx
DHCP Server . . . . . . . . . . . : 24.93.xxx.xxx
DNS Servers . . . . . . . . . . . : 24.26.xxx.xxx
24.26.xxx.xxx
Lease Obtained. . . . . . . . . . : Tuesday, August 26, 2003 8:08:57 PM
Lease Expires . . . . . . . . . . : Wednesday, August 27, 2003 7:16:37 PM
--------------------------------------------------------------

Although I x'ed out most of my own info here (including changing my MAC address, HA!) You can see all the information revealed by this command.
Ipconfig /release forces your PC to drop it's current IP address (if you have DHCP enabled) and ipconfig/renew will force the DHCP server to issue you a new IP lease.

netstat
Netstat will display all TCP/IP connections and will also provide protocol statistics.

--------------------------------------------------------------
C:\>netstat

Active Connections

Proto Local Address Foreign Address State
TCP hostnamex:http cs2424247-144.hot.rr.com:2411 TIME_WAIT
TCP hostnamex:http cs2424247-144.hot.rr.com:2414 TIME_WAIT
TCP hostnamex:http ip68-3-236-84.ph.ph.cox.net:2230 TIME_WAIT
TCP hostnamex:http ip68-3-236-84.ph.ph.cox.net:2232 TIME_WAIT
TCP hostnamex:http ip68-3-236-84.ph.ph.cox.net:2234 TIME_WAIT
TCP hostnamex:http ip68-3-236-84.ph.ph.cox.net:2236 TIME_WAIT
TCP hostnamex:http ip68-3-236-84.ph.ph.cox.net:2238 TIME_WAIT
TCP hostnamex:1027 hostnamex:2410 TIME_WAIT
TCP hostnamex:1027 hostnamex:2413 TIME_WAIT
TCP hostnamex:2206 hostnamex:1027 CLOSE_WAIT
TCP hostnamex:2409 hostnamex:3306 TIME_WAIT
TCP hostnamex:2412 hostnamex:3306 TIME_WAIT
--------------------------------------------------------------

Netstat has shown us the type of protocol used, could be tcp or udp, the local address followed by the socket or port number, the address of the foreign host connected to along with their port number, and the connection state.
Netstat has lots of interesting options, and because I don't want to edit a full page of my host's host name and ip address, I will let you experiment with the switches:

--------------------------------------------------------------
C:\>netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify
a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
--------------------------------------------------------------

pathping
Pathping is a win2K utility that combines ping and tracert. I honestly have not used it very much, but this is what the windows help file has to say about it:

The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.

Sample output will like something like this (also taken from Win2k help file):

--------------------------------------------------------------
D:\>pathping -n msw

Tracing route to msw [7.54.1.196]
over a maximum of 30 hops:
0 172.16.87.35
1 172.16.87.218
2 192.68.52.1
3 192.68.80.1
4 7.54.247.14
5 7.54.1.196

Computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 172.16.87.35
0/ 100 = 0% |
1 41ms 0/ 100 = 0% 0/ 100 = 0% 172.16.87.218
13/ 100 = 13% |
2 22ms 16/ 100 = 16% 3/ 100 = 3% 192.68.52.1
0/ 100 = 0% |
3 24ms 13/ 100 = 13% 0/ 100 = 0% 192.68.80.1
0/ 100 = 0% |
4 21ms 14/ 100 = 14% 1/ 100 = 1% 10.54.247.14
0/ 100 = 0% |
5 24ms 13/ 100 = 13% 0/ 100 = 0% 10.54.1.196

Trace complete.
--------------------------------------------------------------

Pathping also comes with a list of switches, do pathping /? to check them out.

These are all tools accessible in windows 2000. For anyone new to networking, getting familiar with these command line utilities is a great way to start learning about TCP/IP and how it works. It will also give you a good foudation of knowledge for use in the future when attempting to trouble shoot your own network.

Send all flames, complaints, and negative criticism to my boss at president@whitehouse.gov

Feel free to PM me with your credit card numbers.

***phishphreek*** · August 27th, 2003, 04:33 AM

Not to sound stupid or anything.. but I had never heard or knew that there was a thing such as pingpath. Guess I should be reading all new docs when I get a new OS... LoL

Thanks

Oh, BTW: I emailed your boss about one of your other posts... and he has yet to reply. Can you light a fire for me?

**Cerveza** · August 27th, 2003, 03:03 PM

Nice introduction for n00bs.
Perhaps you should have added
nbtstat (statsistics for netbios over tcp)
arp (adress resolution protocol information)

Anyway, kudos to you !

**NullDevice** · August 27th, 2003, 03:18 PM

well lighted me abt the pathping utility...never heard of it...but it is there in my XP pro.

***phishphreek*** · August 27th, 2003, 04:53 PM

Its weird... I have the pingpath command on my home xp pro box, but not on my xp pro box at work... I wonder why...

Would anyone be so kind as to copy the pingpath utility and zip it and post it here? I'm not sure if there are any DLLs required... but worth a shot.

Thanks!

**breakology** · August 27th, 2003, 06:15 PM

Yea, pingpath is rather, interesting..... but the computing statistics part allways takes a while on my box.

**White_Eskimo** · August 28th, 2003, 05:26 AM

wow, thanks a lot for the help, i was looking for something like this

thanks again!

**growland** · October 19th, 2003, 08:15 AM

I laughed at first when I saw this thread, but then discovered something that I never knew existed "Pathping". Thanks for teaching me something new!

***Nokia*** · October 19th, 2003, 12:23 PM

Yes, a very good post, one that has been cut, pasted and printed for future reference.
thanks!

http://techrepublic.com.com/5102-6265-1055201.html

just found this site which goes into great detail about pingpath.

**c0bra** · October 19th, 2003, 12:32 PM

thx again very useful post, pingpath is new to me too

Thread: Whoa, did you know Win2K had a comand line?

Thread Tools

Display

Whoa, did you know Win2K had a comand line?

Posting Permissions