- arp - Used to view the arp cache.
- ipconfig - Displays the configuration settings for the host.
- nbtstat - Used to troubleshoot NetBIOS name resolution problems.
- netstat - Current connections, routing tables, interface statistics, netlink messages, multicast mamberships, and masquerade connections are displayed,
- nslookup - Name server lookup for DNS.
- ping - Used to verify that another host may be reached with an ICMP packet.
- route - View or modify the local route table.
- snmp - Remote management of network devices.
- tracert - Traceroute traces a route through routers from one IP address to another.
Other Windows tools
- Event Log
- Performance Monitor
- Registry Editor
- ARP -a or ARP -g - Display all entries in the ARP cache
- ARP -s - Add static entry to the ARP cache table. Syntax: "arp -s (ip address) (mac address)"
- ARP -d ipaddress - Delete an entry.
IP configuration determination is determined with the following programs on the listed operating systems. It reports IP address, subnet mask, default gateway
- Ifconfig for Linux/Unix
- Ipconfig for NT
- Winipcfg for Windows 95/98
- /all - Shows much configuration information from local hostname, IP address, subnet mask to DHCP server and WINS server address and lease dates. It will display an IP address of 0.0.0.0 and DHCP address of 255.255.255.255 if the DHCP attempt was unsuccessful. Items displayed:
- Host name
- Net mask
- NetBIOS node type - B, P, M, or H node.
- NetBIOS Scope ID assignment
- DNS server addresses
- "NetBIOS resolution via DNS Enabled Status"
- WINS servers IP addresses
- "IP Routing enabled status"
- "WINS Proxy's Enabled Status"
- "DHCP's Enabled Status"
- Network card description
- Netword card MAC address.
- /renew - Renews the DHCP lease
- /release - Releases the DHCP lease and the IP address is available for other clients.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
- -a - (All) Show all connections and listening ports.
- -e - (Ethernet) Show ethernet statistics. Combined with the -s option it will show protocol statistics..
- -n (Numerical) Show addresses and port numbers in numerical form.
- -p protoname - Shows connections for the specified protocol. The possible protocol includes TCP and UDP. The -s option used with this option will show statistics for each protocol.
- -r - (Route) Show the routing table.
- -s - (Statistics) Show protocol statistics. The default, statistics are TCP, UDP and IP. Used with the -p option, a subset of the default is displayed.
- interval - The amount of time (interval) in seconds to pause between each display of statistics. CTRL C is used to stop redisplaying statistics. If the interval is not included the current configuration information is displayed once.
Uses interactive or noninteractive (command line) modes. If noninteractive mode is used, nslookup is just invoked with its name on the command line and no computer name to lookup is specified. Syntax:
nslookup [-options] computername [-DNSserver]
- route add [network address] mask value [gateway address] EX: route add 192.168.1.0 mask 255.255.255.0 192.168.2.1
- route -p add [network address] mask value [gateway address] - A permanent route is added.
- route change [network address] [gateway address]
- route delete [network address] [gateway address]
- route print [network address] [gateway address]
- route -s [gateway address] = Add a route to a smart gateway
- route -f = Clear all routes (flush).
The -p option is used to make the route permanent and it is stored in the system registry. NT comes with RIP dynamic capability.
Tracert allows path determination from one computer to another. It will list the IP addresses of the machines the data must pass through. Example usage:
The IP address is the address of a remote computer you want to find the path to.
Can capture data based on source and destination MAC, or IP address along with other filtering capability.
ICMP helps determine when packets are not delivered correctly. IGP (Interior Gateway Protocol) includes RIP and OSPF protocols.
Used to manage the NetBIOS cache. Syntax:
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval] ]
|nbtstat -a machinename||View the remote computer NetBIOS name table specified by name of machine|
|nbtstat -A IPaddress||View the remote computer NetBIOS name table specified by IP address|
|nbtstat -c||View the remote machine NetBIOS name cache including the IP addresses|
|nbtstat -n||View local NetBIOS computer names|
|nbtstat -r||View NetBIOS names resolved using broadcast or WINS.|
|nbtstat -R||Purge then reload NetBIOS cache from lmhosts file|
|nbtstat -s||View the sessions table with the destination IP address.|
|nbtstat -S||View the sessions table by converting the destination address to host names using the hosts file.|
The computer NetBIOS name is stored in the system registry at: