Windows Command Line
IP configuration (ipconfig)
IP configuration - IPv4 address -IPv6 address -Subnet Mask -Default Gateway IP
Is arp -s and netstat -s, both Static IP?
NO arp -s= allows to Statically add IPV4,IPv6 netstat -s= STATISTICS of IPV4, IPV6 Not Adding anything. Shows the Statistics of Network (ip4, ip6)
NetBios Statistics over TCP/IP (nbtstat)
NetBios = Network Basic Input and Output system nbtstat = NetBios over TCP/IP Shows Computer Name, Work Groups name, Domain Name, etc For who? Local Cache or WAN netbios IP (A) and WAN netbios server name (a)
which Commands uses IPV4 by default when Website address is used?
Ping Tracert
Which commands use Website / IP address for the COmmand?
Ping, Tracert, Netstat
netstat command
Proto Local Address Foreign Address STATE PID netstat -a shows all Active connections No PID netstat -ano PID shown + Active connections netstat -s Statistics of IPv4 and IPV6 Receives Packets, Sent Packets, Discarded Packets netstat -n NUMERICAL FORM - displays Address and Port of Local Address in Numerical Form (Small to Big)
Route command theory
Route Print Shows the Routing Table Network Destination Netmask Gateway Interface Metric Network Destination and Netmask = related. Interface = your NIC interface to reach the Router Shows wat Route u have to take to reach the nearest Gateway. They call the Network Destination as "Routes". I don't think they represent any Computer's IP address. It's just a Path and it is represented w IPV4 address, my guess. Network Destination = "0.0.0.0" means if there is no pre-defined Route for an IP address, send it to "0.0.0.0" Route, its gonna send to Default Gateway. Extra- Default Gateway shows ip address But others show "ON-LINK" = NO Gateway required. Direct Connection allowed to the Destination address by the Client Address via the Route network destination. The Network Destination "0.0.0.0" is like "127.168.x.x" typish meta-address. It don't belong to no one. It's a reserved IP for a certain action. Routing Table shows all the Routes that are available. It means for Certain IP address, we gonna send to this Route -> Gatway
ROUTE command
Route Print = shows Routing Table Net Dest. Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.4.2 10.1.10.67 32 10.0.2.0 255.255.255.0 ON-LINK 10.0.2.15 288 route delete "route ip" = deletes the route ip, netmask -> Cannot Access the Default Gateway If u try to access the Sites that uses the "0.0.0.0" Route, you can't cuz No Route, No Default Gateway Eg: route delete 0.0.0.0 route add -p "deleted route ip" -mask "netmask ip" "default gateway ip" eg: route add -p 0.0.0.0 -mask 0.0.0.0 192.168.4.2
IPconfig VS Static/Automatic IP address ?
Static/Automatic(dhcp) IP address = has SERVER address (wins, dns) IPconfig =IPv6 and IPv4
Address Resolution Protocol (ARP) theory
To Find MAC address. Wat we know? IP address Wat we trying to find? MAC address me - Cuz IP is used to locate the device on Layer 3, MAC locates device on Layer 2 Old days, Mac only, later IPv4 came and IP adress was used. For LAN, Mac is ok. For LAN and WAN, IP is good. (Simple view, I guess) MAC is found in NIC interface Note - MAC address is ingrained into the NIC card You can't delete the MAC. IP can be deleted. (In general)
Trace Route (tracert)
Tracert = Traces Number of Routers to "Website" or "IP address" Usually does 30 Hops max. "Request Timed Out" = That Router isn't responding to your ping. Tracert, Ping = Blocked by that Router/Firewall
How to access Command?
Windows+R = Run Run -> cmd
ARP commands
arp -a lists all the current IP- to -MAC list on PC arp -d 192.2.4.3 Deletes the IP address for that NIC interfaces' MAC. MAC is there, IP 192.2.4.3 disappears completely arp -s 192.2.4.3 ff-ss-ff-ee-gg-ss STATICALLY Adds the IP back to that MAC address. STATICALLY adds the IP. (Manual addition) It's confusing. We trying to assign IP to a Physical device w MAC. or Find MAC of a certain IP.
-s is used by which commands?
arp -s and netstat -s arp -s shows Manually added STATIC IP's and MAC netstat -s shows Statistics of IPv4, IPv6 for Received packets, Sent packets, Discarded packets
Links
https://en.wikipedia.org/wiki/Default_route https://kevincurran.org/com320/labs/routing.html#:~:text=Network%20Destination%20%E2%80%94%20The%20network%20destination,determine%20where%20to%20send%20them.&text=Netmask%20%E2%80%94%20The%20subnet%20mask%20of%20the%20network%20destination.&text=0.0%20is%20used%20when%20the,the%20default%20route%20or%20gateway. http://teachweb.milin.cc/datacommunicatie/tcp_osi_model/network_layer/routing.htm
Which commands uses SLASH after command?
ipconfig Eg: ipcongif /all ipconfig /release ipconfig /renew
Which commands use WORDS after the Main Command?
ipconfig route
ipconfig commands
ipconfig IPv6, IPV4, Subnet Mask, Default Gateway ipconfig /all more information ipconfig /release releases all IP addresses of DHCP Servers ipconfig /renew renews all IP address from DHCP Servers
Which command uses -A and -a?
nbtstat
nbtstat commands
nbtstat -c local cache "netbios Computer NAME", "Work Group" nbtstat -A <ip of netbios > Remote "netbios Computer Name" "Work Group Name" nbtstat -a <Remote netbios Names> Remote "netbios Computer Name", "Work Group Name"
nbtstat -A , use when?
using IP address for Remote Cache of Computer Names
nbtstat -a , use when?
using Website names for Remote Cache of Computer Names
PING
- To check connectivity btwn two devices -use IP address or Website name -Website = automatically IPV4 used. Gotta Specify -6 = means IPV6 . "Request Timed Out" = That Router isn't responding to your ping. Tracert, Ping = Blocked by that Router/Firewall
Name Server lookup (nslookup)
-Looks at the Website Name -> converts to its IP Address. Two Modes: Interactive and NON-Interactive Non-Interactive mode is "nslookup www.website.com" = Shows only the IP address and nothing. Interactive mode occurs after Non-interactive mode. "nslookup" -> opens a Shell. How u know? Caret symbol appears. ">" > > q = MX means Query the Mail Exchange Server > www.website.com - again asks wat MX server the website uses. This is a much more Interactive mode b/c You can ask Questions. nslookup - Really Useful tool for Reconassiance, Security etc.
Network Statistics (netstat)
netstat = network statistics Looks at all the IP Connections going on. Proto : PROTOCOL (TCP, UDP) Local Address : Current IP address and Port # Wat is this address doing? Action wise? -> STATE tells that. Eg: State = LISTENING Local Address is Listening to the Foreign Address. Listening For wat? PID tells that. PID = Process ID like your APPLICATION representation. Eg: Ctrl+Alt+Del = Kill Task using PID. Sec+ uses PID to terminate the Malware Application.
-6 is used to denote IPV6 address for which Commands?
ping tracert
ping command
ping www.website.com (pings using IPV4 address) or ping IP address = Four Ping total ping -n 10 www.jasondion.com TEN pings done ping -t www.jasondion.com Unlimited Ping (ctrl+c = to stop ping) ping -6 www.jasondion.com Pings using IPV6 IP address
tracert command
tracert www.jasondion.com searches using IPv4 of website tracert -6 www.jasondion.com Searches using IPV6 of website tracert 8.8.8.8 (using IPv4 address)