. 1. ping
ping command It is a command to check whether the network is fluent or the network connection speed. As a person who is often confused with network administrators or hackers, the first DOS command to learn is ping. The principle it uses is this: the machines on the network all have unique IP addresses. We send a packet to the destination IP address, and the other party will return a packet of the same size. We can judge based on the returned packet. Whether the target host exists or not, what operating system, etc. ……
-t means that the packet will be sent to the target IP without interruption until we force it to stop. Imagine if you use 100M broadband access and the target IP is a 56K kitten, then it will not take long for the target IP to drop because it can't bear so much data. Oh, an attack is as simple as that.
-l Defines the size of the sent packet. The default is 32 bytes. We can use it to define up to 65500 bytes. Combined with the -t parameter described above, there will be better results.
-n Defines the number of times a packet is sent to the destination IP. The default is 3 times. If the network speed is slow, 3 times is a waste of time for us, because now our purpose is only to determine whether the target IP exists, then it is defined as once.
Explain that if the -t parameter is used with the -n parameter, the ping command is based on the following parameters, such as “ping IP -t -n 3”, although the -t parameter is used, Not pinging all the time, but only pinging 3 times. In addition, the ping command does not have to ping the IP, you can also directly ping the host domain name, so you can get the host's IP.
Below we give an example to illustrate the specific usage.
Here, time=2 means that the time taken from the time the packet is sent to the time the packet is received is 2 seconds. From here, the speed of the network connection can be judged. The return value from the TTL can be used to preliminarily determine the operating system of the pinged host. The reason why it is said "previous judgment" is that this value can be modified. Here TTL=32 means the operating system may be win98.
(Small knowledge: If TTL=128, it means the target host may be Win2000; if TTL=250, the target host may be Unix)
As for using the ping command, you can quickly find the LAN fault, you can quickly search the fastest. The QQ server can ping other people … … these are * everyone played.
Second, nbtstat
This command uses NetBIOS on TCP/IP to display protocol statistics and current TCP/IP connections. With this command you can get the NETBIOS information of the remote host, such as the user name, the working group, and the network card. MAC address and so on. Here we need to understand a few basic parameters.
-a Using this parameter, as long as you know the machine name of the remote host, you can get its NETBIOS information (the same below).
-A This parameter also gets the NETBIOS information of the remote host, but you need to know its IP.
-n Lists the NETBIOS information of the local machine.
When you get the IP or machine name of the other party, you can use the nbtstat command to get the other party's information further, which increases the insurance factor of our intrusion.
Three, tracert
Trace routing information, use this command to find out all the ways that data is transmitted from the local machine to the target host, which is very helpful for us to understand the network layout and structure. As shown in Figure 5.
This shows that the data is transferred from the local machine to the 192.168.0.1 machine, without any transfer in the middle, indicating that the two machines are in the same LAN. Usage: tracert IP.
four, netstat
This is a command to view the status of the network, easy to operate and powerful.
-a View all the open ports of the local machine, you can effectively find and prevent Trojans, you can know the information about the services opened by the machine, as shown in Figure 4.
It can be seen that the local machine is open with FTP service, Telnet service, mail service, WEB service, etc. Usage: netstat -a IP.
-r List the current routing information, tell us the local machine's gateway, subnet mask and other information. Usage: netstat -r IP.