Typing DOS commands on the Windows Command Line prompt is a most efficient and faster way of doing things in Windows XP. Here's a run-down of the most useful DOS commands available in Windows XP. Some of these DOS commands even do not have an visual alternative.
DOS Command-line tools must be run at the prompt of the Cmd.exe command interpreter. To open Command Prompt, click Start, click Run, type cmd, and then click OK.
ipconfig - Windows IP configuration
Useful for troubleshooting your internet connection. Displays the current IP address of your computer and the DNS server address. If you call your ISP for reporting a bad internet connection, he will probably ask you to run ipconfig.
fc - Free BeyondCompare in XP
FC is an advanced DOS Command that compares two files and displays the differences between them. Though the file comparison results are not as interactive as BeyondCompare or Altova DiffDog, fc is still very useful. You can even set fc to resynchronize the files after finding a mismatch.
type - open text files sans Notepad
Similar to Unix cat command, Type is my favorite DOS command for displaying the contents of a text files without modifying them. When used in combination with more switch, type splits the contents of lengthy text files into multiple pages. Avoid using the type command with binary files or you'll hear alien PC beeps and see some greek characters on your PC.
ping - Say hello to another computer
Ping network command followed by the web-address or IP address tells you about the health of the connection and whether the other party is responding to your handshake request. Ping tool can also be used to convert the web address to a physical IP address.
tree - visual directory structure
You often need to take prints of your physical directory structure but XP has no simple "visual" commands for printing directory contents. Here, try the Tree DOS command and redirect the output to a text file.
tree > mydirectory.txt
print mydirectory.txt
attrib - make hidden files visible
Attrib lets you change attributes of System files and even hidden files. This is great for troubleshooting Windows XP. Say your XP doesn't boot ever since you edited that startup boot.ini file (Hidden), use attrib to remove the Hidden attibute and edit the file using EDIT dos command.
assoc - which program will open that .xyz file
The assoc DOS command can be used to either isplay or even modify the file name extension associations. The command assoc .htm will quickly tell you the name of your default web browser (see picture)
move - more flexible than copy-paste
Say you got a lot of XLS and DOC files in you MyDocuments folder and want to move only those XLS files that have their name ending with 2006. In XP Explorer, you have to manually select each file and then cut-paste to another folder. However, the DOS move command make things much simpler. Just type the following at the command prompt:
move *2006.xls c:\2006Reports\
find - advanced file search with filter
Find is the most powerful DOS command and even more useful than the Windows Desktop Search tool or the Windows Find Wizard. The find command searches for a specific string of text in a file or files. After searching the specified file or files, find displays any lines of text that contain the specified string.
To search your hard disk to find and display the file names on drive C: that contain the string "Google" use the pipe (|) to direct the results of a dir command to find as follows:
dir c:\ /s /b | find "Google"
Quick tip - Drag to avoid typing: When your command acts on a file or folder, you must type the path to that folder after the command. You can save typing time by dragging the file or folder from Windows Explorer into the command window.
To view help at the command-line, at the command prompt, type the following:
CommandName /?
Wednesday 5 March 2008
Window System & Network Commands
Window System Commands
Command Description
at Schedule commands and programs to run at a specified time/date.
finger Display user information on a system running the finger service.
hostname Print the name of the current host.
ipconfig Display/refresh network configuration settings for network adapters.
nbstat Display system NetBIOS information.
netstat Display current system TCP/IP connection and state information.
rasdial Dial and connect to a remote access server or dissconect a connection.
rcp Copy files ro and from a computer
reg Display, add or delete registry keys on the local computer.
rexec Run commands on remote host running the rexec service.
rsh Run commands on remote host running the rsh service.
runas Run commands as a specified user.
start Start a separate window to run a program or command.
tftp Transfer files to and from computers running the tftp service.
Network Commands
Command Description
net continue Resume a paused service.
net file List and close open shared files.
net group Add, display or modify global groups on domain controllers.
net help Display help for the net commands.
net helpmsg Display information about Windows network error/alert/warning messages.
net localgroup Dial and modify local groups on a computer.
net name Display/add/delete messaging names or aliases for a computer.
net pause Suspend a Windows service or resource, in effect putting it on hold.
net send Send messages to other computers/users/messaging names on network.
net session List or disconnect open sessions with the computer.
net share Display/add/delete shared resources on a computer.
net start List running services as well as start services.
net stop Stop running services.
net time Display/synchronise time on a computer; also show/set time server.
net use Connect/disconnect (also list current) a computer and shared resource.
net user Display, create and modify user accounts on a computer.
net view Display a list of shared resources or computers in the domain/network.
Examples (where x: is the drive letter to a shared resource):-
To map a drive: net use x: \\computer name\share name
To delete a drive: net use x: \delete
Net commands
Net commands can be used to view, update, and repair network settings. The most common commands are listed below, additional commands are at Net Help.
XP and 2000 provide two command line shells, CMD and COMMAND. CMD.exe is the successor to COMMAND.com and provides additional features including long file name support.
To open a command line shell click start > Run... > Open: cmd or command
NET DIAG
Runs the Microsoft Network Diagnostics program to display network diagnostic information.
NET DIAG [/NAMES | /STATUS] - /NAMES
- Specifies a diagnostic server name in order to avoid conflicts when NET DIAG is used simultaneously by multiple users. This option works only when the network uses a NetBIOS protocol.
- /STATUS
- Enables you to specify a computer about which you want network diagnostics information.
NET HELP
Provides information about NET commands and error messages.
command /?
NET HELP [suffix]
NET HELP errornum - command
- Specifies the NET command that you want information about.
- suffix
- The second word of the command you want information about, e.g. the suffix of NET VIEW is VIEW.
- errornum
- error message number
NET PRINT
Displays information about print queues and controls print jobs.
NET PRINT \\computer [\printer] | port [/YES]
NET PRINT \\computer|port [job#[/PAUSE|/RESUME|/DELETE]] [/YES] - computer
- The name of the computer whose print queue you want information about. Queue status for each shared printer is displayed if none is specified.
- printer
- The name of the printer you want information about.
- port
- The name of the parallel (LPT) port on your computer that is connected to the printer you want information about.
- job#
- The queued print job number. Options:
/PAUSE - Pauses a print job.
/RESUME - Restarts a print job that has been paused.
/DELETE - Cancels a print job. - /YES
- Command executes without prompting for information or confirmation.
NET TIME
Displays the time on or synchronizes your computer's clock with the shared clock on a Windows or NetWare time server.
NET TIME [\\computer | /WORKGROUP:wgname] [/SET] [/YES] - computer
- The name of the computer whose time you want to check or synchronize your computer's clock with.
- /SET
- Synchronizes your computer's clock with the clock on the specified computer or workgroup.
- /YES
- Command executes without prompting for information or confirmation.
NET USE
Connects or disconnects from a shared resource or displays connection information.
NET USE [drive: | *] [\\computer\directory [password | ?]] [/SAVEPW:NO] [/YES] [/NO]
NET USE [port:] [\\computer\printer [password | ?]] [/SAVEPW:NO] [/YES] [/NO]
NET USE drive: | \\computer\directory /DELETE [/YES]
NET USE port: | \\computer\printer /DELETE [/YES]
NET USE * /DELETE [/YES]
NET USE drive: | * /HOME
NET USE - drive
- The drive letter assigned to a shared directory.
- *
- Specifies the next available drive letter. If used with /DELETE, specifies to disconnect all connections.
- port
- The parallel (LPT) port name assigned to a shared printer.
- computer
- The name of the computer sharing the resource.
- directory
- The name of the shared directory.
- printer
- The shared printer name.
- password
- The password for the shared resource, if any.
- ?
- Specifies that you want to be prompted for the password of the shared resource. You don't need this option unless the password is optional.
- /SAVEPW:NO
- Specifies that the password should not be saved. You need to retype the password the next time you connect to this resource.
- /YES
- Command executes without prompting for information or confirmation.
- /DELETE
- Breaks the connection to a shared resource.
- /NO
- Command executes responding with NO automatically when you are prompted to confirm actions.
- /HOME
- Connects to your HOME directory in your Windows NT user account.
To list all connections, type NET USE without options.
NET VIEW
Displays a list of computers sharing resources in a workgroup or the shared resources on a specified computer.
NET VIEW [\\computer] [/YES]
NET VIEW [/WORKGROUP:wgname] [/YES]
NET VIEW - computer
- The name of the computer whose shared resources you want to see.
- /YES
- Command executes without prompting for information or confirmation.
The Net View command displays a list of workgroup systems with shared resources.
Command-Line Programs for Intranets and the Internet
NETSTAT.exe TCP/IP Network Statistics
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the
-s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto
may be TCP or UDP. If used with the -s option to display
per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are shown for TCP, UDP and IP; the -p option may be used
to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
First, I would recommend that you always use the '-a' parameter so you can see UDP 'listening ports' as well (often used by trojans), and not just the active TCP connections; then switch between using the '-a' and no parameters at all, to see the differences. When you're offline, you normally shouldn't see any connection data! If you do see an OPEN PORT NUMBER 'listening' for a connection (using the '-a' parameter), it may be that your computer has been infected with a trojan! Click this link for a few more ideas on how you can check to see if your computer is Trojan Free?
If you're running a server, such as the free XITAMI server, you might see something like this ("My_Comp" is the name of my computer):
C:\WINDOWS>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP My_Comp:ftp localhost:0 LISTENING
TCP My_Comp:80 localhost:0 LISTENINGOr with the "-an" parameters: C:\WINDOWS>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENINGBy simply opening a browser connection to both the HTTP (port 80) and FTP (port 21) servers (while still offline!), I saw the following: C:\WINDOWS>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP My_Comp:ftp localhost:0 LISTENING
TCP My_Comp:80 localhost:0 LISTENING
TCP My_Comp:1104 localhost:0 LISTENING
TCP My_Comp:ftp localhost:1104 ESTABLISHED
TCP My_Comp:1102 localhost:0 LISTENING
TCP My_Comp:1103 localhost:0 LISTENING
TCP My_Comp:80 localhost:1111 TIME_WAIT
TCP My_Comp:1104 localhost:ftp ESTABLISHED
TCP My_Comp:1107 localhost:0 LISTENING
TCP My_Comp:1112 localhost:80 TIME_WAIT
UDP My_Comp:1102 *:*
UDP My_Comp:1103 *:*
UDP My_Comp:1107 *:*This may be a bit confusing to some people, but remember I'm running BOTH the servers and clients on the same machine in these examples. A little later (using both 'a' and 'n') I got this: C:\WINDOWS>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1104 0.0.0.0:0 LISTENING
TCP 127.0.0.1:21 127.0.0.1:1104 FIN_WAIT_2
TCP 127.0.0.1:1102 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1103 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1104 127.0.0.1:21 CLOSE_WAIT
TCP 127.0.0.1:1107 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1102 *:*
UDP 127.0.0.1:1103 *:*
UDP 127.0.0.1:1107 *:*After turning off my server, I ended up with this for a while: C:\WINDOWS>netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:80 127.0.0.1:1150 TIME_WAIT
TCP 127.0.0.1:80 127.0.0.1:1151 TIME_WAIT PING.exe
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list
Options:
-t Ping the specifed host until interrupted.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set "Don't Fragment" flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
There's one special IP number everyone should know about:
127.0.0.1 - localhost (or loopback).
This is used to connect ( through a browser, for example) to a Web server on your own computer. (127 being reserved for this purpose.) You can use this IP number at all times. It doesn't matter if you're connected to the Internet or not.
It's also called the loopback address because you can ping it and get returns even when you're offline (not connected to any network). If you don't get any valid replies, then there's a problem with the computer's Network settings. Here's a typical response to the 'ping' command:
C:\WINDOWS>ping My_Comp
Pinging My_Comp [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms TRACERT.exe Trace Route
Usage:
tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
Here's an example which traces the route from some ISP in Los Angeles to the main server at UCLA in California ( note how two computers relatively close to each other may be routed way round about! ):
C:\WINDOWS>tracert www.ucla.edu
Tracing route to www.ucla.edu [169.232.33.129]
over a maximum of 30 hops:
1 141 ms 132 ms 140 ms wla-ca-pm6.icg.net [165.236.29.85]
2 134 ms 131 ms 139 ms whv-ca-gw1.icg.net [165.236.29.65]
3 157 ms 132 ms 143 ms f3-1-0.lai-ca-gw1.icg.net [165.236.24.89]
4 194 ms 193 ms 188 ms a0-0-0-1.dai-tx-gw1.icg.net [163.179.235.61]
5 300 ms 211 ms 214 ms a1-1-0-1.ati-ga-gw1.icg.net [163.179.235.186]
6 236 ms 237 ms 247 ms a5-0-0-1.was-dc-gw1.icg.net [163.179.235.129]
7 258 ms 236 ms 244 ms 163.179.243.205
8 231 ms 233 ms 230 ms wdc-brdr-03.inet.qwest.net [205.171.4.153]
9 240 ms 230 ms 236 ms wdc-core-03.inet.qwest.net [205.171.24.69]
10 262 ms 264 ms 263 ms hou-core-01.inet.qwest.net [205.171.5.187]
11 281 ms 263 ms 259 ms hou-core-03.inet.qwest.net [205.171.23.9]
12 272 ms 229 ms 222 ms lax-core-02.inet.qwest.net [205.171.5.163]
13 230 ms 217 ms 230 ms lax-edge-07.inet.qwest.net [205.171.19.58]
14 228 ms 219 ms 220 ms 63-145-160-42.cust.qwest.net [63.145.160.42]
15 218 ms 222 ms 218 ms ISI-7507--ISI.POS.calren2.net [198.32.248.21]
16 232 ms 222 ms 214 ms UCLA--ISI.POS.calren2.net [198.32.248.30]
17 234 ms 226 ms 226 ms cbn5-gsr.calren2.ucla.edu [169.232.1.18]
18 245 ms 227 ms 235 ms www.ucla.edu [169.232.33.129]
Trace complete.Note: Unless you're running a network, the following commands won't be of much use to you...
Furthermore, if you're concerned about Security, my advice is to NEVER use NetBios on a computer that connects to the Internet.
NBTSTAT.exe Net Bios Stats
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S]
[interval]
-a (adapter status) Lists the remote machine's name table given its
name.
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists the remote name cache including the IP
addresses.
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP
addresses.
-s (sessions) Lists sessions table converting destination IP
addresses to host names via the hosts file.
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.
ROUTE.exe
Manipulates network routing tables.
ROUTE [-f] [command [destination] [MASK netmask] [gateway]]
-f Clears the routing tables of all gateway entries. If this is
used in conjunction with one of the commands, the tables are
cleared prior to running the command.
command Specifies one of four commands
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host to send command.
MASK If the MASK keyword is present, the next parameter is
interpreted as the netmask parameter.
netmask If provided, specifies a sub-net mask value to be associated
with this route entry. If not specified, if defaults to
255.255.255.255.
gateway Specifies gateway.
All symbolic names used for destination or gateway are looked up in the
network and host name database files NETWORKS and HOSTS, respectively.
If the command is print or delete, wildcards may be used for the
destination and gateway, or the gateway argument may be omitted.
ARP.exe Address Resolution Protocol
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g (Same as -a)
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface
specified by if_addr.
-d Deletes the host specified by inet_addr.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be
modified. If not present, the first applicable interface
will be used.
Windows XP/2000 Commands & Tools
- at (windows XP/2000)
Scheduling utility. - bootcfg (XP only)
This utility allows you to set up your boot options, such as your default OS and other loading options. - cacls (XP, 2000, & NT4.0)
Changes the ACLs (security Settings) of files and folders. Very similar to chmod in Linux. - comp (XP & 2000)
This utility is very similar to diff in Linux. Use the /? switch to get examples of command usage. - contig (works with NT4.0 and newer)
A great defrag utility for NTFS partitions. - control (XP only) - unpublished!
Allows you to launch control panel applets from the command line. control userpasswords2, for example will launch a helpful local user admin utility. - defrag (XP only - NT4.0 and Win2k use contig)
Yes, XP comes with a command line disk defrag utility. If you are running Win2k or NT4.0 there is still hope. Contig is a free defrag program that I describe on the defrag page. - diskpart (XP only)
Use this command to manage your disk partitions. This is the text version for the GUI Disk Manager. - driverquery (XP only)
Produces a list of drivers, their properties, and their versions. Great for computer documentation. - eudcedit (XP only) - unpublished!
- findstr
Find String - similar to Linux's Grep. - fsutil (XP only) - unpublished!
This is a utility with a lot of capability. Come back soon for great examples. - getmac (XP & 2000)
This command gets the Media Access Control (MAC) address of your network cards. - gpresult (XP & 2000)
This generates a summary of the user settings and computer group policy settings. - gpupdate (XP only)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain. - ipconfig (XP, 2000 & NT4.0)
This handy tool displays IP settings of the current computer and much more. - MMC (XP, 2000 & NT4.0) - Microsoft Management Console
This is the master tool for Windows, it is the main interface in which all other tools use starting primarily in Windows 2000 and newer systems. - more
Utility used to display text output one screen at a time. Ex. more c:\windows\win.ini - msconfig (XP only)
The ultimate tool to change the services and utilities that start when your Windows machine boots up. You can also copy the executable from XP and use it in Win2k. - msinfo32 (XP &smp; 2000)
An awesome diagnostic tool. With it you can get a list of running processes, including the residing path of the executable (great for manually removing malware) and get detailed information about hardware and system diagnostics. - narrator (XP only)
Turns on the system narrator (can also be found in accessibility options in control panel). Will will allow your computer to dictate text to you. - netsh (XP & 2000)
A network configuration tool console. At the 'netsh>' prompt, use the '?' to list the available commands and type "exit" to get back to a command prompt. - netstat (XP)
A local network port tool - try netstat -ano. - nslookup (all)
A DNS name resolution tool. - openfiles (XP Only)
Allows an administrator to display or disconnect open files in XP professional. Type "openfiles /?" for a list of possible parameters. - Pathping (XP & 2000)
A cross between the ping and traceroute utilities. Who needs Neotrace when you can use this? Type "pathping" and watch it go. - recover (XP & 2000)
This command can recover readable information from a damaged disk and is very easy to use. - reg (XP & 2000)
A console registry tool, great for scripting Registry edits. - sc (XP & 2000)
A command line utility called the Service Controller. A power tool to make service changes via a logon/logoff or startup/shutdown script. - schtasks (XP only)
A newer version of the AT command. This allows an administrator to schedule and manage scheduled tasks on a local and remote machines. - secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain. Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit.
NOTE: In Windows XP SP1 and news, this command is superceded by: gpupdate /force - sfc (XP & 2000)
The system file checker scans important system files and replaces the ones you (or your applications) hacked beyond repair with the real, official Microsoft versions. - shutdown (XP & 2000)
With this tool, You can shut down or restart your own computer, or an administrator can shut down or restart a remote computer. - sigverif (XP only)
Microsoft has created driver signatures. A signed driver is Microsoft tested and approved. With the sigverif tool you can have all driver files analyzed to verify that they are digitally signed. Just type 'sigverif' at the command prompt. - systeminfo (XP only)
Basic system configuration information, such as the system type, the processor type, time zone, virtual memory settings, system uptime, and much more. This program is great for creating an inventory of computers on your network. - sysedit (XP/2000)
System Configuration File Editor. An old tool that was very handy for the Windows 9X days. msconfig is what you want to use now. - tasklist (XP pro only)
Tasklist is the command console equivalent to the task manager in windows. It is a must have when fighting scumware and viruses. Try the command:
tasklist /svc
to view the memory resources your services take up. - taskkill (XP only)
Taskkill contains the rest of the task manager functionality. It allows you to kill those unneeded or locked up applications. - tree (XP & 2000)
An amazing experience everyone should try! This command will provide a 'family tree' style display of the drive/folder you specify. - WMIC (XP & 2000)
Windows Management Instrumentation Command tool. This allows you to pull an amazing amount of low-level system information from a command line scripting interface.
Private Character editor. Yes with this program built into Windows XP you can create your own font!
Subscribe to:
Posts (Atom)