Windows Commands

IPconfig:

• ipconfig - current config of installed IP stack
• ipconfig /all - detailed config report
• ipconfig /displaydns - detailed DNS report

NetStat:

• netstat - displays active tcp connections and ports listening
• netstat -a - active connections
• netstat -no - displays top active connections
• netstat -ano - combo of above
• netstat -r - routing table

Flags:

• -t - active tcp
• -u - udp
• -w - raw
• -x - Unix socket
• (all can be combined with -a flag)
• -s - displays statistics
• -p - tcp traffic
• -f -FDQN format
• -e - network interface statistics
• -t (number of seconds) - time and number of seconds update

Watch traffic with the following commands:

netstat -an (time seconds) | find "port number" 

-checks every (seconds) and prints results if a process starts listening on port (port number)

Ping:

verifies IP level connectivity to another TCP/IP computer by sending an ICMP

• ping <ip>
• ping -t  = continous
• ping -n (select number of pings) -l  (number of bytes) <ip>

Tracert and route:

Tracert determines route to a destination by sending ICMP echo packet. In these packets tracert uses varying IP TTL values

Route display and mofies the entries in a local IP routing table which helps it understand the topology of a network

• tracert -h (number) = specify max hops
• route print = similar to netstat -r, shows routing table

ARP and Whoami:

• arp -a = displays static and dynamic entries to ARP cache table
• arp -av = as above but with verbose mode
• arp -a -N <ip> = more details about the specified interface IP