Wednesday, November 26, 2008

The Windows™ 95/98 Network Programs 

PING.exe

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
           [-r count] [-s count] [[-j host-list] | [-k host-list]]
           [-w timeout] destination-list

Options:
   -t             Ping the specifed host until interrupted.
   -a             Resolve addresses to hostnames.
   -n count       Number of echo requests to send.
   -l size        Send buffer size.
   -f             Set "Don't Fragment" flag in packet.
   -i TTL         Time To Live.
   -v TOS         Type Of Service.
   -r count       Record route for count hops.
   -s count       Timestamp for count hops.
   -j host-list   Loose source route along host-list.
   -k host-list   Strict source route along host-list.
   -w timeout     Timeout in milliseconds to wait for each reply.

There's one special IP number everyone should know about:

127.0.0.1 - localhost (or loopback).
This is used to connect ( through a browser, for example) to a Web server on your own computer. (127 being reserved for this purpose.) You can use this IP number at all times. It doesn't matter if you're connected to the Internet or not.

It's also called the loopback address because you can ping it and get returns even when you're offline (not connected to any network). If you don't get any valid replies, then there's a problem with the computer's Network settings. Here's a typical response to the 'ping' command:

Here's another recent example using the name of my computer which I have tied to the IP number 127.0.0.1 in my C:\WINDOWS\HOSTS file:
C:\WINDOWS>ping My_Comp

Pinging My_Comp [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<10ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 0ms, Maximum =  1ms, Average =  0ms
Posted by at No comments:
Labels: ,

The Windows™ 95/98 Network Programs 

NETSTAT.exe      TCP/IP Network Statistics

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

 -a         Displays all connections and listening ports.

 -e         Displays Ethernet statistics.  This may be combined with the
            -s option.

 -n         Displays addresses and port numbers in numerical form.

 -p proto   Shows connections for the protocol specified by proto; proto
            may be TCP or UDP.  If used with the -s option to display
            per-protocol statistics, proto may be TCP, UDP, or IP.

 -r         Displays the routing table.

 -s         Displays per-protocol statistics.  By default, statistics
            are shown for TCP, UDP and IP; the -p option may be used
            to specify a subset of the default.

 interval   Redisplays selected statistics, pausing interval seconds
            between each display.  Press CTRL+C to stop redisplaying
            statistics.  If omitted, netstat will print the current
            configuration information once.
First, I would recommend that you always use the '-a' parameter so you can see UDP 'listening ports' as well (often used by trojans), and not just the active TCP connections; then switch between using the '-a' and no parameters at all, to see the differences. When you're offline, you normally shouldn't see any connection data! If you do see an OPEN PORT NUMBER 'listening' for a connection (using the '-a' parameter), it may be that your computer has been infected with a trojan! Click this link for a few more ideas on how you can check to see if your computer is Trojan Free?

If you're running a server, such as the free XITAMI server, you might see something like this ("My_Comp" is the name of my computer):
C:\WINDOWS>netstat -a

Active Connections

 Proto  Local Address          Foreign Address        State
 TCP    My_Comp:ftp            localhost:0            LISTENING
 TCP    My_Comp:80             localhost:0            LISTENING
Or with the "-an" parameters: 
C:\WINDOWS>netstat -an

Active Connections

 Proto  Local Address          Foreign Address        State
 TCP    0.0.0.0:21             0.0.0.0:0              LISTENING
 TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
By simply opening a browser connection to both the HTTP (port 80) and FTP (port 21) servers (while still offline!), I saw the following: 
C:\WINDOWS>netstat -a

Active Connections

 Proto  Local Address          Foreign Address        State
 TCP    My_Comp:ftp            localhost:0            LISTENING
 TCP    My_Comp:80             localhost:0            LISTENING
 TCP    My_Comp:1104           localhost:0            LISTENING
 TCP    My_Comp:ftp            localhost:1104         ESTABLISHED
 TCP    My_Comp:1102           localhost:0            LISTENING
 TCP    My_Comp:1103           localhost:0            LISTENING
 TCP    My_Comp:80             localhost:1111         TIME_WAIT
 TCP    My_Comp:1104           localhost:ftp          ESTABLISHED
 TCP    My_Comp:1107           localhost:0            LISTENING
 TCP    My_Comp:1112           localhost:80           TIME_WAIT
 UDP    My_Comp:1102           *:*
 UDP    My_Comp:1103           *:*
 UDP    My_Comp:1107           *:*
This may be a bit confusing to some people, but remember I'm running BOTH the servers and clients on the same machine in these examples. A little later (using both 'a' and 'n') I got this: 
C:\WINDOWS>netstat -an

Active Connections

 Proto  Local Address          Foreign Address        State
 TCP    0.0.0.0:21             0.0.0.0:0              LISTENING
 TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
 TCP    0.0.0.0:1104           0.0.0.0:0              LISTENING
 TCP    127.0.0.1:21           127.0.0.1:1104         FIN_WAIT_2
 TCP    127.0.0.1:1102         0.0.0.0:0              LISTENING
 TCP    127.0.0.1:1103         0.0.0.0:0              LISTENING
 TCP    127.0.0.1:1104         127.0.0.1:21           CLOSE_WAIT
 TCP    127.0.0.1:1107         0.0.0.0:0              LISTENING
 UDP    127.0.0.1:1102         *:*
 UDP    127.0.0.1:1103         *:*
 UDP    127.0.0.1:1107         *:*
After turning off my server, I ended up with this for a while: 
C:\WINDOWS>netstat -an

Active Connections

 Proto  Local Address          Foreign Address        State
 TCP    127.0.0.1:80           127.0.0.1:1150         TIME_WAIT
 TCP    127.0.0.1:80           127.0.0.1:1151         TIME_WAIT
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)
Your Ad Here