Some basic commands can often play a big role in protecting network security. The functions of the following commands are very prominent.
detect network connection
If you suspect that your computer Trojan installed by others, or a virus, but there is no perfect tool for hand detection is not really such a thing happen , you can use the Windows network command to see who is connecting to your computer. The specific command format is: netstat-an This command can see all the IPs that are connected to the local computer. It contains four parts - proto (connection mode), localaddress (local connection address), foreign address (and local connection). Address), state (current port status). With the details of this command, we can fully monitor the connection on the computer to achieve the purpose of controlling the computer.
we at the command prompt type the following: netstat-a show currently open on your computer all the ports, netstat-se a more detailed display of your network information, including TCP, UDP, ICMP, and IP Statistics may have been seen by everyone. Have you ever thought about the level of understanding of Vista, Windows 7 display protocol statistics and current TCP/IP network connection knowledge?
netstat command is used as follows (Note: where the press has order a-b) -
NETSTAT: Vista /Windows7 display protocol statistics and the current TCP /IP network connection. Netstat can be run directly without parameters, as shown:
NETSTAT [-a] [- b] [- e] [- f] [- n] [- o] [- pproto] [- r] [-s] [- t] [interval]
-a Show all connections and listening ports.
-b-executable program according to the display when creating each connection or listening port. In some cases, known executables carrying a plurality of separate components, in these cases, the display component creating
sequence involved in the connection or listening port. In this case, the name of the executable is at the bottom [], and the component it calls is at the top until it reaches TCP/IP. Note that this option
items can be time consuming, and may fail when you do not have sufficient permissions.
-e Displays Ethernet statistics. This option can be combined with the -s option.
-f show the external address fully qualified domain name (FQDN).
-n display addresses and port numbers in digital form.
-o displays the process ID associated with each connection to have.
-pproto display connected proto specified protocol; proto may be any of the following: TCP, UDP, TCPv6 or UDPv6. If used with the -s option to display statistics for each protocol, proto can be any of the following: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s to display statistics for each protocol. By default, statistics for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6 are displayed; the -p option can be used to specify the subnet to be recognized.
-t displays the current connection unloaded state.
interval seconds between re-display the selected statistics, each show was paused. Press CTRL+C to stop redisplaying the statistics.
disabled unknown service Many friends in one day after a system restart will find the computer slows down, this time is likely to be other people through the invasion of your computer you open a special Some kind of service, such as IIS information service. You can use "netstart" to check what services are open in the system. If you find a service that is not open to you, we can disable the service in a targeted manner. The method is to directly enter "netstart" to view the service, and then use "netstopserver" to disable the service.
easily check account
for a long time, very much like a malicious attacker to use cloning methods to control the account on your computer. The method they use is to activate the default account in a system, but this account is not used often, and then use the tool to promote this account to administrator privileges. On the surface, this account is still the same as the original, but this clone The account is the biggest security risk in the system. A malicious attacker can control your computer arbitrarily through this account. To avoid this, you can test your account in a very simple way.
first enter the command line netuser, to see some of what the user on the computer, and then use the "netuser + user name" View this user belongs to any authority, usually in addition to Administrator is the administrators group, the other is not! If you find that a user built into the system belongs to the administrators group, it is almost certain that you have been compromised, and someone else has cloned the account on your computer. Use "netuser username/del" to delete this user!