Download Windows networking tools : the complete guide to management
Transcript
Windows Networking Tools The Complete Guide Troubleshooting, to Management, Security and Gilbert Held TECHNISCHE INFORMATIONSBIBLIOTHEK UNIVERSITATSBIBUOTHEK HANNOVCQ CRC Press Taylor & Francis Croup Boca Raton CRC Press is an London New York imprint of the Croup, an Informs Taylor & Francis AN AUERBACH BOOK business Contents Chapter 1 Introduction 1 1.1 The TCP/IP Protocol Suite 1 1.1.1 2 Applications 1.1.1.1 1.1.1.2 1.2 2 10 13 1.2.1 Examining the TCP/IP Protocol Suite IP and MAC Addressing 13 Transport Layer Protocols Working with the Command Prompt 14 Windows Built-in 15 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 Examining 2.1 Applications Emerging Applications Book Preview 1.2.2 Chapter 2 Current Networking Network Monitoring Tools Network Security Efficiency Methods the TCP/IP Protocol Suite ISO Reference Model 2.1.1 14 15 15 15 16 17 17 OSI Reference Model 19 2.1.1.1 Layer 1: The 19 2.1.1.2 Layer Layer 2 Subdivision 20 2.1.1.3 2.1.1.4 2.1.1.5 2.1.1.6 2.1.1.7 2.1.1.8 2: Layers Physical Layer The Data Link Layer Layer 3: The Network Layer Layer 4: The Transport Layer Layer 5: The Session Layer Layer 6: The Presentation Layer Layer 7: The Application Layer 19 20 22 22 23 23 V VI CONTENTS 2.2 2.1.2 Data Flow 23 The TCP/IP Protocol Suite 24 2.2.1 The TCP/IP Network 2.2.2 IP 2.2.3 Chapter 3 25 25 2.2.2.1 IPv4 2.2.2.2 IPv6 2.2.2.3 ARP 27 2.2.2.4 ICMP 27 Addressing Addressing 26 26 Transport Layer 27 2.2.3.1 TCP 27 2.2.3.2 UDP 28 Application Layer 29 The The 2.2.4 Layer 2.3 Data Flow within 2.4 Summary Addressing TCP/IP Network a 30 31 at Layers 2 and 3 and the Internet Protocol 33 3.1 34 Data Link Ethernet Frame 3.1.1 3.2 3.3 Addressing Operations 3.1.1.1 Basic Ethernet 3.1.1.2 Full 36 3.1.1.3 Duplex and vLAN Tagging 3.1.1.4 SNAP Frames 48 3.1.1.5 Frame Determination the PAUSE Frame 48 Fast Ethernet Coding 4B5B 3.2.2 Delimiters 3.2.3 Interframe Gigabit Ethernet 3.3.1 Standards Evolution 46 50 51 Gap 51 51 Varieties 3.3.2 Frame Format Modifications 52 52 55 3.3.2.1 Carrier Extension 55 3.3.2.2 Half-Duplex Use Frame Bursting Jumbo Frames 56 3.3.2.3 3.3.2.4 Gigabit Ethernet 3.4.1 Fiber Standards 3.4.2 44 50 3.2.1 3.3.1.1 3.4.10 34 56 57 59 60 3.4.1.1 10GBASE-SR 60 3.4.1.2 10GBASE-LR 60 3.4.1.3 10GBASE-LRM 60 3.4.1.4 10GBASE-ER 60 3.4.1.5 10GBASE-ZR 61 3.4.1.6 10GBASE-LX4 61 Copper 61 3.4.2.1 10GBASE-CX4 61 3.4.2.2 lOGSFP+Cu 62 CONTENTS 3.5 3.4.2.3 Backplane 3.4.2.4 10GBASE-T Ethernet 62 62 63 Vers Field 3.5.2 Hlen and Total Length 3.5.3 of Service Field 63 Type Fields 63 64 Identification Field 65 3.5.5 Flags 3.5.6 Fragment 3.5.7 Time 3.5.8 Protocol Field 67 3.5.9 Checksum Field 71 3.5.10 Source and Destination Address Fields IPv4 Field to 66 Offset Field 66 Live Field Options and 67 Padding Fields 71 Overview 3.6.2 Addressing 3.6.3 Basic 72 73 Addressing Scheme 74 Address Classes 75 3.6.3.2 Address Formats 3.6.3.3 Address 3.6.3.4 71 71 Addressing 3.6.1 3.6.3.1 3.8 GBps 3.5.1 3.5.11 3.7 10 The IPv4 Header 3.5.4 3.6 VII Composition 76 and Notation IPv4 Addresses 3.6.3.5 Special Subnetting and 3.6.3.6 Classless Networking the Subnet Mask 76 77 82 90 Tne IPv6 Header 91 3.7.1 Ver Field 92 3.7.2 Priority Field 92 3.7.3 Flow Label Field 93 3.7.4 Payload Length 93 3.7.5 Next Header Field 93 3.7.6 Hop 94 3.7.7 Source and Destination Address Fields 94 3.7.7.1 Address 95 3.7.7.2 Address Notation 95 3.7.7.3 Address Allocation 96 Field Limit Field Types 3.7.8 Provider-Based Unicast Addresses 97 3.7.9 Multicast Addresses 97 3.7.10 Transporting 98 IPv4 Addresses ICMPandARP 3.8.1 3.8.2 99 3.8.1.1 ICMPv4 99 3.8.1.2 ICMPv6 101 LAN 103 ARP 3.8.2.1 3.8.3 99 ICMP RARP 103 Delivery 107 CONTENTS VIII Chapter 4 Transport Layer Protocols 109 4.1 109 TCP 4.1.1 TCP Header Source and Destination Port Fields 4.1.1.2 Sequence and Acknowledgment Number Fields 114 Hlen Field 115 4.1.1.4 Code Bit Field 116 4.1.1.5 Window Field 117 4.1.1.6 Checksum Field 4.1.1.7 Urgent Pointer Options Field Padding Field 4.1.1.9 4.1.3 119 4.1.2.2 Port 4.1.2.3 Passive OPEN 120 4.1.2.4 Active OPEN 120 Ihe 5.1 5.2 Hiding Three-Way Handshake 121 121 4.1.3.2 Operation 121 4.1.3.2 The TCP Window 123 4.1.3.3 Avoiding Congestion 125 UDP 127 127 128 UDP Header 128 4.2.1.1 Source and Destination Port Fields 4.2.1.2 Length 4.2.1.3 Checksum Field Field Operation Applications with the Prompt Location 5.1.1 Options 5.1.2 Positioning upon Opening 5.1.3 Controlling the Command Prompt Window Working with Function Keys and Commands Key Use Function 5.2.2 Repertoire 129 129 130 Command Prompt 5.2.1 129 130 The Command 5.2.3 119 Overview Session Termination Working 118 118 4.1.5 4.2.3 118 Connection Function Calls TCP Retransmissions 4.2.2 117 118 4.1.2.1 4.1.4 4.2.1 Chapter 5 Field Connection Establishment 4.1.3.1 4.2 110 4.1.1.3 4.1.1.8 4.1.2 110 4.1.1.1 133 133 136 137 137 138 139 of Commands 139 5.2.2.1 The Command 141 5.2.2.2 The CLS Command 144 Help Controlling Output and Additional Commands 145 5.2.3.1 Redirection Methods 145 5.2.3.2 Other Useful Commands 151 CONTENTS 5.2.3.3 Chapter 6 IX Wildcards 156 Windows Built-In Networking Tools 6.1 Ping 6.1.1 6.1.2 6.1.3 159 159 Discovery via Ping Ping Options Using the Round-Trip Delay 162 162 163 6.2 Tracert 164 167 6.3 Using Tracert The Pathping Command 6.4 The 170 6.2.1 6.5 ipconfig 167 Command 6.4.2 The Release and Renew Options 173 6.4.3 The Flushdns 174 6.4.4 The Displaydns Option Option 174 ARP 6.5.1 175 Reverse ARP (RARP) and ARP and IPv6 178 6.6 The Getmac Command 179 6.7 The Netstat Command 181 6.7.1 6.8 6.9 Command Format 181 6.7.1.1 The 181 6.7.1.2 The -b Switch 6.7.1.3 The 6.7.1.4 The-f Switch 185 6.7.1.5 The -n Switch 185 6.7.1.6 The -o Switch 186 6.7.1.7 The-p Switch and Interval Use 186 6.7.1.8 The -r Switch 187 6.7.1.9 The -s Switch 191 6.7.1.10 The-t Switch 191 -a -e Switch and -s 183 Switches 184 The Route Command 191 6.8.1 Command Format 192 6.8.1.1 -f Switch 193 6.8.1.2 -p Switch 193 6.8.1.3 -4 Switch 193 6.8.1.4 -6 Switch 193 6.8.2 Commands 193 6.8.3 The 194 6.8.4 Mask and Netmask 194 6.8.5 The 194 6.8.6 The Metric 194 Supported Destination Option Gateway Option Option 6.8.7 The If Interface Option 6.8.8 Working with Route The IPv4 Routing Table 6.8.8.1 6.8.8.2 The IPv6 Routing Table The Nslookup Command 195 195 196 197 199 6.10 The Getmac Command 202 6.11 The Net Command 203 X CONTENTS 6.11.1 204 6.11.1.1 Net Accounts The Net Options Computer Option 204 6.11.2 6.11.3 The Net Config Option 206 6.11.4 The Net Continue, Start, and 6.11.5 The Net File 6.11.6 The Net 6.11.7 The Net 6.11.8 The Net Send Command 6.11.9 The Net Stop Options Option 206 206 207 Group Option Helpmsg 207 209 Localgroup Option Option 209 210 6.11.10 The Net Share Command 210 6.11.11 The Net Session Command 213 6.11.12 The Net Statistics Command 214 6.11.13 The Net Time Command 217 6.11.14 The 218 Net Use Command 6.12 The Net User Command 221 6.13 The Netsh Command 224 6.13.1 Chapter 7 The Net Accounts Command The Netsh Wlan Command 228 6.13.1.1 The Add Subcommand 231 6.13.1.2 The Connect Subcommand 233 6.13.1.3 The Delete Subcommand 234 6.13.1.4 The 236 6.13.1.5 Other Netsh Wlan Functions Network Monitoring Export with Profile Subcommand Wireshark and WinDump 7.1 241 Wireshark 241 Evolution 7.1.1 Program 7.1.2 Obtaining 7.1.3 Program 7.1.4 The 7.1.6 the 241 Program 242 Overview Capture 244 Screen 246 7.1.4.1 Packet Colors 7.1.4.2 Examining Options 7.1.4.3 7.1.5 238 a Packet File Menu Working with Filters 7.1.5.1 Filter 7.1.5.2 Applying a Filter Expressions Statistics 246 247 250 250 253 254 256 Data 7.1.6.1 Summary 7.1.6.2 Protocol 7.1.6.3 Conversations 257 7.1.6.4 Endpoints 259 7.1.6.5 Packet 7.1.6.6 IO 7.1.6.7 Conversation List 7.1.6.8 Endpoint Hierarchy Lengths Graphs List and Other Entries 256 257 259 259 260 260 CONTENTS 7.1.7 7.1.8 7.2 XI Telephony 261 7.1.7.1 RTP 261 7.1.7.2 Stream 7.1.7.3 VoIP Calls Analysis 265 The Tools Menu 269 WinDump 269 7.2.1 Overview 7.2.1.1 7.2.1.2 7.2.1.3 7.2.1.4 270 Initial Operation Selecting an Interface Program Format Using Multiple Switches 7.2.1.5 7.2.2 271 273 274 288 7.2.2.1 Qualifiers 288 7.2.2.2 Expression 7.2.2.3 Relationship Operators Utilization Examples Network Intrusion Primitives Security and Snort 276 290 290 290 299 299 8.1.1 Requirements 8.1.2 Installation 8.1.3 Commencing 300 302 Snort 304 8.1.3.1 Sniffer Mode 8.1.3.2 Packet 8.1.3.3 Network Intrusion Detection Logger 304 Mode System Mode 8.1.4 271 Program Switches WinDump Expressions 7.2.2.4 8.1 263 307 308 Command Switches 310 8.1.4.1 The -A Switch 310 8.1.4.2 The -b Switch 312 8.1.4.3 The -B Switch 312 8.1.4.4 The -C Switch 314 8.1.4.5 The -d Switch 314 8.1.4.6 The -E Switch 314 8.1.4.7 The -f Switch 314 8.1.4.8 The -F Switch 314 8.1.4.9 The -G Switch 314 8.1.4.10 The 314 8.1.4.11 The -i Switch 315 8.1.4.12 The T Switch 315 8.1.4.13 The -k and -K Switches 315 8.1.4.14 The -1 and -L Switches 315 8.1.4.15 The 315 8.1.4.16 The -O Switch 316 8.1.4.17 The -p and -P Switches The -q Switch 317 The 318 8.1.4.18 8.1.4.19 -H Switch -n -r Switch and -R Switches 317 CONTENTS XII 8.1.5 8.2 8.2.4 8.4 Chapter 9 318 The-T Switch 318 8.1.4.22 The-U Switch 318 8.1.4.23 The-v and-V Switches 318 8.1.4.24 The-W Switch 318 8.1.4.25 The-X and-x Switches 319 Switch 8.1.4.26 The-y 8.1.4.27 The -Z Switch 319 319 Network Intrusion Detection System 9.2 Mode 319 322 323 325 8.2.2.1 Restricted Site Protection 327 8.2.2.2 System Snapshot 328 329 The Tools Menu 8.2.3.1 Flash Killer 330 8.2.3.2 Custom 331 Checking for 331 Blocking Updates 332 Using Online Armor 8.3.1 Installation 332 8.3.2 Operation 335 AXCrypt File 338 Encryption 8.4.1 Installation 340 8.4.2 Operation 340 Enhancing Network Performance 9.1 345 345 Third-Party Networking Tools 9.1.1 Bandwidth Tools 346 9.1.2 IP Tools 347 9.1.3 Miscellaneous Networking Tools 348 9.1.4 Network Information 349 9.1.5 Other Sites 349 9.1.6 Using Disk to Consider 350 Search Tools Windows Built-in 9.2.1 Networking Tools 352 352 Cleanup Matters 354 9.2.2 Why Disk Defragmentation 9.2.3 Resource Monitor 355 System Information 358 9.2.4 Index The-s and-S Switches 8.1.4.21 Using SpywareBlaster 8.2.1 Obtaining the Program 8.2.2 Adding Protection 8.2.3 8.3 8.1.4.20 361