Download Windows networking tools : the complete guide to management

Windows
Networking Tools
The
Complete Guide
Troubleshooting,
to
Management,
Security
and
Gilbert Held
TECHNISCHE
INFORMATIONSBIBLIOTHEK
UNIVERSITATSBIBUOTHEK
HANNOVCQ
CRC Press
Taylor & Francis Croup
Boca Raton
CRC Press is an
London
New York
imprint of the
Croup, an Informs
Taylor
& Francis
AN
AUERBACH
BOOK
business
Contents
Chapter
1
Introduction
1
1.1
The TCP/IP Protocol Suite
1
1.1.1
2
Applications
1.1.1.1
1.1.1.2
1.2
2
10
13
1.2.1
Examining the TCP/IP Protocol Suite
IP and MAC Addressing
13
Transport Layer Protocols
Working with the Command Prompt
14
Windows Built-in
15
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
Examining
2.1
Applications
Emerging Applications
Book Preview
1.2.2
Chapter 2
Current
Networking
Network Monitoring
Tools
Network
Security
Efficiency Methods
the
TCP/IP Protocol Suite
ISO Reference Model
2.1.1
14
15
15
15
16
17
17
OSI Reference Model
19
2.1.1.1
Layer
1: The
19
2.1.1.2
Layer
Layer 2 Subdivision
20
2.1.1.3
2.1.1.4
2.1.1.5
2.1.1.6
2.1.1.7
2.1.1.8
2:
Layers
Physical Layer
The Data Link Layer
Layer 3: The Network Layer
Layer 4: The Transport Layer
Layer 5: The Session Layer
Layer 6: The Presentation Layer
Layer 7: The Application Layer
19
20
22
22
23
23
V
VI
CONTENTS
2.2
2.1.2 Data Flow
23
The TCP/IP Protocol Suite
24
2.2.1
The TCP/IP Network
2.2.2
IP
2.2.3
Chapter 3
25
25
2.2.2.1
IPv4
2.2.2.2
IPv6
2.2.2.3
ARP
27
2.2.2.4
ICMP
27
Addressing
Addressing
26
26
Transport Layer
27
2.2.3.1
TCP
27
2.2.3.2
UDP
28
Application Layer
29
The
The
2.2.4
Layer
2.3
Data Flow within
2.4
Summary
Addressing
TCP/IP Network
a
30
31
at
Layers 2
and
3
and
the
Internet Protocol
33
3.1
34
Data Link
Ethernet Frame
3.1.1
3.2
3.3
Addressing
Operations
3.1.1.1
Basic Ethernet
3.1.1.2
Full
36
3.1.1.3
Duplex and
vLAN Tagging
3.1.1.4
SNAP Frames
48
3.1.1.5
Frame Determination
the PAUSE Frame
48
Fast Ethernet
Coding
4B5B
3.2.2
Delimiters
3.2.3
Interframe
Gigabit
Ethernet
3.3.1
Standards Evolution
46
50
51
Gap
51
51
Varieties
3.3.2 Frame Format Modifications
52
52
55
3.3.2.1
Carrier Extension
55
3.3.2.2
Half-Duplex Use
Frame Bursting
Jumbo Frames
56
3.3.2.3
3.3.2.4
Gigabit
Ethernet
3.4.1
Fiber Standards
3.4.2
44
50
3.2.1
3.3.1.1
3.4.10
34
56
57
59
60
3.4.1.1
10GBASE-SR
60
3.4.1.2
10GBASE-LR
60
3.4.1.3
10GBASE-LRM
60
3.4.1.4
10GBASE-ER
60
3.4.1.5
10GBASE-ZR
61
3.4.1.6
10GBASE-LX4
61
Copper
61
3.4.2.1
10GBASE-CX4
61
3.4.2.2
lOGSFP+Cu
62
CONTENTS
3.5
3.4.2.3
Backplane
3.4.2.4
10GBASE-T
Ethernet
62
62
63
Vers Field
3.5.2
Hlen and Total
Length
3.5.3
of Service Field
63
Type
Fields
63
64
Identification Field
65
3.5.5
Flags
3.5.6
Fragment
3.5.7
Time
3.5.8
Protocol Field
67
3.5.9
Checksum Field
71
3.5.10
Source and Destination Address Fields
IPv4
Field
to
66
Offset Field
66
Live Field
Options
and
67
Padding
Fields
71
Overview
3.6.2
Addressing
3.6.3
Basic
72
73
Addressing
Scheme
74
Address Classes
75
3.6.3.2
Address Formats
3.6.3.3
Address
3.6.3.4
71
71
Addressing
3.6.1
3.6.3.1
3.8
GBps
3.5.1
3.5.11
3.7
10
The IPv4 Header
3.5.4
3.6
VII
Composition
76
and Notation
IPv4 Addresses
3.6.3.5
Special
Subnetting and
3.6.3.6
Classless Networking
the Subnet Mask
76
77
82
90
Tne IPv6 Header
91
3.7.1
Ver Field
92
3.7.2
Priority Field
92
3.7.3
Flow Label Field
93
3.7.4
Payload Length
93
3.7.5
Next Header Field
93
3.7.6
Hop
94
3.7.7
Source and Destination Address Fields
94
3.7.7.1
Address
95
3.7.7.2
Address Notation
95
3.7.7.3
Address Allocation
96
Field
Limit Field
Types
3.7.8
Provider-Based Unicast Addresses
97
3.7.9
Multicast Addresses
97
3.7.10
Transporting
98
IPv4 Addresses
ICMPandARP
3.8.1
3.8.2
99
3.8.1.1
ICMPv4
99
3.8.1.2
ICMPv6
101
LAN
103
ARP
3.8.2.1
3.8.3
99
ICMP
RARP
103
Delivery
107
CONTENTS
VIII
Chapter 4
Transport Layer Protocols
109
4.1
109
TCP
4.1.1
TCP Header
Source and Destination Port Fields
4.1.1.2
Sequence and Acknowledgment
Number Fields
114
Hlen Field
115
4.1.1.4
Code Bit Field
116
4.1.1.5
Window Field
117
4.1.1.6
Checksum Field
4.1.1.7
Urgent Pointer
Options Field
Padding Field
4.1.1.9
4.1.3
119
4.1.2.2
Port
4.1.2.3
Passive OPEN
120
4.1.2.4
Active OPEN
120
Ihe
5.1
5.2
Hiding
Three-Way Handshake
121
121
4.1.3.2
Operation
121
4.1.3.2
The TCP Window
123
4.1.3.3
Avoiding Congestion
125
UDP
127
127
128
UDP Header
128
4.2.1.1
Source and Destination Port Fields
4.2.1.2
Length
4.2.1.3
Checksum Field
Field
Operation
Applications
with
the
Prompt Location
5.1.1
Options
5.1.2
Positioning upon Opening
5.1.3
Controlling the Command Prompt Window
Working with Function Keys and Commands
Key Use
Function
5.2.2
Repertoire
129
129
130
Command Prompt
5.2.1
129
130
The Command
5.2.3
119
Overview
Session Termination
Working
118
118
4.1.5
4.2.3
118
Connection Function Calls
TCP Retransmissions
4.2.2
117
118
4.1.2.1
4.1.4
4.2.1
Chapter 5
Field
Connection Establishment
4.1.3.1
4.2
110
4.1.1.3
4.1.1.8
4.1.2
110
4.1.1.1
133
133
136
137
137
138
139
of Commands
139
5.2.2.1
The
Command
141
5.2.2.2
The CLS Command
144
Help
Controlling Output
and Additional
Commands
145
5.2.3.1
Redirection Methods
145
5.2.3.2
Other Useful Commands
151
CONTENTS
5.2.3.3
Chapter 6
IX
Wildcards
156
Windows Built-In Networking Tools
6.1
Ping
6.1.1
6.1.2
6.1.3
159
159
Discovery via Ping
Ping Options
Using the Round-Trip Delay
162
162
163
6.2
Tracert
164
167
6.3
Using Tracert
The Pathping Command
6.4
The
170
6.2.1
6.5
ipconfig
167
Command
6.4.2
The Release and Renew Options
173
6.4.3
The Flushdns
174
6.4.4
The Displaydns Option
Option
174
ARP
6.5.1
175
Reverse ARP
(RARP) and ARP and IPv6
178
6.6
The Getmac Command
179
6.7
The Netstat Command
181
6.7.1
6.8
6.9
Command Format
181
6.7.1.1
The
181
6.7.1.2
The -b Switch
6.7.1.3
The
6.7.1.4
The-f Switch
185
6.7.1.5
The
-n
Switch
185
6.7.1.6
The
-o
Switch
186
6.7.1.7
The-p
Switch and Interval Use
186
6.7.1.8
The
-r
Switch
187
6.7.1.9
The
-s
Switch
191
6.7.1.10
The-t Switch
191
-a
-e
Switch
and
-s
183
Switches
184
The Route Command
191
6.8.1
Command Format
192
6.8.1.1
-f Switch
193
6.8.1.2
-p Switch
193
6.8.1.3
-4
Switch
193
6.8.1.4
-6 Switch
193
6.8.2
Commands
193
6.8.3
The
194
6.8.4
Mask and Netmask
194
6.8.5
The
194
6.8.6
The Metric
194
Supported
Destination Option
Gateway Option
Option
6.8.7
The If Interface Option
6.8.8
Working with Route
The IPv4 Routing Table
6.8.8.1
6.8.8.2
The IPv6 Routing Table
The Nslookup Command
195
195
196
197
199
6.10
The Getmac Command
202
6.11
The Net Command
203
X
CONTENTS
6.11.1
204
6.11.1.1
Net Accounts
The Net
Options
Computer Option
204
6.11.2
6.11.3
The Net
Config Option
206
6.11.4
The Net Continue, Start, and
6.11.5
The Net File
6.11.6
The Net
6.11.7
The Net
6.11.8
The Net Send Command
6.11.9
The Net
Stop Options
Option
206
206
207
Group Option
Helpmsg
207
209
Localgroup Option
Option
209
210
6.11.10 The Net Share Command
210
6.11.11 The Net Session Command
213
6.11.12 The Net Statistics Command
214
6.11.13 The Net Time Command
217
6.11.14 The
218
Net Use
Command
6.12
The Net User Command
221
6.13
The Netsh Command
224
6.13.1
Chapter 7
The Net Accounts Command
The Netsh Wlan Command
228
6.13.1.1
The Add Subcommand
231
6.13.1.2
The Connect Subcommand
233
6.13.1.3
The Delete Subcommand
234
6.13.1.4
The
236
6.13.1.5
Other Netsh Wlan Functions
Network Monitoring
Export
with
Profile Subcommand
Wireshark and
WinDump
7.1
241
Wireshark
241
Evolution
7.1.1
Program
7.1.2
Obtaining
7.1.3
Program
7.1.4
The
7.1.6
the
241
Program
242
Overview
Capture
244
Screen
246
7.1.4.1
Packet Colors
7.1.4.2
Examining
Options
7.1.4.3
7.1.5
238
a
Packet
File Menu
Working with
Filters
7.1.5.1
Filter
7.1.5.2
Applying a Filter
Expressions
Statistics
246
247
250
250
253
254
256
Data
7.1.6.1
Summary
7.1.6.2
Protocol
7.1.6.3
Conversations
257
7.1.6.4
Endpoints
259
7.1.6.5
Packet
7.1.6.6
IO
7.1.6.7
Conversation List
7.1.6.8
Endpoint
Hierarchy
Lengths
Graphs
List and Other Entries
256
257
259
259
260
260
CONTENTS
7.1.7
7.1.8
7.2
XI
Telephony
261
7.1.7.1
RTP
261
7.1.7.2
Stream
7.1.7.3
VoIP Calls
Analysis
265
The Tools Menu
269
WinDump
269
7.2.1 Overview
7.2.1.1
7.2.1.2
7.2.1.3
7.2.1.4
270
Initial
Operation
Selecting an Interface
Program Format
Using Multiple Switches
7.2.1.5
7.2.2
271
273
274
288
7.2.2.1
Qualifiers
288
7.2.2.2
Expression
7.2.2.3
Relationship Operators
Utilization Examples
Network Intrusion
Primitives
Security
and
Snort
276
290
290
290
299
299
8.1.1
Requirements
8.1.2
Installation
8.1.3
Commencing
300
302
Snort
304
8.1.3.1
Sniffer Mode
8.1.3.2
Packet
8.1.3.3
Network Intrusion Detection
Logger
304
Mode
System Mode
8.1.4
271
Program Switches
WinDump Expressions
7.2.2.4
8.1
263
307
308
Command Switches
310
8.1.4.1
The -A Switch
310
8.1.4.2
The -b Switch
312
8.1.4.3
The
-B Switch
312
8.1.4.4
The -C Switch
314
8.1.4.5
The -d Switch
314
8.1.4.6
The -E Switch
314
8.1.4.7
The -f Switch
314
8.1.4.8
The -F Switch
314
8.1.4.9
The -G Switch
314
8.1.4.10
The
314
8.1.4.11
The -i Switch
315
8.1.4.12
The T Switch
315
8.1.4.13
The -k and -K Switches
315
8.1.4.14
The -1 and -L Switches
315
8.1.4.15
The
315
8.1.4.16
The -O Switch
316
8.1.4.17
The -p and -P Switches
The -q Switch
317
The
318
8.1.4.18
8.1.4.19
-H Switch
-n
-r
Switch
and -R Switches
317
CONTENTS
XII
8.1.5
8.2
8.2.4
8.4
Chapter 9
318
The-T Switch
318
8.1.4.22
The-U Switch
318
8.1.4.23
The-v and-V Switches
318
8.1.4.24
The-W Switch
318
8.1.4.25
The-X and-x Switches
319
Switch
8.1.4.26
The-y
8.1.4.27
The -Z Switch
319
319
Network Intrusion Detection
System
9.2
Mode
319
322
323
325
8.2.2.1
Restricted Site Protection
327
8.2.2.2
System Snapshot
328
329
The Tools Menu
8.2.3.1
Flash Killer
330
8.2.3.2
Custom
331
Checking
for
331
Blocking
Updates
332
Using Online Armor
8.3.1
Installation
332
8.3.2
Operation
335
AXCrypt
File
338
Encryption
8.4.1
Installation
340
8.4.2
Operation
340
Enhancing Network Performance
9.1
345
345
Third-Party Networking Tools
9.1.1
Bandwidth Tools
346
9.1.2
IP Tools
347
9.1.3
Miscellaneous Networking Tools
348
9.1.4
Network Information
349
9.1.5
Other Sites
349
9.1.6
Using
Disk
to
Consider
350
Search Tools
Windows Built-in
9.2.1
Networking
Tools
352
352
Cleanup
Matters
354
9.2.2
Why Disk Defragmentation
9.2.3
Resource Monitor
355
System Information
358
9.2.4
Index
The-s and-S Switches
8.1.4.21
Using SpywareBlaster
8.2.1
Obtaining the Program
8.2.2
Adding Protection
8.2.3
8.3
8.1.4.20
361