常用网络诊断命令

常用网络诊断命令(2007-03-1721:36:11)*arp.exe-a获得主机的ARP列表，俺的只有网关。如果用同一个网线查不同的设备，有时候需要清一下ARP表。比如连接可网口管理的设备时，需要arp-d*清楚一下arpcache池。InternetAddressPhysicalAddressType10.13.23.9700-00-0c-07-ac-2bdynamic*ipconfig.exe/all这个常用，不费话了。常用参数还有/release/renew看看我的：Ethernetadapter无线网络连接4:Connection-specificDNSSuffix.:bjch.com.cnDescription...........:ATMELUSBFastVNET(AR)#2PhysicalAddress.........:00-06-F4-03-EF-B4DHCPEnabled...........:YesAutoconfigurationEnabled....:YesIPAddress............:10.13.23.101SubnetMask...........:255.255.255.224DefaultGateway.........:10.13.23.97DHCPServer...........:10.13.20.19DNSServers...........:202.106.0.20PrimaryWINSServer.......:10.13.20.18LeaseObtained..........:2006年5月14日22:36:09LeaseExpires..........:2006年5月15日2:36:09*ipconfig.exe/displaydns给出一堆DNS，我的是：mtv4.mtvsite.com—————————————-RecordName.....:mtv4.mtvsite.comRecordType.....:5TimeToLive....:236DataLength.....:4Section.......:AnswerCNAMERecord....:5.doclick.com—————————————-RecordName.....::1TimeToLive....:3170DataLength.....:4Section.......:AnswerA(Host)Record...:222.208.183.30qqring.client.qq.com—————————————-RecordName.....:qqring.client.qq.comRecordType.....:1TimeToLive....:72747DataLength.....:4Section.......:AnswerA(Host)Record...:219.133.40.157RecordName.....:qqring.client.qq.comRecordType.....:1TimeToLive....:72747DataLength.....:4Section.......:AnswerA(Host)Record...:219.133.40.156*route.exeprint打印路由表，同netstat-r*net.exestart察看windows启动的所有服务，看看，还是不少啊~：AlerterApplicationLayerGatewayServiceAutomaticUpdatesBackgroundIntelligentTransferServiceCOM+EventSystemComputerBrowserCryptographicServicesDCOMServerProcessLauncherDHCPClientDNSClientEventLogIPSECServicesLogicalDiskManagerNetworkConnectionsNetworkLocationAwareness(NLA)NVIDIADisplayDriverServicePlugandPlayPrintSpoolerProtectedStorageRemoteAccessConnectionManagerRemoteProcedureCall(RPC)RemoteRegistrySecurityAccountsManagerServerShellHardwareDetectionSystemEventNotificationTelephonyWindowsAudioWindowsFirewall/InternetConnectionSharing(ICS)WindowsGatewayWindowsImageAcquisition(WIA)WindowsManagementInstrumentationWorkstation*netstat.exe-e察看网络端口的通讯状态，可以看到丢弃和错误的包数，还有广播包数，凭此能确定是否中毒。InterfaceStatisticsReceivedSentBytes286665947163871622Unicastpackets12317031254364Non-unicastpackets1223696743Discards00Errors00Unknownprotocols1135*netstat.exe-o察看当前打开的端口连接和所属进程ID[最后1列]，从我的连接可以看出我上了MSN（第一条记录），在访问google（66.249.89.99），和msnspace（207.46.217.246）：ActiveConnectionsProtoLocalAddressForeignAddressStatePIDTCPfamily:1634baym-cs211.msgr.hotmail.com:1863ESTABLISHED3048TCPfamily:227366.249.89.99:80ESTABLISHED844TCPfamily:227466.249.89.99:80ESTABLISHED844TCPfamily:2278207.68.178.16:80ESTABLISHED844TCPfamily:2279207.68.178.239:80ESTABLISHED844TCPfamily:2280207.68.178.16:80ESTABLISHED844TCPfamily:2318207.46.217.246:80ESTABLISHED844TCPfamily:2320207.46.217.246:80ESTABLISHED844*netstat.exe-s显示按协议统计信息。默认地，显示IP、IPv6、ICMP、ICMPv6、TCP、TCPv6、UDP和UDPv6的统计信息；（太长，不贴了）*netstat.exe-n结果和-o参数差不多，不说了。*netstat.exe-ab显示所有连接和监听端口。这个包括了-o参数的数据，列出所有协议（tcp、udp等）所有侦听或连接的端口，能看是否中了木马或开着什么服务，-b参数能看到启动该端口的程序，我的：（注：从列表看出来MSN开了多少端口，TCP的、UDP的，一不小心就能把MSN封掉……我开了FireFox在上网，有2个网站还在尝试连接中。而最后2个UDP就是著了名的3721，tnnd，删他100遍都不下去，2个DLL互相监督，死一个另一个就自动启，服了这块狗皮膏药。）ActiveConnectionsProtoLocalAddressForeignAddressStatePIDRpcSsTCPfamily:135family.coolbi.net:0LISTENING1056[svchost.exe]TCPfamily:1025family.coolbi.net:0LISTENING688[lsass.exe]TCPfamily:1027family.coolbi.net:0LISTENING1696[alg.exe]TCPfamily:139family.coolbi.net:0LISTENING4[System]TCPfamily:445family.coolbi.net:0LISTENING4[System]TCPfamily:139family.coolbi.net:0LISTENING4[System]TCPfamily:139family.coolbi.net:0LISTENING4[System]TCPfamily:1634baym-cs211.msgr.hotmail.com:1863ESTABLISHED3048[msnmsgr.exe]TCPfamily:2497219.239.88.110:80ESTABLISHED1328[FIREFOX.EXE]TCPfamily:2499202.108.33.32:80ESTABLISHED1328[FIREFOX.EXE]TCPfamily:2498211.103.111.178:80TIME_WAIT0TCPfamily:2512211.100.32.252:80TIME_WAIT0UDPfamily:1028*:*1136Dnscache[svchost.exe]UDPfamily:500*:*688[lsass.exe]UDPfamily:445*:*4[System]UDPfamily:138*:*4[System]UDPfamily:137*:*4[System]UDPfamily:1123*:*3412[iexplore.exe]UDPfamily:1642*:*3048[msnmsgr.exe]UDPfamily:7760*:*3048[msnmsgr.exe]UDPfamily:9*:*3048[msnmsgr.exe]UDPfamily:1631*:*3048[msnmsgr.exe]UDPfamily:27404*:*3048[msnmsgr.exe]UDPfamily:11212*:*3048[msnmsgr.exe]UDPfamily:138*:*4[System]UDPfamily:137*:*4[System]UDPfamily:138*:*4[System]UDPfamily:137*:*4[System]UDPfamily:1743*:*3948[rundll32.exe]UDPfamily:1725*:*240[Rundll32.exe]*nbtstat.exe-c显示缓存中远程主机的NetBios名称和IP，我这里木有~没邻居，没办法~用命令诊断网络故障一、Ping命令Ping命令在检查网络故障中使用广泛。网络管理人员经常会接到远程用户反映他的主机有故障,如不能对一个或几个远程系统进行登录、发电子邮件或不能做实时业务等。这时Ping命令就是一个很有用的工具。该命令的包长小，网上传递速度非常快，可快速地检测您要去的站点是否可达。它的使用格式是在命令提示符下键入：PingIP地址或主机名。执行结果显示响应时间，表明Ping成功，当前主机与目的主机间存在一条连通的物理路径。如果执行Ping成功而网络仍无法使用，那么问题很可能出在网络系统的软件配置方面。若执行Ping不成功，则故障可能是网线不通、网络适配器配置不正确、网络连接被禁用或IP地址配置不正确等。二、Ipconfig命令Ipconfig命令可以检查网络接口配置。如果用户系统不能到达远程主机，而同一系统的其他主机可以到达，那么用该命令对这种故障的判断很有必要。当主机系统能到达远程主机但不能到达本地子网中的其他主机时，则表示子网掩码设置有问题，进行修改后故障便不会再出现。键入Ipconfig／？可获得Ipconfig的使用帮助，键入I