The nbtstat Command


The nbtstat Command

The netstat command utility is a great tool for finding what ports are open and what services may be causing certain ports to become unusable. This utility can also be used to help determine whether there are outside attacks on your network and obtain network statistics by protocol. Let's look at the syntaxes for the netstat command.

  • -a . Displays the established TCP and UDP sessions as an interface. One of the best uses of this syntax is to identify potential teardrop attacks or other possible problems that could cause a server to accumulate excessive TCP listens or initiated sessions.

     C:\>  netstat -a  Active Connections  Proto  Local Address          Foreign Address        State  TCP    Laptop101009:echo      .:0                    LISTENING  TCP    Laptop101009:discard   .:0                    LISTENING  TCP    Laptop101009:daytime   .:0                    LISTENING  TCP    Laptop101009:epmap     .:0                    LISTENING  TCP    Laptop101009:microsoft-ds  .:0                LISTENING  TCP    Laptop101009:38292     .:0                    LISTENING  TCP    Laptop101009:pop3      .:0                    LISTENING  TCP    Laptop101009:1031      .:0                    LISTENING  TCP    Laptop101009:netbios-ssn  .:0                 LISTENING  TCP    Laptop101009:1984      webmail.surewest.net:http  ESTABLISHED 
  • “e . This syntax displays Ethernet interface statistics, including error and discarded packets, as shown below.

     Interface Statistics                                Received       Sent Bytes                          646455        9735466 Unicast packets                8763          29846 Non-unicast packets            3242          467 Discards                        0            0 Errors                          1            2 Unknown protocols                0 
  • “n . This syntax displays local addresses and protocol port numbers for the various sessions and listens, as well as the current state of each session.

     C:\>  netstat -n  Active Connections   Proto  Local Address          Foreign Address        State   TCP    172.16.1.33:2187       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2188       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2189       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2190       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2191       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2192       64.236.44.71:80        ESTABLISHED   TCP    172.16.1.33:2193       64.236.44.71:80        ESTABLISHED 
  • “p [tcp] [udp] [ip] . This syntax followed by a protocol is similar to “n syntax, but lists the host name instead of the IP Address.

     C:\>  netstat -p tcp  Active Connections   Proto  Local Address     Foreign Address                  State   TCP    Laptop101009:1224 web3.digitalcrawlspaces.com:5631 ESTABLISHED 
  • netstat “r. Displays the contents of the local routing table. The listing also includes the active ports: -r displays the IP routing table and active connections. -p replaces protocol with the name of the protocol for which connection statistics will be seen. You can combine this option with the -s option to see active connections on the protocol.

     C:\>  netstat -r  Route Table Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 08 02 63 d4 54 ......                    Intel 8255x-based Integrated Fast Ethernet 0x1000004 ...00 08 a1 42 3c 0e ...... WLAN 11Mbps PCMCIA ADAPTER(5V) Active Routes: Network Destination        Netmask       Gateway       Interface  Metric           0.0.0.0          0.0.0.0      10.1.1.1      10.1.2.173       1          10.1.0.0      255.255.0.0    10.1.2.173      10.1.2.173       1        10.1.2.173  255.255.255.255     127.0.0.1       127.0.0.1       1          10.2.0.0      255.255.0.0      10.1.1.1      10.1.2.173       3          10.3.0.0      255.255.0.0      10.1.1.1      10.1.2.173       3          10.4.0.0      255.255.0.0      10.1.1.1      10.1.2.173       4    10.255.255.255  255.255.255.255    10.1.2.173      10.1.2.173       1         127.0.0.0        255.0.0.0     127.0.0.1       127.0.0.1       1         224.0.0.0        224.0.0.0    10.1.2.173      10.1.2.173       1   255.255.255.255  255.255.255.255    10.1.2.173         1000003       1 Default Gateway:          10.1.1.1 
  • -s . This syntax displays statistics for each protocol. The “p syntax can be used in conjunction with this syntax to select a particular protocol statistics for TCP, UDP, ICMP, or IP.

     C:\>  netstat -s  IP Statistics   Packets Received                   = 8893   Received Header Errors             = 0   Received Address Errors            = 9   Datagrams Forwarded                = 0   Unknown Protocols Received         = 0   Received Packets Discarded         = 0   Received Packets Delivered         = 8890   Output Requests                    = 8160   Routing Discards                   = 0   Discarded Output Packets           = 0   Output Packet No Route             = 0   Reassembly Required                = 0   Reassembly Successful              = 0   Reassembly Failures                = 0   Datagrams Successfully Fragmented  = 0   Datagrams Failing Fragmentation    = 0   Fragments Created                  = 0 ICMP Statistics                             Received    Sent   Messages                  179         184   Errors                    0           0   Destination Unreachable   0           5   Time Exceeded             0           0   Parameter Problems        0           0   Source Quenches           0           0   Redirects                 0           0   Echos                     179         0   Echo Replies              0           179   Timestamps                0           0   Timestamp Replies         0           0   Address Masks             0           0   Address Mask Replies      0           0 TCP Statistics   Active Opens                        = 124   Passive Opens                       = 0   Failed Connection Attempts          = 16   Reset Connections                   = 38   Current Connections                 = 1   Segments Received                   = 8022   Segments Sent                       = 7282   Segments Retransmitted              = 40 UDP Statistics   Datagrams Received    = 670   No Ports              = 19   Receive Errors        = 0   Datagrams Sent        = 648 C:\> 

The above output shows the sent packets, received packets, messages, and open connections for each protocol being used by the LAN connection to the PC.

The route Command

The route command is used to display the hosts routing table or to make static changes to the table. With this command you can specify a local router to use to reach a specific remote network or individual host.

graphics/alert_icon.gif

Cisco expects you to have a good understanding of the syntaxes to the route command. Make sure you also understand how you add or delete a route using the route command.


The route command has subcommands called the print , add , delete , or change commands. These commands are used to print, add, delete, or change route table entries, respectively. Output from the route print command is shown below.

 C:\>  route print  Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 08 02 63 d4 54 .. Intel 8255x-based Integrated Fast Ethernet 0x1000004 ...00 08 a1 42 3c 0e .. WLAN 11Mbps PCMCIA ADAPTER(5V) Active Routes: Network Destination        Netmask          Gateway       Interface  Metric           0.0.0.0          0.0.0.0         10.1.1.1      10.1.2.173       1          10.1.0.0      255.255.0.0       10.1.2.173      10.1.2.173       1        10.1.2.173  255.255.255.255        127.0.0.1       127.0.0.1       1          10.2.0.0      255.255.0.0         10.1.1.1      10.1.2.173       3      66.209.77.34  255.255.255.255         10.1.1.2      10.1.2.173       1         127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1    168.143.113.20  255.255.255.255         10.1.1.2      10.1.2.173       1    216.200.14.151  255.255.255.255         10.1.1.2      10.1.2.173       1         224.0.0.0        224.0.0.0       10.1.2.173      10.1.2.173       1   255.255.255.255  255.255.255.255       10.1.2.173         1000003       1 Default Gateway:          10.1.1.1 Persistent Routes: None C:\> 

The above output displays all the routes to different networks and devices known by the PC. If you want to display routes only for a specific network, specify the network number. In the following output, the Class A network of 10 is displayed.

 C:\>  route print 10*  Interface List 0x1 ........................... MS TCP Loopback interface 0x1000003 ...00 08 02 63 d4 54....Intel 8255x-based Integrated Fast Ethernet 0x1000004 ...00 08 a1 42 3c 0e....WLAN 11Mbps PCMCIA ADAPTER(5V) Active Routes: Network Destination        Netmask          Gateway       Interface  Metric          10.1.0.0      255.255.0.0       10.1.2.179      10.1.2.179       1        10.1.2.179  255.255.255.255        127.0.0.1       127.0.0.1       1          10.2.0.0      255.255.0.0       10.2.2.207      10.2.2.207       1          10.2.0.0      255.255.0.0         10.1.1.1      10.1.2.179       3        10.2.2.207  255.255.255.255        127.0.0.1       127.0.0.1       1          10.3.0.0      255.255.0.0         10.1.1.1      10.1.2.179       3          10.4.0.0      255.255.0.0         10.1.1.1      10.1.2.179       4    10.255.255.255  255.255.255.255       10.1.2.179      10.1.2.179       1    10.255.255.255  255.255.255.255       10.2.2.207      10.2.2.207       1 Default Gateway:          10.1.1.1 Persistent Routes:   None C:\> 

You can add a route or delete a route using the add or delete subcommands. The following output shows how to add a route to reach the subnetwork 192.16.1.0 through the router at IP address 10.1.1.2. In this example, the subnetwork has a subnet mask of 255.255.255.0. To delete the route, you can use the same command, but replace the subcommand add with the subcommand delete .

 >  route add 192.16.1.0 mask 255.255.255.0 10.1.1.2.  
graphics/note_icon.gif

You can make an added route a persistent route by specifying the “p syntax. A persistent route is a route that will remain in the routing table even after the dynamically learned routes have expired. By using a persistent route, you ensure that a route to another network will not be removed from the routing table after the normal expiration time for non-persistent routes has expired .




CCNP CIT Exam Cram 2 (642-831)
CCNP CIT Exam Cram 2 (Exam Cram 642-831)
ISBN: 0789730219
EAN: 2147483647
Year: 2003
Pages: 213
Authors: Sean Odom

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net