An automated connection profile installation utility.
Command Prompt cmstp
You use the Connection Manager Profile Installer to automate the installation (or removal) of connection profiles. For example, an ISP or network administrator may build an .inf file containing all the necessary information to connect to another computer or service, and then use the Connection Manager Profile Installer to integrate the information into a particular computer. Type cmstp at any prompt for information on its usage.
Display information about a user account.
Command Prompt finger
finger [-l] [user][@host]
The Finger client uses a standard protocol to retrieve publicly available information from any networked computer that is running the Finger daemon. Let's say you want to find out about the username "Woodrow" on your own system; you would simply type:
Finger accepts the following options:
The username you want to query. Omit to list all the users currently logged in on the specified host.
The target machine containing the user account(s) you want to query. Omit to query the local machine (localhost).
Displays information in a long list format.
The Finger protocol has been around for a long time, and all versions of Windows NT, Windows 2000, Windows XP, Windows Vista, Unix, Solaris, and other platforms support it. The output from a Finger request varies widely (if you get a response at all); it depends on the operating system running on the specified host and the specific settings imposed by that machine's administrator.
Finger, when it works, commonly retrieves a report that looks something like this:
Login: woodrow Name: Gordie Howe
Directory: /usr/local/home/woodrow Shell: /bin/csh
Never logged in.
New mail received Mon Oct 1 23:35 2001 (PDT)
Unread since Wed Nov 20 11:54 1996 (PDT)
Although most of the information included in this simple report is self-evident, the last line mentions a plan. The plan is a text file to be shown when one's account is fingered. It might contain contact information, office hours, personal statistics, or anything else the user wants.
The Finger daemon is the service responsible for responding to finger requests. This service is disabled by default, but you can enable or otherwise configure it using the services component of the Microsoft Management Console. Note that enabling the service on your computer may pose a security hazard, allowing outsiders to gain some information about one or more users on your system.
As more users and administrators become security-savvy, you'll find fewer occasions when a Finger request actually gets a response. Typically, you'll receive a "connection refused" message.
File Transfer Protocol; transfer files between two computers, typically across the Internet.
You use FTP to transfer files to and from a remote computer, typically on the Internet. Like many Internet applications, FTP is a client application that requires a corresponding FTP server to work. When you start FTP, you are connecting to a remote host and then issuing commands to instruct the host to send or receive files, display directory listings, and so on.
Although each FTP session requires a username and password, there's a very common workaround that allows anonymous connections. Typically, one enters anonymous or ftp as the username and an email address (or, frankly, any bogus text ending in @) as the password to log in (assuming anonymous access is allowed on the server at all).
Once you've logged in, you issue commands by typing in the prompt; the complete list of FTP commands is documented later in this section. The exception is when FTP is run in noninteractive mode using the url option.
Command-line parameters for FTP are as follows:
A web-style address (URL) to a specific file located on an anonymous FTP server, which looks something like this:
If you specify a complete URL, FTP will download the file and then quit automatically, rather than going into interactive mode.
Specify the hostname or IP address of the remote host (server) to connect to. If you omit it, you can enter it once FTP has started by using the open command. For example:
Note that the common ftp. prefix, although not mandatory with FTP, is merely a hostname that signifies a specific machine, often solely devoted to serving FTP requests.
Suppress the display of remote server responses to commandsuseful if you're running FTP from a script.
Suppress auto-login upon initial connection. To connect, you'll need to use the user command once FTP is running.
Turn off interactive prompting during multiple file transfers when using the mget and mput FTP commands.
Enable debuggingdisplaying all FTP commands passed between the client and server (for troubleshooting purposes).
Disable filename globbing, which permits the use of wildcard characters in local file- and pathnames. (See the FTP glob command in the list that follows.)
Specify an FTP script, a plain-text file containing sequential FTP commands, one per line. The commands are issued as though they were typed at the keyboard.
Use any local interface when establishing a connection.
Log in as anonymous (note the capital A). This is the same as logging in normally and manually typing in anonymous as the username and an email address as the password.
Override the default transfer buffer size of 4,096. Change only if you encounter performance problems.
Note that you can start FTP without any command-line parameters to enter interactive mode, but you won't be able to use most of the commands until you log in with the open command (see the following list).
The following list shows the commands available once FTP is running. Most require that a connection has been established and not all will work with every FTP server. The most important commands to know are put, get, mput, mget, cd, lcd, dir, and bye. If you are transferring binary files across platforms (from a Unix host to a Windows-based client, for example), be sure to use the binary command first, or the files may be corrupted in transit.
Run the specified command (e.g., cd) on the local computer, as though you temporarily jumped out of FTP, ran a command, and then jumped back inall without disconnecting. Naturally, you could just open a second Command Prompt window, but some contextual commands, such as cd (see Chapter 14), require the use of the ! command to be effective. Type ! by itself to start a mini-Command Prompt session in which you can type multiple commands; type EXIT to return to the active FTP session.
Same as help.
Append a local file to a file on the remote computer.
Set the file transfer type to ASCII (plain text), the default (except in noninteractive mode). ASCII mode is useful if you're transferring plain-text files between Unix and Windows systems, as line-ending translation must be performed on these types of files. Note that this translation will almost always corrupt binary files such as ZIP archives or Word documents, so you should use the binary command if you're not transferring ASCII files.
Turn on or off the beep after each file transfer command is completed. By default, the bell is off.
Set the file transfer type to binary, a crucial step for transferring nontext files (such as .zip, .gif, and .doc) between Unix and Windows-based machines. Although it's not necessary if the server is also a Windows system, it's a good idea to get into the habit of typing binary (or simply bin) every time you use FTP. Note that binary is the default in noninteractive mode, when used with the url command-line parameter. See also "ascii," earlier in this list.
End the FTP session and, if necessary, disconnect from the remote computer. The standard Command Prompt exit command won't work here, but quit will.
Change the working directory on the remote computer (to cd on the local machine, use ! cd or lcd).
Disconnect from the remote computer without exiting FTP. Use open to connect to a different FTP server or bye to exit FTP.
Toggle debugging. When debugging is on, each internal command sent to the remote computer is displayed, preceded by the string --->. By default, debugging is off.
Delete a file on the remote computer. You can delete only a single file at a time with delete (no wildcards are allowed); use mdelete to delete multiple files at once.
Display a list of the contents of the working directory on the remote computer, with details. Use ls for a simple listing. Occasionally, directory listings for anonymous users may be disabled, in which case dir will not work; if you want to download, you'll need to know the particular filename(s) beforehand.
Same as close.
Transfer remote_file from the server to the local machine. If local_file is not specified, the local file will be given the same name as the original. The file will be placed in the local working directory; to choose a different destination, use lcd. You can download only a single file at a time with get (no wildcards are allowed); use mget to transfer multiple files at once. If transferring binary (nontext) files, use the binary command first.
Toggle filename globbing. Globbing permits use of wildcard characters in local file- or pathnames. By default, globbing is on. You also can disable globbing with the -g command-line parameter.
Turn on or off FTP's crude progress bar for file transfers. A hash mark (#) character is displayed for each 2 KB of data transferred, so large files will have longer progress bars than small files. By default, hash mark printing is off.
Display all the available commands. Include command to get help with a single command (e.g., help get). Same as ?.
Change the working directory on the local computer. Enter a full path as directory (e.g., c:\downloads) to effectively instruct FTP to place downloaded files there. Omit directory to simply display the current working directory. By default, the working directory is in use when FTP is started; if FTP is opened from Start Run, the working directory is c:\Users\username.
Send so-called "arbitrary" commands to the remote FTP server (such as retr, stor, pasv, and port). A single FTP reply code is expected in return. Typical use of FTP does not involve using literal, but it can provide access to some advanced functions; among the more interesting is the ability to transfer files between two remote computers without having to first transfer them to the local machine.
Display an abbreviated list of a remote directory's files and subdirectories. This is useful when a directory contains a lot of files. Type ls-l (or use dir) to show the "long" listing, including file details. Occasionally, you can disable directory listings for anonymous users, in which case ls will not work; if you want to download, you'll need to know the particular filename(s) beforehand.
Delete multiple files on remote computers. Unlike with delete, you can use wildcards (e.g., *.txt for all .txt files).
Store a listing of the remote working directory's contents (with details) into a file; both parameters are required. You use the remote_files parameter to modify the listing, either by specifying a wildcard (use * to list all files) or by specifying the name of another directory. local_file is the target filename in which the directory listing is stored.
Transfer one or more remote files to the local computer. Unlike with get, you can use wildcards (e.g., *.txt for all .txt files). You will be asked to confirm each transfer unless you turn off prompting with the prompt command. Local files will be given the same names as their remote counterparts. If transferring binary (nontext) files, use the binary command first.
Create a remote directory. Note that anonymous users are usually not permitted to create directories on remote systems.
Same as mdir, except that a short listing (no details) is stored.
Transfer one or more local files to the remote computer. Unlike with put, you can use wildcards (e.g., *.txt for all .txt files). You will be asked to confirm each transfer unless you turn off prompting with the prompt command. Remote files will be given the same names as their local counterparts. If transferring binary (nontext) files, use the binary command first.
openhostname or IPaddress
Connect to the specified FTP server. This is the same as specifying a server in the FTP command line; use open if you omitted the host parameter. You can use open whenever there's no current connection, either if you disconnected using disconnect or close, or if the initial connection attempt was unsuccessful.
Turn on or off prompting for multiple file transfers. When you use the mput or mget command, FTP will prompt you before transferring each file. By default, prompt is turned on; type prompt before using mput or mget to transfer multiple files without being prompted.
Transfer local_file from the local machine to the server. If you do not specify remote_file, the remote file will be given the same name as the original. The file will be placed in the remote working directory; to choose a different destination, use cd. You can upload only a single file at a time with put (no wildcards are allowed); use mput to transfer multiple files at once. If transferring binary (nontext) files, use the binary command first.
Print Working Directory (PWD) displays the remote working directory; use cd to change to a different remote directory.
End the FTP session with the remote computer and exit FTP.
Same as literal.
Same as get.
Display help for remote commands supported by the server. This is probably similar to the commands available on the client, but may not be identical. As with ? and help, supplying no arguments returns a list of command names. Use remotehelpcommand to get more information on each command.
Rename a remote file. Note that anonymous users are usually not permitted to rename files on remote systems.
Delete a remote directory. Note that anonymous users are usually not permitted to delete directories on remote systems.
Same as put.
Display the current status of the connection and the current settings of options such as prompt, verbose, and ascii|binary.
Turn on or off packet tracing, which displays the route of each packet when executing an FTP command. By default, trace is off.
Display whether transfers are performed in binary or ascii mode. Use type binary (or just binary) to transfer binary files.
Specify the username on the remote computer; if you do not specify a password, you will be prompted for one. Typically, FTP prompts for the username and password when a connection is first established; however, if you type an incorrect username and password, you can try again with the user command without having to reconnect.
Turn on or off verbose mode. If verbose is on (the default), all FTP responses are displayed, such as when a file transfer completes and any statistics regarding the efficiency of the transfer.
To copy the file preface.doc from the directory /pub/nutshell on a remote computer to \temp\docs on your local computer, once you're logged on to a server, you would perform the following from the command prompt (note that cd within ftp is for the remote computer):
This will load ftp and run myfile.scr, executing any ftp commands in the file.
Most web browsers support the ftp:// protocol, which provides limited FTP functionality without having to use an FTP client. For example, you can retrieve a single file from an anonymous FTP server by opening this address in any web browser: ftp://example.com/path/filename.ext.
Furthermore, you can specify a username and (optionally) a password, like this: ftp://username:email@example.com/path/filename.ext.
Some browsers will even let you upload files when connected to an FTP server (assuming the server permits you to do so). In Internet Explorer, you can simply drag and drop files into an FTP window as though it were a folder on your hard disk.
You can abbreviate all ftp command names to their first four letters, sometimes fewer.
If you omit any nonoptional arguments from most FTP commands, you'll be prompted for them.
When using the get or mget command, transferred files will be placed in whatever directory was the working directory when you launched FTP. Once an FTP session has begun, you can change the working directory with the lcd command: to switch from the local C:\ drive to the A:\ drive, for example, you would type:
In FTP, to maintain consistency with its Unix heritage, you must use the forward slash (/) instead of the backslash (\) when specifying pathnames. Furthermore, directory and filenames are case-sensitive when connecting to a Unix FTP server; readme.txt is a different file than Readme.TXT.
Many FTP servers impose an "idle timeout" on FTP connections; that is, if you open an FTP connection and let it sit for several minutes without typing any commands, the FTP server will disconnect you.
You use Msg to send a text message to a user currently logged in to the local computer; you also can use it to send a message simultaneously to all logged-in users.
Note that Msg is not intended to send messages to other computers, but to users remotely logged in to your computer. The exception is a user on another machine currently logged in to your machine (or the machine specified by /server), assuming that machine is set up as a Terminal Server. To send a message to another computer, use an instant messaging program such as MSN Messenger or Chat (or just send an email).
Msg accepts the following options:
The text message to send. If you omit it, Msg prompts for it. Also can read from standard input; see Chapter 14.
Recipient can be a username, a session name, a session ID, or a filename (pointing to a file containing a list of usernames, session names, or session IDs). Or, specify an asterisk (*) to send a message to all sessions on the specified server.
Specifies /server:name to send the message to users on another machine, where name is the name of a Terminal Server (see "Services," in the "Microsoft Management Console" section in Chapter 10, for details).
Indicates the amount of time, in seconds, to wait for the recipient to acknowledge the message being sent.
Verbose mode; displays additional information about the actions being performed.
Waits for a response from the recipient; useful with /v.
Display, modify, and troubleshoot your current workgroup settings.
Command Prompt net
net command [parameters]
Net is a general-purpose diagnostic tool used to configure, control, and troubleshoot the networking settings on a Windows Vista system. The Net tool will appeal most to more advanced users or those who need to control network settings from the command line.
To use Net, you must specify one of the following 21 commands, followed by any of the applicable parameters. To get more information about any of these commands, use the help command, like this:
net help command
Here are the commands used with Net:
Use net accounts to update the user accounts database and modify password and logon requirements for all accounts. If used without parameters, the current settings for password, logon limitations, and domain information are displayed.
Use net computer to add or delete computers from a domain database; it is available only on Windows Server.
The net config command displays configuration information about the workstation or server service. See the "Example" section at the end of this list.
Type net continue to reactivate a Windows service that has been suspended by net pause.
net file closes a shared file and removes any file locks. When you use it without options, net file lists the open files on a server. The listing includes the ID number, location, number of locks, and user currently accessing the file.
net group adds, displays, or modifies global groups on servers. When you use it without options, net group displays a list of the groups on the server.
net help displays more information about any command. When you use it without options, net help displays all the available commands.
The net helpmsg command displays information about error, warning, and alert messages relating to a Windows network. For example, type nethelpmsg2181 to display an explanation of error #2181 and any possible remedies.
net localgroup modifies local groups on computers. When you use it without options, net localgroup displays a list of the groups on the server.
The net name command adds or deletes a messaging name, an alias to which messages are sent (via net send). When you use it without options, a list of names accepting messages at the computer is displayed.
Use net pause to temporarily suspend a Windows service or resource, and use net continue to reactivate it when you're ready.
The net print command displays print jobs and shared printer queues.
net session lists or disconnects sessions between the computer and other computers on the network.
The net share command makes a server's resources available to network users. When you use it without options, it lists information about all resources being shared. See also "Create A Shared Folder," earlier in this chapter.
Use net start to start a service. When you use it without options, it lists services that have already been started.
net statistics displays the statistics log for the local workstation or server service. When you use it without parameters, net statistics displays the services for which statistics are available.
Use net stop to stop a service that has been started with net start. Note that stopping some services will cause others to be stopped, and some services cannot be stopped at all.
Probably the most interesting command in the bunch, net time is used to synchronize the computer's clock with that of another computer or domain. You can also use net time to set the NTP timeserver for the computer.
The net use command connects (or disconnects) a computer to a shared resource (shared with net share). When you use it without options, it lists the computer's active connections.
net user creates and modifies user accounts. When you use it without options, net user lists the user accounts for the computer. The user account information is stored in the same user accounts database used by Control Panel User Accounts; see "User Accounts," in Chapter 10.
net view displays a list of resources being shared on a remote computer. When you use it without options, it displays a list of computers in the current domain or network.
To display your computer's current workgroup settings, type this:
C:\>net config workstation
Computer name \\Vista-Desktop
Full Computer name Vista-Desktop
User name Preston
Workstation active on
Software version Windows Vista (TM) Ultimate
Workstation domain WORKGROUP
Logon domain Vista-Desktop
COM Open Timeout (sec) 0
COM Send Count (byte) 16
COM Send Timeout (msec) 250
The command completed successfully.
Wide-ranging command-line tool with an extremely large number of available commands.
Command Prompt netsh
netsh command [parameters]
The netsh command contains many, many dozens of commands and useful features; to list them all is well beyond the scope of this book. Suffice it to say that if there's some networking information you want to get from the command line, or a task you want to perform, there's a reasonable chance that netsh can help. Many levels and sublevels of commands are available.
There are many categories of commands used with netsh; type this command:
to get the primary list, which follows:
Diagnostic and configuration tools relating to clients that use DHCP
Diagnostic and configuration tools relating to your firewall
Diagnostic and configuration tools relating to IPsec security
Diagnostic and configuration tools for your LAN
Diagnostic and configuration tools related to the WAN to which you're connected
To display the current configuration of your firewall, type this:
C:\> Netsh firewall show config
Domain profile configuration:
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
Standard profile configuration (current):
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
Enable No File and Printer Sharing
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
ICMP configuration for Standard profile:
Mode Type Description
Enable 8 Allow inbound echo request
File location = J:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Perform a DNS lookup; used to convert domain names to IP addresses and vice versa.
Command Prompt nslookup
When you type a web address into a browser's address bar and press Enter, Windows looks up the server name to determine the corresponding IP address. Then the IP address is used to initiate communication with the server. If the lookup fails, either because the name servers (the machines containing the DNS lookup tables) are down or because the specified domain does not exist, the connection attempt will fail as well.
NSLookup is a simple tool that allows you to look up the IP address of any domain name or server name, as well as find the server name associated with any particular IP address. To use NSLookup, just specify the domain name at the prompt, like this:
Every time you initiate communication with a server, there will be a delay while Windows performs an NSLookup. To eliminate the delay, use NSLookup to determine the IP address and then replace the reference with the IP address. However, take care to do this only with IP addresses that you know will not change; it is not unusual for web and mail servers to occasionally change IP addresses (and some servers have multiple IP addresses).
Most ISPs employ at least two nameservers, which are used for lookups for all of their customers. If one goes down, the other takes up the slack. However, if both nameservers are down for some reason, or even are just performing poorly, it can disable most Internet communication. If, however, you use IP addresses as described in the preceding note, you eliminate your susceptibility to this problem.
Because NSLookup and the automatic lookups performed behind the scenes depend on your ISP's nameservers, they are susceptible to receiving outdated information. If you're having trouble accessing a particular server, you can use an NSLookup gateway to double-check your findings. An NSLookup gateway is simply a web-enabled version of NSLookup. You also can use it to perform lookups; however, if the gateway site is outside your ISP, it will use its own nameservers and therefore may provide more up-to-date information. To find such a site, perform a web search for "NSLookup gateway."
NSLookup also performs a lookup of the IP address of your local computer and displays it before performing the requested lookup. In many cases, though, it will fail, which means that you may see an error message every time you run NSLookup (such as "Can't find server name . . . "). However, this won't interfere with NSLookup's primary function.
Windows caches some lookups, which means that you may see outdated information. To flush the cache, type ipconfig/flushdns at the command prompt. See "Windows IP Configuration," later in this chapter, for more information.
"Ping," "Tracert," and "Windows IP Configuration"
Test the "reachability" of another computer on the network or across the Internet.
The primary function of Ping is to see whether another computer is "alive" and reachable. Ping works on local networks and across Internet connections. For example, type the following at a command prompt:
and you'll get a report that looks something like this:
Pinging oreilly.com [188.8.131.52] with 32 bytes of data:
Reply from 184.108.40.206: bytes=32 time=78ms TTL=238
Reply from 220.127.116.11: bytes=32 time=31ms TTL=238
Reply from 18.104.22.168: bytes=32 time=15ms TTL=238
Reply from 22.214.171.124: bytes=32 time=78ms TTL=238
Ping statistics for 126.96.36.199:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 78ms, Average = 50ms
Here, Ping sent out four pings (the default), reported the time it took for them to return (in milliseconds), and then displayed various statistics about the session. Ping is especially useful if you're having trouble contacting a server and you want to see whether the server is alive (running and accepting connections). If the server does not reply (meaning that it is down, the connection has been severed, or the server is ignoring Ping messages for security reasons), you'll see Request timed out. Ping accepts the following options:
The machine to ping; it can be the name of a computer on your network, an IP address (e.g., 188.8.131.52), or an Internet address (e.g., oreilly.com).
Normally, Ping sends out four pings and then quits. Include the -t option to ping continually until you interrupt Ping by pressing Ctrl-C. Press Ctrl-Break to display statistics without interrupting.
Resolve addresses to hostnames.
The number of pings to send; the default is four.
The size of the packets to send, in bytes; the default is 32 bytes.
Turn on the "Don't Fragment" flag in packet.
The amount of time to wait, in milliseconds, before Ping gives up and displays Request timed out; the default is 500 milliseconds (half a second).
Display the route taken to reach the server (see "Tracert," later in this chapter). The count is the maximum number of hops to record and can range from one to nine.
Display a timestamp for count hops.
Impose a "loose" route (see the -r option) along which to ping.
Impose a "strict" route (see the -r option) along which to ping.
Specify the Time to Live (TTL); valid range is from 0 to 255.
Specify the Type of Service (TOS); valid range is from 0 to 255.
Use routing header to test reverse route also (IPv6 only).
Source address to use (IPv6 only).
Force using IPv4.
Force using IPv6.
The word ping comes from submarine lingo, when sonar was used to detect nearby objects, such as ships and other submarines. Pulses of sound were sent through the water; those that returned indicated the existence of an object off which the pulses were reflected. ping.exe works very similarly, except it sends packets rather than sonic pulses.
"Tracert" and "NSLookup"
Manipulate the TCP/IP routing table for the local computer.
Routing tables provide information necessary to connect to other computers on a network or the Internet. Route accepts the following options:
Specifies one of four commands:
Prints a route (similar to netstat -r). The route print command is useful if you are having a problem (e.g., "Host unreachable" or "Request timed out") with the routes on your computer, because it will display all the different fields in the active route (see the example).
Adds a route to the routing table; used until the computer is shut down (unless the -p option is specified).
Deletes a route from the routing table.
Modifies an existing route in the routing table.
The remote computer that is reachable via gateway.
Frees (clears) the routing tables of all gateway entries. If you use this in conjunction with one of the commands listed earlier, the tables are cleared prior to running the command.
When you use this with the add command, -p makes a route persistent across boots of the system. If you don't specify -p, any route you add will be valid only until the computer is restarted. The -p option has no effect on other commands, as they're all persistent.
The gateway computer to be used for traffic going to destination. It is possible to use