Some basic commands can often play a big role in protecting network security. The following commands are very prominent.
Check network connection
If you suspect that someone else has installed a Trojan or a virus on your computer, but you don’t have the perfect tools to detect whether such a thing has really happened, you can use the network commands that come with Windows to see who is on it. Connect your computer. The specific command format is: netstat -an. This command can see all IPs connected to the local computer. It contains four parts - proto (connection method), local address (local connection address), foreign address (and local establishment Connection address), state (current port status). Through the detailed information of this command, we can completely monitor the connection on the computer to achieve the purpose of controlling the computer.
We enter the following in the command prompt: netstat -a displays all ports currently open on your computer, netstat -s -e displays your network information in more detail, including TCP, UDP, ICMP and IP statistics, etc. You may have seen them all. Have you ever thought about having a better understanding of Vista and Windows 7 display protocol statistics and current TCP/IP network connections?
The usage of netstat command is as follows (Tip: Arrange them in the order of ab)——
NETSTAT: Displays protocol statistics and current TCP/IP network connections under Vista/Windows7. You can run netstat directly without adding parameters, as shown in the figure:
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]
-a displays all connections and listening ports.
-b displays the executable programs involved in creating each connection or listening port. In some cases, executable programs are known to host multiple independent components. In these cases, the display
The sequence of components involved in creating a connection or listening port. In this case, the name of the executable program is in [] at the bottom, and the components it calls are at the top, until TCP/IP is reached. Note that this option
It can be time-consuming and may fail if you do not have sufficient permissions.
-e displays Ethernet statistics. This option can be used in conjunction with the -s option.
-f displays the fully qualified domain name (FQDN) of the external address.
-n Displays address and port numbers in numerical form.
-o Displays the owned process ID associated with each connection.
-p proto displays connections for the protocol specified by proto; proto can be any of the following: TCP, UDP, TCPv6, or UDPv6. If used with the -s option, each protocol
Protocol statistics, proto can be any of the following: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP or UDPv6.
-r displays the routing table.
-s displays statistics for each protocol. By default, statistics for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6 are displayed; the -p option can be used to specify the default
recognized subnet.
-t displays the current connection offload status.
interval The number of seconds to pause between displays when the selected statistics are redisplayed. Press CTRL+C to stop redisplaying statistics.
Disable unknown services
Many friends will find that the computer speed has slowed down after the system restarts one day. At this time, it is likely that someone has invaded your computer and opened a special service for you, such as IIS information service. You can use "net start" to check what services are open in the system. If we find a service that is not open to us, we can disable the service in a targeted manner. The method is to directly enter "net start" to view the service, and then use "net stop server" to disable the service.
Check accounts easily
For a long time, malicious attackers have used cloned accounts to take control of your computer. The method they used was to activate a default account in the system, but this account is not often used, and then use tools to upgrade this account to administrator privileges. On the surface, this account is still the same as the original, but this cloned Accounts are the biggest security risk in the system. A malicious attacker can use this account to gain arbitrary control of your computer. In order to avoid this situation, you can use a very simple method to check the account.
First, enter net user at the command line to check what users are on the computer, and then use "net user + username" to check what permissions this user has. Generally, except Administrator, who is in the administrators group, the others are not! If you find a If the built-in users in the system belong to the administrators group, then you are almost certainly hacked and someone else has cloned the account on your computer. Quickly use "net user username/del" to delete this user!