You are on page 1of 33

Bi Thc Hnh 1

1.1.1 Net

view

C:\>net view
Server Name

Remark

----------------------------------\\MAY01
\\MAY51
\\MAY54
\\MAY60
\\MAY61
\\MAY63
\\MAY64
\\MAY65
\\MAY66
The command completed successfully.

C:\>net view \\192.168.1.51


Shared resources at \\192.168.1.51
Share name Type Used as Comment
----------------------------------Ghost

Disk

The command completed successfully.


1.1.2
C:\>md C:\ThucHanh
C:\>net share thuchanh=C:\ThucHanh

thuchanh was shared successfully.

C:\>net share thuchanh /DELETE


thuchanh was deleted successfully.

1.1.3
C:\>net use * \\192.168.1.51\thuchanh 123456 /USER:may51
Drive Z: is now connected to \\192.168.1.51\thuchanh.
The command completed successfully.

C:\>net use
New connections will be remembered.
Status

Local

Remote

Network

------------------------------------------------------------------------------OK

Z:

\\192.168.1.51\thuchanh Microsoft Windows Network

The command completed successfully.


C:\>net use Z: /DELETE
Z: was deleted successfully.
1.1.4
C:\>net session
Computer

User name

Client Type

Opens Idle time

------------------------------------------------------------------------------\\192.168.1.51

MAY51

Windows 2002 Serv

The command completed successfully.


1.1.5
C:\>net statistics
Statistics are available for the following running services:
Server
Workstation

0 00:00:12

The command completed successfully.


1.1.6
C:\>net start
These Windows services are started:
Apache2.2
Application Layer Gateway Service
Client32
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DFServ
DHCP Client
Distributed Link Tracking Client
DNS Client
Event Log
FTP Publishing
Help and Support
HTTP SSL
IIS Admin
Intel(R) Management & Security Application User Notification Service
Intel(R) Management and Security Application Local Management Service
IPSEC Services
Java Quick Starter
Logical Disk Manager

MSSQLSERVER
MySQL
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Simple Mail Transfer Protocol (SMTP)
SQL Server (SQLEXPRESS)
SQL Server Browser
SQL Server VSS Writer
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services

Themes
VMware Authorization Service
VMware DHCP Service
VMware NAT Service
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Time
Wireless Zero Configuration
Workstation
World Wide Web Publishing
The command completed successfully.
C:\>net stop "Remote Registry"
The Remote Registry service was stopped successfully.
C:\>net start "Remote Registry"
The Remote Registry service was started successfully.
1.1.7
C:\>net user user01 123456 /ADD
The command completed successfully.
C:\>net user user01 123
The command completed successfully.
C:\>net user user01 /DELETE
The command completed successfully.

1.2
C:\>set varip=192.168.1.2
C:\>set varsm=255.255.255.0
C:\>set vargw=192.168.1.1
C:\>set vardns1=8.8.8.8
C:\>set vardns2=8.8.4.4
C:\>netsh int set address name = "Local Area Connection 2" source = static addr =
%varip% mask = %varsm% gateway =%vargw% gwmetric = 1
The following command was not found: int set address name = "Local Area Connecti
on" source = static addr = 192.168.1.2 mask = 255.255.255.0 gateway =192.168.1.1
gwmetric = 1.
C:\>netsh interface ip set address "Local Area Connection" static 192.168.1.143
255.255.255.0 192.168.1.1 1
Ok.

1.3
C:\>netstat -n
Active Connections
Proto Local Address

Foreign Address

State

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

TCP 127.0.0.1:1026

127.0.0.1:1025

ESTABLISHED

C:\>netstat a
Active Connections
Proto Local Address
TCP may51:ftp

Foreign Address
may51:0

State
LISTENING

TCP may51:smtp
TCP may51:http

may51:0
may51:0

TCP may51:epmap
TCP may51:https

may51:0
may51:0

TCP may51:microsoft-ds

may51:0

LISTENING
LISTENING
LISTENING
LISTENING
LISTENING

TCP may51:912

may51:0

LISTENING

TCP may51:1027

may51:0

LISTENING

TCP may51:ms-sql-s

may51:0

LISTENING

TCP may51:2147

may51:0

LISTENING

TCP may51:2869

may51:0

LISTENING

TCP may51:3306

may51:0

LISTENING

TCP may51:5405

may51:0

LISTENING

TCP may51:1025

may51:1026

ESTABLISHED

TCP may51:1026

may51:1025

ESTABLISHED

TCP may51:1028

may51:0

LISTENING

TCP may51:1037

may51:0

LISTENING

TCP may51:5152

may51:0

LISTENING

TCP may51:netbios-ssn

may51:0

LISTENING

TCP may51:netbios-ssn

may51:0

LISTENING

TCP may51:microsoft-ds

192.168.1.17:1915

ESTABLISHED

TCP may51:3931

192.168.1.55:netbios-ssn TIME_WAIT

TCP may51:3932

192.168.1.55:netbios-ssn TIME_WAIT

TCP may51:netbios-ssn
UDP may51:microsoft-ds
UDP may51:isakmp

may51:0
*:*
*:*

LISTENING

UDP may51:1029

*:*

UDP may51:1036

*:*

UDP may51:ms-sql-m

*:*

UDP may51:3456

*:*

UDP may51:4500

*:*

UDP may51:4523

*:*

UDP may51:4524

*:*

UDP may51:4525

*:*

UDP may51:4526

*:*

UDP may51:4527

*:*

UDP may51:4528

*:*

UDP may51:4529

*:*

UDP may51:4530

*:*

UDP may51:5405

*:*

UDP may51:ntp

*:*

UDP may51:1032

*:*

UDP may51:1900

*:*

UDP may51:ntp

*:*

UDP may51:netbios-ns

*:*

UDP may51:netbios-dgm
UDP may51:1900
UDP may51:ntp

*:*

*:*
*:*

UDP may51:netbios-ns

*:*

UDP may51:netbios-dgm
UDP may51:1900

*:*

*:*

UDP may51:ntp

*:*

UDP may51:netbios-ns

*:*

UDP may51:netbios-dgm
UDP may51:1900

*:*

*:*

C:\>netstat -o
Active Connections
Proto Local Address

Foreign Address

State

PID

TCP may51:1025

may51:1026

ESTABLISHED

1692

TCP may51:1026

may51:1025

ESTABLISHED

1692

TCP may51:2869

192.168.1.1:1744

CLOSE_WAIT

C:\>netstat -nao
Active Connections
Proto Local Address

Foreign Address

State

PID

TCP 0.0.0.0:21

0.0.0.0:0

LISTENING

1508

TCP 0.0.0.0:25

0.0.0.0:0

LISTENING

1508

TCP 0.0.0.0:80

0.0.0.0:0

LISTENING

1456

TCP 0.0.0.0:135

0.0.0.0:0

LISTENING

1244

TCP 0.0.0.0:443

0.0.0.0:0

LISTENING

1456

TCP 0.0.0.0:445

0.0.0.0:0

LISTENING

TCP 0.0.0.0:912

0.0.0.0:0

LISTENING

3180

TCP 0.0.0.0:1027

0.0.0.0:0

LISTENING

1508

TCP 0.0.0.0:1433

0.0.0.0:0

LISTENING

596

TCP 0.0.0.0:2147

0.0.0.0:0

LISTENING

1668

TCP 0.0.0.0:2869

0.0.0.0:0

LISTENING

1996

TCP 0.0.0.0:3306

0.0.0.0:0

LISTENING

1552

TCP 0.0.0.0:5405

0.0.0.0:0

LISTENING

1476

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

1692

TCP 127.0.0.1:1026

127.0.0.1:1025

ESTABLISHED

1692

TCP 127.0.0.1:1028

0.0.0.0:0

LISTENING

1800

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:5152

0.0.0.0:0

LISTENING

1528

TCP 192.168.0.1:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:2869

192.168.1.1:1744

TCP 192.168.80.1:139

0.0.0.0:0

CLOSE_WAIT

LISTENING

UDP 0.0.0.0:445

*:*

UDP 0.0.0.0:500

*:*

972

UDP 0.0.0.0:1029

*:*

1856

UDP 0.0.0.0:1036

*:*

1856

UDP 0.0.0.0:1434

*:*

1612

UDP 0.0.0.0:3456

*:*

1508

UDP 0.0.0.0:4500

*:*

972

UDP 0.0.0.0:4523

*:*

1856

UDP 0.0.0.0:4524

*:*

1856

UDP 0.0.0.0:4525

*:*

1856

UDP 0.0.0.0:4526

*:*

1856

UDP 0.0.0.0:4527

*:*

1856

UDP 0.0.0.0:4528

*:*

1856

UDP 0.0.0.0:4529

*:*

1856

UDP 0.0.0.0:4530

*:*

1856

UDP 0.0.0.0:5405

*:*

1476

UDP 127.0.0.1:123

*:*

1668

UDP 127.0.0.1:1032

*:*

1668

UDP 127.0.0.1:1900

*:*

1996

UDP 192.168.0.1:123

*:*

1668

UDP 192.168.0.1:137

*:*

UDP 192.168.0.1:138

*:*

UDP 192.168.0.1:1900

*:*

1996

UDP 192.168.1.51:123

*:*

1668

UDP 192.168.1.51:137

*:*

UDP 192.168.1.51:138

*:*

UDP 192.168.1.51:1900

*:*

1996

UDP 192.168.80.1:123

*:*

1668

UDP 192.168.80.1:137

*:*

UDP 192.168.80.1:138

*:*

UDP 192.168.80.1:1900

*:*

1996

C:\>netstat -rn

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
0x3 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1

0x4 ...70 71 bc 9a 82 6d ...... Intel(R) 82578DC Gigabit Network Connection - Pa


cket Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination
0.0.0.0
127.0.0.0

Netmask

0.0.0.0

Gateway

Interface Metric

192.168.1.1 192.168.1.51

255.0.0.0

127.0.0.1

192.168.0.0 255.255.255.0

192.168.0.1

192.168.0.1 255.255.255.255

127.0.0.1

192.168.0.255 255.255.255.255
192.168.1.0 255.255.255.0

127.0.0.1

20
1

192.168.0.1

20

127.0.0.1

192.168.0.1

20

192.168.0.1

20

192.168.1.51 192.168.1.51

192.168.1.51 255.255.255.255

127.0.0.1

192.168.1.255 255.255.255.255
192.168.80.0 255.255.255.0

127.0.0.1

20
20

192.168.1.51 192.168.1.51
192.168.80.1 192.168.80.1

192.168.80.1 255.255.255.255
192.168.80.255 255.255.255.255

127.0.0.1

127.0.0.1

20
20

192.168.80.1 192.168.80.1
192.168.0.1

20

224.0.0.0

240.0.0.0

192.168.0.1

224.0.0.0

240.0.0.0

192.168.1.51 192.168.1.51

20

224.0.0.0

240.0.0.0

192.168.80.1 192.168.80.1

20

20

20

255.255.255.255 255.255.255.255

192.168.0.1

255.255.255.255 255.255.255.255

192.168.1.51 192.168.1.51

255.255.255.255 255.255.255.255

192.168.80.1 192.168.80.1

Default Gateway:

192.168.0.1

192.168.1.1

===========================================================================

Persistent Routes:
None

C:\>netstat -na

Active Connections

Proto Local Address

Foreign Address

State

TCP 0.0.0.0:21

0.0.0.0:0

LISTENING

TCP 0.0.0.0:25

0.0.0.0:0

LISTENING

TCP 0.0.0.0:80

0.0.0.0:0

LISTENING

TCP 0.0.0.0:135

0.0.0.0:0

LISTENING

TCP 0.0.0.0:443

0.0.0.0:0

LISTENING

TCP 0.0.0.0:445

0.0.0.0:0

LISTENING

TCP 0.0.0.0:912

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1027

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1433

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2147

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2869

0.0.0.0:0

LISTENING

TCP 0.0.0.0:3306

0.0.0.0:0

LISTENING

TCP 0.0.0.0:5405

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

TCP 127.0.0.1:1026

127.0.0.1:1025

ESTABLISHED

TCP 127.0.0.1:1028

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

TCP 127.0.0.1:5152

0.0.0.0:0

LISTENING

TCP 192.168.0.1:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:2869

192.168.1.1:1744

TCP 192.168.80.1:139

0.0.0.0:0

UDP 0.0.0.0:445

*:*

UDP 0.0.0.0:500

*:*

UDP 0.0.0.0:1029

*:*

UDP 0.0.0.0:1036

*:*

UDP 0.0.0.0:1434

*:*

UDP 0.0.0.0:3456

*:*

UDP 0.0.0.0:4500

*:*

UDP 0.0.0.0:4523

*:*

UDP 0.0.0.0:4524

*:*

UDP 0.0.0.0:4525

*:*

UDP 0.0.0.0:4526

*:*

UDP 0.0.0.0:4527

*:*

UDP 0.0.0.0:4528

*:*

UDP 0.0.0.0:4529

*:*

UDP 0.0.0.0:4530

*:*

UDP 0.0.0.0:5405

*:*

UDP 127.0.0.1:123

*:*

UDP 127.0.0.1:1032

*:*

UDP 127.0.0.1:1900

*:*

UDP 192.168.0.1:123

*:*

CLOSE_WAIT

LISTENING

UDP 192.168.0.1:137

*:*

UDP 192.168.0.1:138

*:*

UDP 192.168.0.1:1900

*:*

UDP 192.168.1.51:123

*:*

UDP 192.168.1.51:137

*:*

UDP 192.168.1.51:138

*:*

UDP 192.168.1.51:1900

*:*

UDP 192.168.80.1:123

*:*

UDP 192.168.80.1:137

*:*

UDP 192.168.80.1:138

*:*

UDP 192.168.80.1:1900

*:*

C:\>netstat -na 2

Active Connections

Proto Local Address

Foreign Address

State

TCP 0.0.0.0:21

0.0.0.0:0

LISTENING

TCP 0.0.0.0:25

0.0.0.0:0

LISTENING

TCP 0.0.0.0:80

0.0.0.0:0

LISTENING

TCP 0.0.0.0:135

0.0.0.0:0

LISTENING

TCP 0.0.0.0:443

0.0.0.0:0

LISTENING

TCP 0.0.0.0:445

0.0.0.0:0

LISTENING

TCP 0.0.0.0:912

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1027

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1433

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2147

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2869

0.0.0.0:0

LISTENING

TCP 0.0.0.0:3306

0.0.0.0:0

LISTENING

TCP 0.0.0.0:5405

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

TCP 127.0.0.1:1026

127.0.0.1:1025

ESTABLISHED

TCP 127.0.0.1:1028

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

TCP 127.0.0.1:5152

0.0.0.0:0

LISTENING

TCP 192.168.0.1:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:2869

192.168.1.1:1744

CLOSE_WAIT

TCP 192.168.1.51:2869

192.168.1.1:1761

CLOSE_WAIT

TCP 192.168.80.1:139

0.0.0.0:0

UDP 0.0.0.0:445

*:*

UDP 0.0.0.0:500

*:*

UDP 0.0.0.0:1029

*:*

UDP 0.0.0.0:1036

*:*

UDP 0.0.0.0:1434

*:*

UDP 0.0.0.0:3456

*:*

UDP 0.0.0.0:4500

*:*

UDP 0.0.0.0:4523

*:*

UDP 0.0.0.0:4524

*:*

UDP 0.0.0.0:4525

*:*

UDP 0.0.0.0:4526

*:*

LISTENING

UDP 0.0.0.0:4527

*:*

UDP 0.0.0.0:4528

*:*

UDP 0.0.0.0:4529

*:*

UDP 0.0.0.0:4530

*:*

UDP 0.0.0.0:5405

*:*

UDP 127.0.0.1:123

*:*

UDP 127.0.0.1:1032

*:*

UDP 127.0.0.1:1900

*:*

UDP 192.168.0.1:123

*:*

UDP 192.168.0.1:137

*:*

UDP 192.168.0.1:138

*:*

UDP 192.168.0.1:1900

*:*

UDP 192.168.1.51:123

*:*

UDP 192.168.1.51:137

*:*

UDP 192.168.1.51:138

*:*

UDP 192.168.1.51:1900

*:*

UDP 192.168.80.1:123

*:*

UDP 192.168.80.1:137

*:*

UDP 192.168.80.1:138

*:*

UDP 192.168.80.1:1900

*:*

Active Connections

Proto Local Address


TCP 0.0.0.0:21

Foreign Address
0.0.0.0:0

State

LISTENING

TCP 0.0.0.0:25

0.0.0.0:0

LISTENING

TCP 0.0.0.0:80

0.0.0.0:0

LISTENING

TCP 0.0.0.0:135

0.0.0.0:0

LISTENING

TCP 0.0.0.0:443

0.0.0.0:0

LISTENING

TCP 0.0.0.0:445

0.0.0.0:0

LISTENING

TCP 0.0.0.0:912

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1027

0.0.0.0:0

LISTENING

TCP 0.0.0.0:1433

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2147

0.0.0.0:0

LISTENING

TCP 0.0.0.0:2869

0.0.0.0:0

LISTENING

TCP 0.0.0.0:3306

0.0.0.0:0

LISTENING

TCP 0.0.0.0:5405

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

TCP 127.0.0.1:1026

127.0.0.1:1025

ESTABLISHED

TCP 127.0.0.1:1028

0.0.0.0:0

LISTENING

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

TCP 127.0.0.1:5152

0.0.0.0:0

LISTENING

TCP 192.168.0.1:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:139

0.0.0.0:0

LISTENING

TCP 192.168.1.51:2869

192.168.1.1:1744

CLOSE_WAIT

TCP 192.168.1.51:2869

192.168.1.1:1761

CLOSE_WAIT

TCP 192.168.80.1:139

0.0.0.0:0

UDP 0.0.0.0:445

*:*

UDP 0.0.0.0:500

*:*

UDP 0.0.0.0:1029

*:*

LISTENING

UDP 0.0.0.0:1036

*:*

UDP 0.0.0.0:1434

*:*

UDP 0.0.0.0:3456

*:*

UDP 0.0.0.0:4500

*:*

UDP 0.0.0.0:4523

*:*

UDP 0.0.0.0:4524

*:*

UDP 0.0.0.0:4525

*:*

UDP 0.0.0.0:4526

*:*

UDP 0.0.0.0:4527

*:*

UDP 0.0.0.0:4528

*:*

UDP 0.0.0.0:4529

*:*

UDP 0.0.0.0:4530

*:*

UDP 0.0.0.0:5405

*:*

UDP 127.0.0.1:123

*:*

UDP 127.0.0.1:1032

*:*

UDP 127.0.0.1:1900

*:*

UDP 192.168.0.1:123

*:*

UDP 192.168.0.1:137

*:*

UDP 192.168.0.1:138

*:*

UDP 192.168.0.1:1900

*:*

UDP 192.168.1.51:123

*:*

UDP 192.168.1.51:137

*:*

UDP 192.168.1.51:138

*:*

UDP 192.168.1.51:1900

*:*

UDP 192.168.80.1:123

*:*

UDP 192.168.80.1:137

*:*

UDP 192.168.80.1:138

*:*

UDP 192.168.80.1:1900

*:*

C:\>netstat -nab

Active Connections

Proto Local Address


TCP 0.0.0.0:21

Foreign Address

State

PID

0.0.0.0:0

LISTENING

1508

0.0.0.0:0

LISTENING

1508

0.0.0.0:0

LISTENING

1456

0.0.0.0:0

LISTENING

1244

0.0.0.0:0

LISTENING

1456

0.0.0.0:0

LISTENING

[inetinfo.exe]

TCP 0.0.0.0:25
[inetinfo.exe]

TCP 0.0.0.0:80
[httpd.exe]

TCP 0.0.0.0:135

Can not obtain ownership information


TCP 0.0.0.0:443
[httpd.exe]

TCP 0.0.0.0:445

[System]

TCP 0.0.0.0:912

0.0.0.0:0

LISTENING

3180

0.0.0.0:0

LISTENING

1508

0.0.0.0:0

LISTENING

596

0.0.0.0:0

LISTENING

1668

0.0.0.0:0

LISTENING

1996

0.0.0.0:0

LISTENING

1552

0.0.0.0:0

LISTENING

1476

[vmware-authd.exe]

TCP 0.0.0.0:1027
[inetinfo.exe]

TCP 0.0.0.0:1433
[sqlservr.exe]

TCP 0.0.0.0:2147
[svchost.exe]

TCP 0.0.0.0:2869

Can not obtain ownership information


TCP 0.0.0.0:3306
[mysqld.exe]

TCP 0.0.0.0:5405
[client32.exe]

TCP 127.0.0.1:1028
[UNS.exe]

0.0.0.0:0

LISTENING

1800

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

0.0.0.0:0

LISTENING

1528

0.0.0.0:0

LISTENING

0.0.0.0:0

LISTENING

0.0.0.0:0

LISTENING

Can not obtain ownership information


TCP 127.0.0.1:5152
[jqs.exe]

TCP 192.168.0.1:139
[System]

TCP 192.168.1.51:139
[System]

TCP 192.168.80.1:139
[System]

TCP 127.0.0.1:1025

127.0.0.1:1026

ESTABLISHED

1692

127.0.0.1:1025

ESTABLISHED

1692

[LMS.exe]

TCP 127.0.0.1:1026
[LMS.exe]

TCP 192.168.1.51:2869

192.168.1.1:1744

CLOSE_WAIT

[System]

UDP 0.0.0.0:1434

*:*

Can not obtain ownership information

1612

UDP 0.0.0.0:4524

*:*

1856

Can not obtain ownership information


UDP 0.0.0.0:4500

*:*

972

*:*

1856

[lsass.exe]

UDP 0.0.0.0:4528

Can not obtain ownership information


UDP 0.0.0.0:500

*:*

972

*:*

1856

[lsass.exe]

UDP 0.0.0.0:4527

Can not obtain ownership information


UDP 0.0.0.0:4523

*:*

1856

Can not obtain ownership information


UDP 0.0.0.0:5405

*:*

1476

*:*

1856

[client32.exe]

UDP 0.0.0.0:4525

Can not obtain ownership information


UDP 0.0.0.0:1036

*:*

1856

Can not obtain ownership information


UDP 0.0.0.0:4529

*:*

1856

Can not obtain ownership information


UDP 0.0.0.0:4530

*:*

Can not obtain ownership information

1856

UDP 0.0.0.0:4526

*:*

1856

Can not obtain ownership information


UDP 0.0.0.0:3456

*:*

1508

*:*

1856

[inetinfo.exe]

UDP 0.0.0.0:1029

Can not obtain ownership information


UDP 0.0.0.0:445

*:*

[System]

UDP 127.0.0.1:123

*:*

1668

c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 127.0.0.1:1900

*:*

1996

Can not obtain ownership information


UDP 127.0.0.1:1032

*:*

c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\winrnr.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll

1668

[svchost.exe]

UDP 192.168.1.51:138

*:*

*:*

*:*

1668

[System]

UDP 192.168.80.1:137
[System]

UDP 192.168.1.51:123

c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.1.51:137

*:*

*:*

1996

[System]

UDP 192.168.0.1:1900

Can not obtain ownership information


UDP 192.168.80.1:1900

*:*

1996

Can not obtain ownership information


UDP 192.168.1.51:1900

*:*

1996

Can not obtain ownership information


UDP 192.168.80.1:123

*:*

1668

c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.1:123

*:*

1668

c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP 192.168.0.1:138

*:*

*:*

*:*

[System]

UDP 192.168.0.1:137
[System]

UDP 192.168.80.1:138
[System]

C:\>netstat -s -p icmp

ICMPv4 Statistics

Received Sent
Messages
Errors

239
0

178
0

Destination Unreachable 76
Time Exceeded

Parameter Problems

Source Quenches
Redirects
Echos

13

82

83

Echo Replies

81

82

Timestamps

Timestamp Replies
Address Masks
Address Mask Replies

0
0

C:\>netstat -nao 1 | find "1037"


TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

TCP 127.0.0.1:1037

0.0.0.0:0

LISTENING

2900

1.4
C:\>wmic process list brief
HandleCount Name

Priority ProcessId ThreadCount WorkingSetSi

ze
0

1555

System Idle Process 0

System

19

smss.exe

11

828

397312

783

csrss.exe

13

892

12

2060288

573

winlogon.exe

13

418

services.exe

489

lsass.exe

78

DFServ.exe

1140

5767168

221

svchost.exe

1196

17

5124096

344

svchost.exe

1244

11

4550656

85

28672

916

960

972

258048

18

16

22

5234688

5701632

7532544

1617

svchost.exe

1668

88

131

svchost.exe

1856

4431872

809

svchost.exe

1996

16

9199616

165

spoolsv.exe

212

11

6463488

902

explorer.exe

660

24

25792512

133

runplugin.exe

744

7962624

50

USBGuard.exe

122

ctfmon.exe

34

UniKeyNT.exe

231

USBGuard.exe

39

FrzState2k.exe

91

httpd.exe

103

client32.exe

460

832

840

1340

1476

1986560

3981312

860

1456

13

29265920

2867200

15482880

6348800

44949504

5939200

475

inetinfo.exe

168

jqs.exe

155

LMS.exe

1692

343

sqlservr.exe

1748

29

2408448

269

sqlservr.exe

596

29

11431936

33446

1508

1528

26

10264576

1429504

5218304

mysqld.exe

1552

13

76

sqlbrowser.exe

1612

89

sqlwriter.exe

206

UNS.exe

1800

12

61

vmnat.exe

2788

33

vmnetdhcp.exe

243

httpd.exe

208

vmware-authd.exe

1636

3152

2256896

3016

13041664

3567616

8216576

2191360

1966080

154

47128576

3180

7901184

113

alg.exe

2900

135

svchost.exe

1272

4378624

130

mspaint.exe

2480

16621568

99

svchost.exe

468

WINWORD.EXE

33

cmd.exe

2116

140

wmic.exe

145

wmiprvse.exe

2432

3604480

2428

2744

3592192

2108

30625792

2674688

5963776

5779456

C:\>finger -l user01

[may51]
> Finger: connect::Connection refused

C:\>tracert 192.168.1.67

Tracing route to 192.168.1.67 over a maximum of 30 hops

1 ms

<1 ms

<1 ms 192.168.1.67

Trace complete.

C:\>arp -s 192.168.1.52 70-71-bc-9a-2e-63

C:\>arp -a

Interface: 192.168.1.51 --- 0x4


Internet Address

Physical Address

Type

192.168.1.1

64-68-0c-f9-3e-af

dynamic

192.168.1.10

00-1b-b9-67-9f-d8

dynamic

192.168.1.17

00-1b-b9-65-2e-07

dynamic

192.168.1.36

00-1b-b9-63-f1-cc

dynamic

192.168.1.52

70-71-bc-9a-2e-63

static

192.168.1.53

70-71-bc-9a-2d-5f

dynamic

192.168.1.56

70-71-bc-9a-2c-66

dynamic

192.168.1.64

70-71-bc-9a-6f-47

dynamic

192.168.1.67

70-71-bc-9a-84-12

dynamic

192.168.1.111

70-71-bc-9a-2a-c3

dynamic

192.168.1.125

70-71-bc-9a-2e-ef

dynamic

You might also like