Enumerate

Commands

ipconfig

TCP/IP network config.

ipconfig /all

TCP/IP config for all adapters.

ipconfig /displaydns

DNS Resolver Cache.

netstat

Stats and port info.

netstat -a

Active TCP and UDP ports.

netstat -n

Active TCP connections, numeric addresses and ports.

netstat -o

Active TCP connections with PIDs.

netstat -b

Executables for each connection.

nbtstat -rn

NetBIOS info.

nbtstat -a [RemoteName]

Remote machine name table given its NAME.

nbtstat -A [IP address]

Remote machine name table given its IP.

route print

Routing tables.

fport

TCP/IP process to port mapper.

netsh interface ?

Help.

netsh interface show interface

All network interfaces.

netsh interface ip show address

IP; DHCP; Subnet; Gateway.

netsh interface ip show config

TCP/IP network config values.

netsh wlan show interfaces

Wireless network interface info.

Get-NetIPConfiguration

Config for all interfaces.

Get-NetAdapter | Get-NetIPAddress

IPs and DHCP config for all network adapters.

Test-NetConnection

Diagnostic info for a connection.

Get-NetIPAddress

IP config.

Get-NetAdapter

Basic network adapter properties.

Get-NetAdapterBinding

Network adapter binding settings.

Get-NetAdapterStatistics

Network adapter statistics.

Get-NetRoute

IP routing table.

Get-NetTCPConnection

TCP connections.

Get-NetUDPEndpoint

Retrieves UDP listener endpoints.

Get-NetUDPSetting

Global UDP settings.

Get-NetTCPSetting

Global TCP settings.

Get-NetIPConfiguration -InterfaceIndex 4

Check interface by index.

Get-NetIPInterface -InterfaceAlias "Wi-Fi"

Check interface by name.

wmic netuse list brief

Active connections info (Brief).

wmic netuse list full

Active connections info (Full).

wmic netuse get name, connectionstate, username

Active connections specific properties.

wmic nicconfig get

Network adapter configs.

wmic nic get NetConnectionStatus

Network interfaces and their connection status.

wmic netuse get name,status

Network resources connected to the system.

net view

ServerName and Remarks of hosts in current domain.

net view /domain

Hosts on the domain.

nltest /dclist:<DOMAIN>

DCs.

dsquery computer

Host on the domain.

All hosts:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_samaccountname

All hosts:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_dnshostname

Retrieves network adapter configuration:

Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration

Retrieves properties of a network adapter:

Get-CimInstance -ClassName Win32_NetworkAdapter

Lists TCP/IP printer ports:

Get-CimInstance -ClassName Win32_TCPIPPrinterPort

Performance data from network interfaces:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_NetworkInterface

Performance data from IPv4 TCP/IP protocol:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_TCPv4

Performance data from IPv6 TCP/IP protocol:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_TCPv6

DHCP

ipconfig /all

reg query HKLM\SYSTEM\CurrentControlSet\Services\ /s /v "EnableDHCP"

Get-Service dhcp

netsh interface ip show config

Get-NetIPConfiguration

Graphical User Interface (GUI):

Network and Sharing Center

Open the Control Panel.

Go to "Network and Internet" > "Network and Sharing Center."

Click on "Change adapter settings."

Right-click on the network adapter you want to check and select "Properties."

Double-click on "Internet Protocol Version 4 (TCP/IPv4)."

If "Obtain an IP address automatically" is selected, DHCP is enabled.

DNS

C:\Windows\System32\Drivers\etc\hosts

This file is how DNS worked before DNS. You can set domain names to incorrect IPs.

netsh interface ip show dns

Display DNS information on network interface.

ipconfig /all

Look for the "DNS Servers" line under each adapter's section. If DNS is enabled and configured, you'll see IP addresses listed there.

nslookup

If DNS is working correctly, you should be able to type nslookup followed by a domain name (e.g., nslookup google.com) and get an IP address response.

Get-DnsClientServerAddress

Retrieves the DNS server addresses configured for each network interface. An empty list indicates that DNS is disabled.

Resolve-DnsName google.com

Performs a DNS lookup and displays results, indicating DNS functionality.

Test-Connection -ComputerName google.com -DnsOnly

Tests DNS resolution specifically. If successful, DNS is enabled.

Get-DnsClientServerAddress -InterfaceAlias "Wi-Fi"

Target specific interfaces.

Resolve-DnsName -InterfaceAlias "Ethernet" google.com

Target specific interfaces.

Graphical User Interface (GUI):

Network and Sharing Center:

Open the Control Panel.

Go to "Network and Internet" > "Network and Sharing Center."

Click on "Change adapter settings."

Right-click on the network adapter you want to check and select "Properties."

Double-click on "Internet Protocol Version 4 (TCP/IPv4)."

If DNS server addresses are manually entered or obtained automatically, DNS is enabled.

ARP

arp -a

Displays current ARP entries.

arp -a inet_address

Displays current ARP entries for inet_addressonly.

Get-NetNeighbor -AddressFamily IPv4

If ARP is working, you'll see entries mapping IP addresses to MAC addresses. An empty cache might indicate ARP issues, but it's not conclusive.

ping <IP>

Test ARP. If successful, ARP is likely enabled. If ARP fails, ping won't succeed.

GUI: Inspect Network Adapter Properties:

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings

Right-click adapter > Properties > Configure > Advanced

Look for settings related to ARP:

Might include enabling/disabling ARP or adjusting cache size.

If ARP options are present and not disabled, it's likely enabled.

Port Status

State

Description

CLOSED

Indicates that the server has received an ACK signal (to acknowledge receipt of a packet) from the client and the connection is closed.

CLOSE_WAIT

Indicates that the server has received the first FIN signal (to acknowledge there is no more data to be sent) from the client and the connection is in the process of closing.

ESTABLISHED

Indicates that the server received the SYN signal (synchronize, this signal is only sent in the first packet) from the client and the session is established.

FIN_WAIT_1

Indicates that the connection is still active but not currently being used.

FIN_WAIT_2

Indicates that the client just received acknowledgment of the first FIN signal from the server.

LAST_ACK

Indicates that the server is in the process of sending its own FIN signal.

LISTENING

Indicates that the server is ready to accept a connection.

SYN_RECEIVED

Indicates that the server just received a SYN signal from the client.

SYN_SEND

Indicates that this connection is open and active.

TIME_WAIT

Indicates that the client recognizes the connection as active, but not currently being used.

PreviousNetwork NextModify

Last updated 1 year ago

Was this helpful?

Enumerate

Commands

ipconfig

TCP/IP network config.

ipconfig /all

TCP/IP config for all adapters.

ipconfig /displaydns

DNS Resolver Cache.

netstat

Stats and port info.

netstat -a

Active TCP and UDP ports.

netstat -n

Active TCP connections, numeric addresses and ports.

netstat -o

Active TCP connections with PIDs.

netstat -b

Executables for each connection.

nbtstat -rn

NetBIOS info.

nbtstat -a [RemoteName]

Remote machine name table given its NAME.

nbtstat -A [IP address]

Remote machine name table given its IP.

route print

Routing tables.

fport

TCP/IP process to port mapper.

netsh interface ?

Help.

netsh interface show interface

All network interfaces.

netsh interface ip show address

IP; DHCP; Subnet; Gateway.

netsh interface ip show config

TCP/IP network config values.

netsh wlan show interfaces

Wireless network interface info.

Get-NetIPConfiguration

Config for all interfaces.

Get-NetAdapter | Get-NetIPAddress

IPs and DHCP config for all network adapters.

Test-NetConnection

Diagnostic info for a connection.

Get-NetIPAddress

IP config.

Get-NetAdapter

Basic network adapter properties.

Get-NetAdapterBinding

Network adapter binding settings.

Get-NetAdapterStatistics

Network adapter statistics.

Get-NetRoute

IP routing table.

Get-NetTCPConnection

TCP connections.

Get-NetUDPEndpoint

Retrieves UDP listener endpoints.

Get-NetUDPSetting

Global UDP settings.

Get-NetTCPSetting

Global TCP settings.

Get-NetIPConfiguration -InterfaceIndex 4

Check interface by index.

Get-NetIPInterface -InterfaceAlias "Wi-Fi"

Check interface by name.

wmic netuse list brief

Active connections info (Brief).

wmic netuse list full

Active connections info (Full).

wmic netuse get name, connectionstate, username

Active connections specific properties.

wmic nicconfig get

Network adapter configs.

wmic nic get NetConnectionStatus

Network interfaces and their connection status.

wmic netuse get name,status

Network resources connected to the system.

net view

ServerName and Remarks of hosts in current domain.

net view /domain

Hosts on the domain.

nltest /dclist:<DOMAIN>

DCs.

dsquery computer

Host on the domain.

All hosts:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_samaccountname

All hosts:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_dnshostname

Retrieves network adapter configuration:

Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration

Retrieves properties of a network adapter:

Get-CimInstance -ClassName Win32_NetworkAdapter

Lists TCP/IP printer ports:

Get-CimInstance -ClassName Win32_TCPIPPrinterPort

Performance data from network interfaces:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_NetworkInterface

Performance data from IPv4 TCP/IP protocol:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_TCPv4

Performance data from IPv6 TCP/IP protocol:

Get-CimInstance -ClassName Win32_PerfFormattedData_Tcpip_TCPv6

DHCP

ipconfig /all

reg query HKLM\SYSTEM\CurrentControlSet\Services\ /s /v "EnableDHCP"

Get-Service dhcp

netsh interface ip show config

Get-NetIPConfiguration

Graphical User Interface (GUI):

Network and Sharing Center

Open the Control Panel.

Go to "Network and Internet" > "Network and Sharing Center."

Click on "Change adapter settings."

Right-click on the network adapter you want to check and select "Properties."

Double-click on "Internet Protocol Version 4 (TCP/IPv4)."

If "Obtain an IP address automatically" is selected, DHCP is enabled.

DNS

C:\Windows\System32\Drivers\etc\hosts

This file is how DNS worked before DNS. You can set domain names to incorrect IPs.

netsh interface ip show dns

Display DNS information on network interface.

ipconfig /all

Look for the "DNS Servers" line under each adapter's section. If DNS is enabled and configured, you'll see IP addresses listed there.

nslookup

If DNS is working correctly, you should be able to type nslookup followed by a domain name (e.g., nslookup google.com) and get an IP address response.

Get-DnsClientServerAddress

Retrieves the DNS server addresses configured for each network interface. An empty list indicates that DNS is disabled.

Resolve-DnsName google.com

Performs a DNS lookup and displays results, indicating DNS functionality.

Test-Connection -ComputerName google.com -DnsOnly

Tests DNS resolution specifically. If successful, DNS is enabled.

Get-DnsClientServerAddress -InterfaceAlias "Wi-Fi"

Target specific interfaces.

Resolve-DnsName -InterfaceAlias "Ethernet" google.com

Target specific interfaces.

Graphical User Interface (GUI):

Network and Sharing Center:

Open the Control Panel.

Go to "Network and Internet" > "Network and Sharing Center."

Click on "Change adapter settings."

Right-click on the network adapter you want to check and select "Properties."

Double-click on "Internet Protocol Version 4 (TCP/IPv4)."

If DNS server addresses are manually entered or obtained automatically, DNS is enabled.

ARP

arp -a

Displays current ARP entries.

arp -a inet_address

Displays current ARP entries for inet_addressonly.

Get-NetNeighbor -AddressFamily IPv4

If ARP is working, you'll see entries mapping IP addresses to MAC addresses. An empty cache might indicate ARP issues, but it's not conclusive.

ping <IP>

Test ARP. If successful, ARP is likely enabled. If ARP fails, ping won't succeed.

GUI: Inspect Network Adapter Properties:

Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings

Right-click adapter > Properties > Configure > Advanced

Look for settings related to ARP:

Might include enabling/disabling ARP or adjusting cache size.

If ARP options are present and not disabled, it's likely enabled.

Port Status

State

Description

CLOSED

Indicates that the server has received an ACK signal (to acknowledge receipt of a packet) from the client and the connection is closed.

CLOSE_WAIT

Indicates that the server has received the first FIN signal (to acknowledge there is no more data to be sent) from the client and the connection is in the process of closing.

ESTABLISHED

Indicates that the server received the SYN signal (synchronize, this signal is only sent in the first packet) from the client and the session is established.

FIN_WAIT_1

Indicates that the connection is still active but not currently being used.

FIN_WAIT_2

Indicates that the client just received acknowledgment of the first FIN signal from the server.

LAST_ACK

Indicates that the server is in the process of sending its own FIN signal.

LISTENING

Indicates that the server is ready to accept a connection.

SYN_RECEIVED

Indicates that the server just received a SYN signal from the client.

SYN_SEND

Indicates that this connection is open and active.

TIME_WAIT

Indicates that the client recognizes the connection as active, but not currently being used.

PreviousNetwork NextModify

Last updated 1 year ago

Was this helpful?