Basic understanding of Networking Commands and their

functions with examples

Networking Commands
Each operating system comes equipped with some tools known as commands, to troubleshoot
the general issues associated with it. Networking commands are used to troubleshoot
networking problems along with the display of some important information related to
networks. In this lab manual, you will explore various networking commands based on
Windows/ Linux operating systems, which may be very helpful to understand and counter
cyber-attacks.
Lab Instructions for running commands in Windows:
1. Connect to the Windows machine, created by you, using the RDP protocol.
2. When prompted for the password, enter qwerty as the password. Cdac is the
administrator user of the machine.

On Windows 10 type cmd into the search box and select the command prompt from the
displayed programs run as an administrator privilege.

Running the cmd while using the admin account, allows you to run various commands with
administrator rights.

1
Lab Instructions for running commands in Linux:
1. Connect to the kali Linux machine, created by you, using the RDP protocol.
2. When prompted for the username and password, enter root as username and toor as
password. The root is the administrator user of the machine.

3. click on the black box icon (Terminal Emulator) in the top left corner of the Kali Linux
Desktop.

2
Running the terminal while using the root account, allows you to run various commands with
administrator rights.

Let’s explore some very important networking commands. Few of these

commands run on a windows machine and few run on Linux machines. You can
easily identify the machine to use for running the command by the prompt .
For example

Windows Prompt

Linux Prompt

3
1. PING
ping command tests the availability of a networking device (usually a computer) on a
network. Ping works by sending an Internet Control Message Protocol (ICMP) Echo
Request to a specified interface on the network and waiting for a reply. The device
responds by sending the Echo Reply ICMP packets. ICMP is Internet Control Message
Protocol, used by network devices to diagnose network communication issues.
(i) Ping command to check the availability of a machine using an IP address or
computer name.
To check the availability of a machine, the ping command can be used with an IP
address or computer name. Go to a cmd prompt and enter:
ping IP Address e.g., ping 172.31.103.2 or ping < computer name> :
The screenshots below show how to use the command with an IP address or computer name.

ping <computer name> e.g., ping DESKTOP-K0E0N56

4
(ii) Ping Command to Identify the Operating System of the remote host.
The TTL value mentioned in the Echo Reply packets may be used to determine the Operating
system of the remote host. The default initial TTL value for Linux/Unix is 64, and for Windows,
it is 128.
To view the TTL value of a Linux/Windows host, simply ping the host, as shown in the below
snapshot.

Here the TTL value is 128 which indicates that the remote host is running a Windows
Operating System.
(iii) Ping command to find Hostname
Ping command can also be used to find the hostname corresponding to a known IP address
using the -a option.
In the below snapshot, the ping command is used to find the hostname assigned to the IP
address 172.31.103.2.

5
2. ROUTE
The route is a very important networking command for network administrators. It is used to
display or modify the computer's routing table.
(i) Displaying the routing table
To display the routing table (both IPv4 and IPv6) in Windows, a route command with a print
option may be used.
In Unix/Linux, the route command without any option may be used to print the routing table.
The output displayed by the Windows and Unix/Linux commands is similar. Here's an example
from a typical Windows client computer:

For each entry in the routing table, five items of information are listed:

6
a. The destination IP address: This is the address of the destination subnet and must be
interpreted in the context of the subnet mask.
b. The subnet mask must be applied to the destination address to determine the
destination subnet.
c. The IP address of the gateway to which traffic intended for the destination subnet will
be sent.
d. The IP address of the interface through which the traffic will be sent to the destination
subnet.
e. The metric indicates the number of hops required to reach destinations via the
gateway.
route command in Linux with Examples
Here is an example of a Linux system.
$route

(ii) To display the routing table in full numeric form.

$route -n

(iii) To add a default gateway.

$sudo route add default gw 172.31.100.2

(iv) To list kernel’s routing cache information.

$route -Cn

7
(v) To reject routing to a particular host or network.
$sudo route add -host 172.31.103.2 reject

(vi) To get details of the kernel/IP routing table using the IP command.
$ip route

Each line in the output represents an entry in the routing table (Linux kernel routing table).
For example, the lines shown in the above snapshot represent the route for the local network.
All network packets to a system in the same network are sent directly through the device eth0.
The second default route, which is also set via the eth0 interface says that all network packets
which cannot be sent according to the previous entries of the routing table are sent through
the gateway defined in this entry i.e. 172.31.100.1 as the default gateway.
(vii) To delete the default gateway.
$route del default

8
(viii) To get the details of the local table with destination addresses assigned to the local
host.
$ip route show table local

(ix) To get output related to IPv4 only.

$ip -4 route

3. IPCONFIG
The ipconfig command is used to display information about network configuration and refresh
DHCP and DNS Settings in Windows systems. By default, the ipconfig command displays your
IP Address, Subnet Mask, and default gateway.
(i) Using ipconfig command to display network configuration of the systems.
Type ipconfig and press Enter as shown below. The output displays the list of active network
adapters/interfaces, whether they’re connected or disconnected, and their IP addresses.
Details such as their default gateway IP addresses, subnet masks, and the state of each network
adapter are displayed.

9
Adding a /all switch to the ipconfig command, a new level of details such as DNS information,
the MAC (Media Access Control) (in the Physical Address field), and other information about
each network component may be obtained. Check out the picture below to see the results.
ipconfig /all

(ii) Renewing the IP address of a network adapter.

10
When the network connection doesn’t work as it should, the network adapter might not have
the correct IP address assigned. A quick way of solving this issue is to renew its IP address. It
can be done using the Ipconfig command. This is done in two steps.
a. The first one – use the command ipconfig /release to force the network adapter to
drop its assigned IP address,
ipconfig /release

b. Use the ipconfig /renew command to renew the IP address.

11
4. ARP
ARP stands for Address Resolution Protocol. Arp, command displays and manipulates the
System’s ARP cache. It also allows a complete dump of the ARP cache. As you are aware that
the primary function of ARP protocol is to resolve the IP address of a system to its MAC
address, and hence it works between level 2(Data link layer) and level 3(Network layer).
(i) using the arp command to display all the IP and MAC pairs for all the interfaces.
Use the command “arp –a” .

(ii) Deleting all the entries from the ARP table.

Use the command arp- d to flush out all the entries from the ARP table.
arp -d

(iii) Using arp command in Linux

(iv) In Linux there are some more options available. following are the examples.
-v, –verbose: This option shows the verbose information.
-n, –numeric: This option shows numerical addresses instead of symbolic host, port, or
usernames.

12
5. NETSTAT
The netstat command displays the network status and status of TCP and UDP endpoints
in the table format.
Here are some examples of using Netstat Command.
(i) Show Active TCP Connections
Run the netstat command with the o option to show all active TCP connections.
netstat -o

(ii) To see the connected computers in FQDN format instead of a simple IP address, use
the -f option.
netstat -f

13
(iii) Show Protocol-Specific Stats: To display the stats of a specific protocol such as the
TCP use -p option.
netstat -p tcp

(iv) Show ethernet network statistics:

Ethernet network statistics can be displayed using the -e option of the netstat
command.

14
(v) Displaying kernel routing table
Using the netstat command with the -r option lists the kernel routing information in the same
way as with the route command.

netstat -r

(vi) Displaying all the ports related to tcp connections

To display the ports/protocols associated with the connections, the -o option is
used.

netstat -o

15
Here, you can see that the application layer protocols are listed with their names such as https,
pop3s, etc. ephemeral ports are shown as numerical values.

To display the ports, associated with the application layer protocols, use the -n option, along
with option -o.
netstat -on

(vii) To display the executable involved in creating each connection or listening port, the
-b option may be used. this option requires admin privileges.
netstat -b

(viii) netstat command in Linux

netstat command has few different options while running in Linux. these options
are shown below.

16
Note: The participants are advised to explore the available options in Linux also, by running
them in a command line interface like a Terminal in Kali Linux.

6. NSLOOKUP
The nslookup (which stands for name server lookup) command is used to perform DNS queries
and receive: domain names or IP addresses, or any other specific DNS Records. To use the Windows
version of nslookup, open Command Prompt and type nslookup to get a result similar to this
one with your network’s DNS server and your computer’s IP address:
It can display the results related to your name server, mail server, or any other website as
follows.
In DNS, non-authoritative answers refer to DNS records, which are kept on external DNS
servers, and obtained from the "authoritative" servers that provide the original source of the
data.
(i) Getting name server information.
Type nslookup into Command Prompt:

It will prompt you to enter some information. type as below.

>set type=ns

17
An authoritative address lookup can also be performed by specifying one of the domain's
registered nameservers. Nslookup then uses that server instead of the default DNS server
information of the local system.
(ii) Getting mail server information.
type C:\>nslookup in command prompt
for Mail Server Lookup type as below.
set type=mx
> cdac.in

(iii) Getting details of any external website.

nslookup can also provide the IP addresses of an external domain name by querying
the dns server.
type the domain name as argument for the nslookup command.
nslookup <domain name>

7. HOSTNAME
18
hostname command in Linus and windows machines is used to display the hostname of the
computer or to change it.
(i) Display Hostname
Using the hostname command without any additional options displays the computer’s
hostname. Here is a snapshot of the Linux system.
hostname

(ii) Change Hostname Permanently

To change the hostname permanently, use a text editor like Nano to make changes to the
hostname by editing the host file:
Command sudo nano /etc/hostname can be used for this purpose.
Users can also use the hostnamectl command to permanently change the hostname:
sudo hostnamectl set-hostname [new hostname]

8. PATHPING
Pathping is one of the best network troubleshooting tools that are available with Windows. It
provides information about network latency and network loss at intermediate hops between
a source and a destination. This command sends multiple Echo Request messages to each
router between a source and destination, over a period of time, and then computes results
based on the packets returned from each router. Because this command displays the degree of
packet loss at any given router or link, you can determine which routers or subnets might be
having network problems.

pathping 172.31.103.2

19
9. NET
NET command is used for viewing the network statistics. various options may be used to
display different outcomes.
Using the net command with accounts option displays the network statistics of your
computer.

net accounts

20