Netstat command with Window 7

In Windows 7, the rational use of some basic commands, often in the protection of network security play a big role, following a few very prominent role of the command, here we teach you the proper use of "netstat" command, so that the embodiment of Windows 7 security expert.

Detect network connection

If you suspect that your computer Trojan installed by others, or is the virus, but there is no perfect tool for hand detection is not really such a thing happens, that you can use Windows built-in network command see who Connect your computer. Specific command format is: netstat-an command to see all of this and the local computer to connect to IP, which consists of four parts - proto (connection), local address (local connection address), foreign address (and the local establishment connection address), state (current port status). For more information through this order, we can completely control the computer connection, so as to achieve the purpose of controlling the computer.

We are at the command prompt, type the following: netstat-a show currently open on your computer all the ports, netstat-s-e a more detailed display of your network information, including TCP, UDP, ICMP and IP statistics and other people may have seen the. Have you ever thought that surpassed the level of understanding of Vista, Windows7 display protocol statistics and current TCP / IP network connections and knowledge?

netstat command usage is as follows (Note: where there is ab according to the order) -

NETSTAT: Vista / Windows7 under the display protocol statistics and current TCP / IP network connection. Can run the netstat without any parameters, as shown:

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-A displays all connections and listening ports.

-B show created for each connection or listening port involved in the executable. In some cases, known executables host multiple independent components, these cases show

Create a connection or listening port components involved in sequence. This case, the name of the executable program is located in the bottom of the [] in, it calls the component at the top, until it reaches the TCP / IP. Note that this selection

Items may be very time-consuming, and when you do not have sufficient permissions may fail.

-E Display Ethernet statistics. This option can be used in conjunction with the-s option.

-F show the external address fully qualified domain name (FQDN).

-N display in digital form address and port number.

-O display-owned process associated with each connection ID.

-P proto proto specified protocol shows the connection; proto can be any of the following: TCP, UDP, TCPv6 or UDPv6. If, together with the-s option is used to display each of the Society

Proposed statistics, proto may be any of the following: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP or UDPv6.

-R display routing table.

-S show statistics for each protocol. By default, show IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP and UDPv6 statistics;-p option can be used to specify the mime

Identified subnet.

-T displays the current connection unloaded state.

interval to re-display the selected statistics, each show the number of seconds between the suspension of the interval. Press CTRL + C to stop the show statistics.

Disable unknown service

Many friends in one day will find that after the system restarts the computer slows down, and this time is likely to be other people through the invasion of your computer you open a particular service, such as information services IIS. By "net start" to see what kind of services the system is turned on, if we find the open service is not their own, we can disable the targeted service. Is to enter "net start" to see the service, and then "net stop server" to disable services.

Easy to check accounts

For a long time, very much like a malicious attacker to use cloning methods to control the account on your computer. They used the method is to activate a system, the default account, but this account is often used in 不, Ranhou use of tools to enhance the Daoguanliyuan Quanxian this account, the account from the surface of the Hai Shi and Yuan Lai seems the same, but the cloning of account is the biggest security risks the system. Malicious attacker can arbitrarily control the account on your computer. To avoid this situation, you can use very simple methods account for testing.

First of all, the command line, enter net user, view the computer what the user, then use "net user + user name" View this user belongs to any authority, usually in addition to Administrator is the administrators group, the other not! If you find a system built-in user belongs to administrators group, then almost certainly you have been invaded, and the others on your computer account was cloned. Quick to use "net user username / del" to delete the user it!