arp dan ipconfig syntax
TRANSCRIPT
ARP.exe
ARP - Address Resolution Protocol http://www.ss64.com/nt/arp.html Display and modify the IP-to-Physical address translation tables used by address resolution protocol.
syntax View the contents of the local ARP cache table ARP -a [ip_addr] [-N if_addr]
Add a static Arp entry for frequent accessed hosts ARP -s ip_addr eth_addr [if_addr]
Delete an entry ARP -d ip_addr [if_addr]
key -a Display current ARP entries. May include more than one network interface. If ip_addr is specified, the IP and Physical addresses for only the specified computer are displayed. -g Same as -a.
-N if_addr Display the ARP entries for the network interface specified by if_addr.
-d ip_addr Delete the host specified by ip_addr. -d * will delete all hosts.
-s Add the host and associates the Internet address ip_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.
If two hosts on the same sub-net cannot ping each other successfully, try running ARP -a to list the addresses on each computer to see if they have the correct MAC addresses.
A host's MAC address can be checked using IPCONFIG. If another host with a duplicate IP address exists on the network, the ARP cache may have had the MAC address for the other computer placed in it. ARP -d is used to delete an
entry that may be incorrect.
Related Commands:
ROUTE - Manipulate network routing tablesQ199773 - Behaviour of Gratuitous ARP Q140859 - Win NT TCP/IP Routing Basics
Equivalent Linux BASH commands:
IPCONFIG
Configure IP.
syntax
IPCONFIG /all Display full configuration information.
IPCONFIG /release [adapter] Release the IP address for the specified adapter.
IPCONFIG /renew [adapter] Renew the IP address for the specified adapter.
IPCONFIG /flushdns Purge the DNS Resolver cache. ##
IPCONFIG /registerdns Refresh all DHCP leases and re-register DNS names. ##
IPCONFIG /displaydns Display the contents of the DNS Resolver Cache. ##
IPCONFIG /showclassid adapter Display all the DHCP class IDs allowed for adapter. ##
IPCONFIG /setclassid adapter [classid] Modify the dhcp class id. ##
## = New option in Win 2K/XP
If the Adapter name contains spaces, use quotes: "Adapter Name"wildcard characters * and ? allowed, see the examples below
The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples: > ipconfig ... Show information. > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL
> ipconfig /release *Con* ... release all matching connections, eg. "Local Area Connection 1" or "Local Area Connection 2"
> ipconfig /setclassid "Local Area Connection" TEST ... set the DHCP class ID for the named adapter to = TEST
"Life is a grand adventure - or it is nothing." - Helen Keller
Related Commands:
BROWSTAT - Get domain, browser and PDC info NETSTAT - Display networking statistics (TCP/IP) NETSH - Configure interfaces, routing protocols, filters, routes, RRAS PATHPING - IP trace utility PING - Test a network connection
Q192064 - Locate multiple preferred logon serversQ813878 - How to block specific network protocols and ports.Q313190 - Use IPSec IP Filter ListsThe Inq/Jon Honeyball - Routing to harden machines against attackNTFAQ - How to disable automatic private IP addressing (2K and XP)
Equivalent Linux BASH commands:
ping - Test a network connectiontrace - Find the IP address of a remote host.
BROWSTAT.exe (Resource Kit)
Get domain, browser and PDC info.
syntax:
BROWSTAT sta : Status Displays Transport,Primary DNS
and Backup DNS servers.
BROWSTAT sta -v domain : Status Display (Verbose): includes Server OS and active browsers.
BROWSTAT gp Transport Domain : List the PDC name (using NetBIOS) BROWSTAT gm Transport Domain : List the remote Master Browser name(using NetBIOS) BROWSTAT gb Transport : List list of backup DNS Servers BROWSTAT wfw : List WFW servers that are running browser.
BROWSTAT sts \\ServerName : Dump browser statistics
BROWSTAT TICKLE : Force remote master to stop. BROWSTAT ELECT : Force election on remote domain
The VIEW options below can enumerate all the server servicesrunning across a server or domain:
BROWSTAT vw Transport BROWSTAT vw Transport domain BROWSTAT vw Transport \\Server BROWSTAT vw Transport \\Server /DOMAIN DomainToQuery
In the list displays, the following flags are used:
W = Workstation NT = Windows NT S = Server W95 = Windows95SQL = SQLServer WFW = WindowsForWorkgroupsSS = StandardServer MFPN= MS NetwarePDC = PrimaryDomainController NV = NovellBDC = BackupDomainController XN = Xenix
TS=TimeSourceMBC=MemberServerPQ=PrintServerDL=DialinServerAFP=AFPServerOSF=OSFServerVMS=VMSServer
PBR=PotentialBrowserBBR=BackupBrowser,MBR=MasterBrowserDMB=DomainMasterBrowserDFS=DistributedFileSystem
A mission statement is defined as "a long awkward sentence that demonstrates management's inability to think clearly." All good companies have one. - Scott Adams The Dilbert Principle, 1996
Related Commands:
Q188305 - Troubleshooting the Browser ServiceDNSSTAT - DNS StatisticsNETSTAT - Display networking statistics (TCP/IP) SETPRFDC - Set preferred Domain Controller
Equivalent Linux BASH commands:
NETSH (Win2k Resource Kit, standard command in XP)
Configure interfaces, routing protocols, filters, routes, RRAS, .
syntax NETSH [-r router name] [-a AliasFile] [-c Context] [Command | -f ScriptFile]
key context may be any of: DHCP, ip, ipx, netbeui, ras, routing, autodhcp, dnsproxy, igmp, mib, nat, ospf, relay, rip, wins.
Under Windows XP the available contexts are: AAAA, DHCP, DIAG, IP, RAS, ROUTING, WINS
To display a list of commands that can be used in a context, type the context name followed by a space and a ? at the netsh> command prompt. e.g. netsh> routing ?
command may be any of:
/exec script_file_name Load the script file and execute commands from it.
/offline Set the current mode to offline. changes made in this mode are saved, but require a "commit" or "online" command to be set in the router.
/online Set the current mode to online. Changes in this mode are immediately reflected in the router.
/commit Commit any changes made in the offline mode to the router.
/popd Pop a context from the stack.
/pushd Push current context onto the stack.
/set mode [mode =] online | offline Set the current mode to online or offline.
/abort Discard changes made in offline mode.
/add helper DLL-name Install the helper .dll file in netsh.exe.
/delete helper .dll file name Remove the helper .dll file from Netsh.exe.
/show alias list all defined aliases. /show helper list all top-level helpers. /show mode show the current mode.
/alias List all aliases.
/alias [alias_name] Display the string value of the alias.
/alias [alias_name] [string1] [string2 ...] Set alias_name to the specified strings.
/unalias alias_name Delete an alias.
/dump - file name Dump or append configuration to a text file.
/bye Exit NETSH /exit Exit NETSH /quit Exit NETSH /h Display help /help Display help /? Display help
"Once you eliminate your #1 problem, #2 gets a promotion" - Gerald Weinberg, "The Secrets of Consulting"
Related commands:
Q242468 - How to Use the Netsh.exe Tool Q257748 - Change from Static IP Address to DHCP with NETSHQ140859 - Win NT TCP/IP Routing Basics ROUTE - Manipulate network routing tables
Equivalent Linux BASH commands:
route -
PATHPING (Windows 2000 only)
IP trace utility.
syntax PATHPING [-n] [-h max_hops] [-g host-list] [-p period] [-q num_queries] [-w timeout] [-t] [-R] [-r] target_name
key -n Don't resolve addresses to hostnames -h max_hops Max number of hops to search -g host-list Loose source route along host-list -p period Wait between pings (milliseconds) -q num_queries Number of queries per hop -w timeout Wait timeout for each reply (milliseconds) -T Test each hop with Layer-2 priority tags -R Test if each hop is RSVP aware
Related Commands:
BROWSTAT - Get domain, browser and PDC infoIPCONFIG - IP ConfigurationNETSTAT - Display networking statistics (TCP/IP) PING - Test a network connectionTRACERT - Trace route to a remote host
Equivalent Linux BASH commands:
ping - Test a network connectiontrace - Find the IP address of a remote host.
TRACERT
Trace Route - Find the IP address of any remote host. TRACERT is useful for troubleshooting large networks where several paths can be taken to arrive at the same point, or where many intermediate systems (routers or bridges) are involved.
syntax TRACERT [options] target_name
key target_name The HTTP or UNC name of the host
Options: -d Do not resolve addresses to hostnames.
(avoids performing a DNS lookup)
-h max_hops Maximum number of hops to search for target.
-j host-list Trace route along given host-list.
-w timeout Wait timeout milliseconds for each reply.
The functionality of TRACERT is the same under all versions of windows but the output is cosmetically improved under XP.
Tracert uses the IP TTL field and ICMP error messages to determine the route from one host to another through a network. However, care must be taken when using this utility as it shows the optimal route, not necessarily the actual route. To be accurate, it is possible to ping from a UNIX machine back to the PC using the -R option to record the route taken - but only if the particular network devices support it.
Examples
TRACERT www.doubleclick.net
TRACERT 123.45.67.89
TRACERT local_server
Get your kicks on ROUTE 66 - Jack Kerouac.
Related Commands:
NSLOOKUP - Name server lookup PING - Test a network connectionPATHPING - Route Tracing tool (Windows 2000) ROUTE - Manipulate network routing tables
Q162326 - Using TRACERT to Troubleshoot TCP/IP Problemstip 4723 - A better description from JSIincTRACE.BAT - handy report on any given Internet addresstracert.com - trace routes from remote locations
Equivalent Linux BASH commands:
trace - Find the IP address of a remote host.
ROUTE.exe
Manipulate network routing tables. Route packets of network traffic from one subnet to another by modifying the route table.
syntax
Display route details: ROUTE [-f] PRINT [destination_host] [MASK subnet_mask_value] [gateway] [METRIC metric] [IF interface_no.]
Add a route: ROUTE [-f] [-p] ADD [destination_host] [MASK subnet_mask_value] [gateway] [METRIC metric] [IF interface_no.]
Change a route: ROUTE [-f] CHANGE [destination_host] [MASK subnet_mask_value] [gateway] [METRIC metric] [IF interface_no.]
Delete a route: ROUTE [-f] DELETE [destination_host] [MASK subnet_mask_value] [gateway] [METRIC metric] [IF interface_no.]
key -f Clear (flush) the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.
destination_host The address (or set of addresses) that you want to reach.
-p Create a persistent route - survives system reboots. (not supported in Windows 95)
subnet_mask_value The subnet mask value for this route entry. This defines how many addresses are there. If not specified, it defaults to 255.255.255.255.
gateway The gateway.
interface The interface number (1,2,...) for the specified route. If the option `IF interface_no` is not given, ROUTE will try to find the best interface available.
METRIC The metric, ie. cost for the destination.
Note that routes added to the table are not made persistent unless the -p switch is specified. Non-persistent routes only last until the computer is rebooted.
Symbolic names used for Destination_Host are looked up in the network database file NETWORKS.
The symbolic names for gateway are looked up in the host name database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard ('*'), or the gateway argument may be omitted.
An IP address mask of 0.0.0.0 means everything. (rather like the *.* wildcard). In other words it says, “when matching this pattern, don’t worry about matching any of the bits - everything matches.
If Destination_Host contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples:157.*.1157.*127.**224*
Get your kicks on ROUTE 66 - Jack Kerouac.
Related Commands:
NETSTAT-rn - Display TCP/IP network connections, routing and protocol statisticsTRACERT - Trace route to a remote hostQ140859 - Win NT TCP/IP Routing Basics
Equivalent Linux BASH commands:
ping - Test a network connectiontrace - Find the IP address of a remote host.
PCHelp's
Network TracerDownload TRACE.ZIP
Introduction Purposes What It Finds Disclaimer Install & Use Notes Glossary
Introduction
TRACE.BAT is an MS-DOS batch process which uses standard network query utilities to work up a handy report on a given Internet address. It does so automatically and fairly quickly, in a simple format and in a logical sequence. It provides a report in plain text which it opens in Notepad when done. It gives some screen feedback while in process.
All the user needs is one of the following: an IP address, a hostname, an email address or a URL.
Because the Tracer performs extended domain registration lookups, encompassing the shared .COM, .NET and .ORG registries and more than 70 countries, it is a sort of super-WHOIS utility.
It runs easily and quickly from the desktop Run dialog, and requires no familiarity with MS-DOS.
TRACE.BAT works with Windows 95, Windows 98 and Windows ME.
NT Version
I have not adapted the Tracer to NT, but someone else has. Simon Daykin of Byte-Sized.com sent me an NT-adapted Tracer 'way back in November '99. I provide here a copy of that modified version, which reportedly functions well. I should have posted it long ago (it's now October 2000; I never carried out my own plan to adapt the script, which plan was the reason I didn't publish Simon's version). I apologize to the many NT users who might have benefited by Simon's work.
I can't promise any kind of support of this version, and I'm reluctant to takeon the task of maintaining it with updates as I do the Win9x Tracer. But I'll take an interest in any problems and I'll do whatever I reasonably can. I'd particularly be interested to know if it works under Windows 2000. I suspect it will, since Win2K is basically a version of NT.
Users of the NT Tracer must first install the regular Tracer, omitting only NSLOOKUP.EXE (NT has its own); then replace the file trace.bat with traceNT.bat (which I advise renaming to trace.bat). I look forward to hearing how it performs.
Origins
(Note: there's a glossary of terms below.)
Over the years, in my efforts to better understand the workings of the Net, I gradually became familiar with a number of the longtime-standard command-line tools that reveal the nuts and bolts of the Internet. With names like PING, WHOIS, NSLOOKUP, and TRACEROUTE, these tools allow one to peek into basic network functions and structure. I refer to them as "network query utilities" because that's what they do. In a variety of ways, they ask systems and servers on the network for information.
And information they do receive. It's often amazing to people just how much the Net will reveal about itself if one only asks.
Most of my early experience with such utilities was on a Unix shell account. *nix users have practically always had lots of good network tools available. But finding implementations of those programs for use under Windows was a real challenge even just a few years ago.
With the arrival of Windows 95 the situation improved; but though a few decent network query utilities exist in all Windows 9x installations, they are generally unknown to the average user and most of them are DOS-based. Nowadays, Windows users usually haven't the first clue how to use the totally textual DOS command-line interface. The upshot of it is, where their network's nuts and bolts are concerned, Windows users have generally been left out in the cold and dark.
But with time, practically every useful Unix network tool has been adapted to DOS. My many searches of the Net have gradually yielded a fine collection of these powerful, simple tools.
Bringing The Tools Together
MS-DOS has a handy "batch" language of its own which allows the use of scripts to execute a series of DOS commands. This has particular advantages where a
collection of text-based programs is concerned; it allows a degree of integration of otherwise disconnected processes.
Somewhere early on, I began producing batchfiles to make my own use of the various network query tools more convenient.
Things really fell into line when I found an excellent NSLOOKUP (Name Server Lookup) tool in BINDNT. Though a bit arcane, NSLOOKUP is a very powerful tool where IP networking is concerned. It wasn't long before I had put together a number of batchfiles that took advantage of NSLOOKUP, some in conjunction with other utilities such as WHOIS.
Finally I decided to come up with something really comprehensive; a batch process that would assemble information from every network query type I could muster up, and deliver the lot to the Windows desktop in a textfile. This Tracer was the result. Augmented and adapted many times, it grew into a utility I could hardly do without.
What makes the Tracer special? Except for its unique vendor code lookups and its extensive coverage of country domains -- nothing much! It's using utilities that are very ordinary to most professionals, and it's a batchfile of all things, which isn't exactly whizbang high-tech programming. The key is that it brings it all together in a single report and using one simple command.
Use of the Tracer is almost ridiculously easy. One types "trace [address]" in the Run dialog while online; without further ado it does all it can with the address, and then up pops Notepad with the results.
I realized anyone at all could now use it. It was time to let others in on the fun.
What The Tracer Is For
A few uses for the Network Tracer:
Identifying the owners and/or hosts of websites and domain names Tracking down the source of unwanted email (Example: http://www.pc-
help.org/members/spamalysis/sa37.htm) Identifying and tracing the host in an obscured URL. Interpreting your website access logs (Example:
http://pc-help.org/members/logfun/govlogs.htm) Tracing suspicious connections reported by your firewall or port monitor Finding what others can learn from your IP address Checking out chat partners (I would consider this a must for the ladies).
What The Tracer Finds
If the user-provided address is an email address or a URL, TRACE.BAT will attempt to extract the IP address or hostname portion, and will then restart itself using that address as its point of reference.
TRACE.BAT uses PING to firmly establish the validity of the user-provided name or address. PING will also reveal whether the address is occupied by a responding system. In the process, if given an IP address in a format other than dotted-decimal, the Tracer takes advantage of PING's ability to convert that address to the dotted-decimal format (nnn.nnn.nnn.nnn).
If a Win9x machine is online at the address, and if your machine is set up to use NetBIOS over TCP, TRACE will often obtain a NetBIOS name table. The name table often reveals specifics about the computer and/or its user. NT machines and other platforms may also support NetBIOS.
The MAC address of a NetBIOS host reveals information about the hardware (network adapter) in use on that machine. A lookup table has been incorporated into TRACE.BAT which identifies the adapter if possible. This particular feature is, so far as I know, completely unique to this utility. To implement this lookup, I had to create what I believe is the single most extensive listing of vendor codes in public existence. At this writing, it's still a work in progress.
If TRACE.BAT sees a NetBIOS server listed in the remote name table, it will attempt to use the net view command to retrieve a listing of the resources shared by the remote machine. The list can be interesting and may reveal still more about that system and its user, by way of the names and comments assigned to the shared resources. (Many, probably most Windows machines aren't configured to use this feature, but there's a good chance it will work for you if your system is on a LAN.)
Occasionally you may encounter shared files which the remote user intentionally leaves open to access; but if there's any doubt, I caution you not to attempt to access remote shares without permission. The Tracer is not intended to facilitate intrusions. For more on NetBIOS and sharing, see: http://www.nwi.net/~pchelp/security/issues/sharing.htm.
NSLOOKUP is used to identify the IP address of a name and vice versa. The name info so obtained usually identifies the domain name associated with a given address. Lookups are done both ways (address-to-name and name-to-address) in order to spot forged and bogus names. If reverse DNS shows a discrepancy, it is noted. See definitions below.
If a name is found for the address (or initially provided), the domain name portion of the hostname is is parsed and any available domain registration record is looked up using the WHOIS utility.
The whois server at the Network Abuse Clearinghouse is consulted for an abuse contact address; if one is found it is noted in the report.
The new competitive registry scheme adds some complications to WHOIS lookups of domains in the shared TLDs (top level domains). But TRACE.BAT deals with it. The Network Solutions database is checked first in the interest of efficiency; the vast majority of domains are still listed there. If no domain record is found in the Network Solutions database, TRACE.BAT will identify the applicable registry, if any, using the NSI Registry database at whois.crsnic.net; and repeat its query using that registry's server. (This makes the Tracer quite useful to verify the availability of a desired name.)
Because of the large number of WHOIS servers/databases that must be consulted in order to retrieve records on the various country domains and other top-level domains (TLDs), implementing domain lookup fully has proven to be a real challenge. It's been a slow process to install support for each and every country domain; the server address and the query format must be found for every individual TLD. There exist few resources which assemble this information in one place, and none of them is fully complete or current. There are about 250 top-level domains. The list of the Tracer's supported domains is constantly growing.
Where a standard WHOIS server is not available for a supported domain, usually there is a WHOIS gateway (web page) available at the website of the applicable Network Information Center (NIC). If such a gateway exists, the URL of the gateway is provided in the trace report and in console feedback. Where a suitable URL can be constructed, TRACE.BAT will helpfully open the applicable record in your default browser.
The ARIN database is queried, which will identify the entity(ies) to which the IP address is registered. This may not identify the domain name owner but it will locate the domain's upline provider(s).
IP addresses falling outside the ARIN regions (ARIN generally covers North and South America and sub-Saharan Africa) are on record in either the European RIPE database or in the APNIC (Asia Pacific) database. As appropriate, these are queried.
Using Netcat, the Tracer then performs RWHOIS queries for information about the IP address. This usually yields the same information as the ARIN/RIPE/APNIC queries described above, just in a different format. But on occasion it will find useful additional information.
As a final step, a traceroute is performed, which will sometimes help to identify the domain associated with an address, and/or its physical location. This is particularly useful if the name server lookups were unsuccessful.
(There is more the Tracer could do, and I'm considering several additions. And by the way, it changes constantly. If you wind up using it frequently, I strongly recommend you obtain the latest version at intervals.)
How Long It Takes
Domain-only queries typically take about 15 seconds. Except for the traceroute, the full "trace" usually requires only a little more than 30 seconds. Including the traceroute (which can be optionally excluded or interrupted manually), TRACE.BAT usually does its work in one or two minutes. Delays or failures may sometimes happen during any of the queries. Traceroute is typically the slowest query and can occasionally require many minutes. Start and finish times are logged.
The Tracer pauses when finished, offering the user 10 seconds to accept or decline the display of its report. Given no response, it will open Notepad with the text.
Disclaimer
NOTICE: No warranty is expressed or implied. You use TRACE.BAT entirely at your own risk.
TRACE.BAT is virtually incapable of doing significant damage under any circumstances and it is unlikely to malfunction in any serious way; but no computer process is ever completely foolproof.
TRACE.BAT may fail, partially or entirely, to obtain the desired information due to network congestion, remote system failures, dropped connections, user attitude, house fires, sabotage, teenagers, whimsy, my stupid mistakes, or any number of other causes, real or imagined. You agree to endure all failures with infinite patience.
Polite complaints will be received with interest, all others will be ignored or met with sarcasm.
The Tracer's process relies on tools over which I have no direct control. Those tools must be present and correctly functional. For your information, they are:
MS-DOS 7.0+ with long filenames enabled (Win9x/NT) NBTSTAT.EXE (Win 9x/NT) TRACERT.EXE (Win 9x/NT) CHOICE.COM (Win9x) or CHOICE.EXE (NT) FIND.EXE (Win9x/NT) NSLOOKUP.EXE (freeware: BINDNT version 4.9.7) WHOIS.EXE (freeware: http://www.kiraly.com/software/utilities/whois) BFR.EXE (freeware:
http://www.voiceinfo.com/Commerce/DownLoad/Arc_S2.asp) NC.EXE (Netcat) (freeware: http://pc-help.org/trace/netcat.txt)
You don't have to retrieve any of these items. The freeware .EXE's are included with TRACE.BAT in TRACE.ZIP.
Other tools similar to the included ones might work and they might not.
It might or might not work on later Windows versions than 95/98. Reports indicate that it works well under WinME.
TRACE.BAT does not presently work on NT. I don't have an NT box and so haven't been able to make rapid progress adapting to that platform. There are some differences in NT's handling of certain batch commands. CHOICE.EXE is apparently absent in most NT systems, but available in the NT Resource Kit. NT's own NSLOOKUP seems to work OK. At this point I believe I have most of the information I need to make TRACE.BAT usable on NT, but it's going to take some more time. I welcome further input from NT users, and I heartily thank those who've already contributed a great deal, especially Nils and Simon.
The Tracer creates temporary files, and capture files which are retained, using a directory (folder) and filenames which are unlikely to be used by any other application. Only in the extremely unlikely event of a folder and filename collision could it cause data loss. In that event, it may remove, overwrite or alter an existing file.
Use of the Tracer sometimes shocks the hell out of someone you traced, who naïvely believed him/herself to be entirely anonymous or invisible. You agree to accept full responsibility for all consequences, including resuscitation of the victim, time wasted convincing the poor sod you're not a hacker, and the slow, painful restoration of confidence following shattered illusions. You further agree to publicly assign me full credit each time the Tracer helps you cure some insufferable creep of the belief he could lie to people, cheat them, insult them, or abuse their mailboxes or computers, without being held personally responsible.
Such is the price you pay for free software.
Installation And Use
Place TRACE.BAT and its companion files (the whole contents of TRACE.ZIP) in the Windows directory. That's directly in the Windows directory (folder). Not in a sub-folder or anywhere else.
If you have no utility that opens .ZIP archives, I recommend Winzip, available at www.winzip.com. But if you have PKUNZIP.EXE anywhere on your system (many people do, as it accompanies any number of applications unannounced), and if you know how to use a DOS command line, that's all you should need.
To run a trace from Windows, simply click on Start ... Run ... and in the resulting dialog box, type:
trace [Address]
Then hit Enter. A DOS window will open and display progress details as TRACE.BAT works. Then Notepad will open, displaying the report. The DOS window will close.
Some Tips:
A faster way to open the Run dialog is to press the Windows key (it's between Ctrl and Alt), then "R".
At present, TRACE.BAT itself must exist in the Windows directory. If you dislike cluttering your Windows directory, you may wish to place the .EXE files elsewhere, but they must be somewhere on the "path" as defined by the %path% variable; otherwise DOS can't find them when required, and TRACE.BAT will not function.
o View the path by typing at a DOS prompt: echo %path% o You can add directories to the path using the PATH= line in autoexec.bat.
Example:PATH=c:\misc\trace;c:\whatever;c:\and\so\on
TRACE.BAT --*# PCHelp's Network Tracer #*-- _ 1999, 2000
SYNTAX: TRACE Address [-n] [-t] [-d] [-s] [-x] OR: TRACE setnameserver Address
Where Address = an IP address in any format; or, a valid hostname;
or, an email address; or, a URL.Options: -n = skip NetBIOS queries -t = skip Traceroute -d = perform domain record lookup only -a = skip abuse.net query during domain lookup -s = suppress capture file display -x = no trace if previously donesetnameserver = reconfigure the NSLOOKUP Name Server to Address checkns = verify function of current nameserver
Examples (try 'em): trace 64.87.72.249 -a -n -t trace abcnews.go.com trace http://www.state.nh.us/nhdoj/ -n -t
Read TRACE.BAT in any text editor for further information.
A Few Notes
Although the Tracer does accept URLs and email addresses, it extracts and traces only the hostname or IP address; the username in an email address is not traced, nor are any other parts of a URL.
The Tracer's reports are retained in the directory c:\misc\trace with filenames in the form of: [IPAddress].txt. The directory (folder) is created if it doesn't exist already. If there is no known IP address, the filename of the capture file will be [name].txt using whatever name you entered. The same applies when the -d option is used. If no IP address and no domain name record is found, the textfile, presumably useless, is deleted. If any useful information is found, the file is retained. Be aware that over time a very large number of files could accumulate in this directory.
If a former trace of the same IP address exists, the existing text is immediately opened in Notepad for the user's reference. Meanwhile (unless the -x option is used) the new trace continues, appending its results to the file. When done, it will open the updated capture file in a new Notepad window. (It's then necessary to scroll down to see the new trace.)
Date and time are recorded in the capture file, including start and finish times. Multiple traces of a name or address can therefore produce a useful record of changes.
It is possible to do multiple simultaneous traces. I specifically adapted TRACE.BAT for this purpose. Its several temporary files are named uniquely
using the hundreths-of-seconds digits of the time it starts; so collisions of two simultaneous traces are a mere 1-in-100 probability; even less likely, in fact, since there are only brief moments when use of the same filenames would be a problem. However: two simultaneuous traces of the same address will collide because they'll use the same capture file. The result of any such collisions will be error messages and a likelihood of a damaged or incomplete report; nothing more serious than that.
If interrupted, TRACE.BAT may leave temporary files in its folder. They harm nothing, and consume little space. All start with the symbol $ so they percolate to the top of a sorted listing and are easily deleted. Once in a long while, TRACE.BAT will clean these up on its own, using a secret process known only to God and people who read the batchfile.
TRACE.BAT uses environment variables. These are data stored by MS-DOS in a limited memory space. In most Windows systems, DOS environment variables aren't heavily used, but if they are, sometimes there's not enough memory allocated for storage of the Tracer's many variables. In order to avoid this problem, the batchfile creates a new instance of command.com with an environment of ample size. Even so, it checks at a variety of points to be sure variables have been successfully stored, and will usually alert the user if there's any problem.
For some of its functions, TRACE.BAT must be located in the Windows directory, as defined by the %windir% variable. If it's not found there, TRACE.BAT will attempt to place a copy of itself in that directory.
To interpret results, TRACE.BAT relies on searches for, and handling of, certain texts in the responses output by the various utilities it runs. Because this output varies, it is possible you may see errors or misinterpretations on rare occasions. Name servers vary especially widely in their responses, so this is more likely with name server lookup data than with anything else.
If a name rather than an IP address is initially provided to TRACE.BAT, the name's IP address is resolved, the name is stored as a variable, and TRACE.BAT is restarted using the IP address as its principal point of reference. In such a case, the name may sometimes be an alias, but it will be a valid hostname, not a forged or bogus name assignment. That user-provided name, rather than any canonical or primary name associated with the address, will then be the basis of the domain name record lookup. Because of this, you may find it useful to do additional queries for the domain records of other name(s) you may find listed in the report. Simply run TRACE.BAT again using the canonical name with the -d option; or using the IP address alone.
TRACE.BAT will attempt to look up a domain name record, even if the name server lookup yields no IP address. It will attempt to parse whatever hostname is
provided by the user to extract the domain name portion. So even an improbable or nonexistent hostname like flibberdegibbet.microsoft.com will yield a domain registration record if it uses a valid domain name. This parsing of the name will still occur if the -d parameter is used.
Unless it's performing a domain-record-only lookup (using the -d switch), TRACE.BAT will PING the address; this is not merely done to find a live remote system; it's also necessary to check for a valid address. Anyone at that address with a firewall will be able to see that you pinged their system. Also, NBTSTAT contacts the remote system for its NetBIOS nametable. Using the -n parameter will disable NBTSTAT activity but the ping will still occur. So if you're trying to be stealthy, just don't use TRACE.BAT.
The batchfile is heavily commented. Everything it does is wide open to inspection, and for the most part it's painstakingly explained. For those interested in MS-DOS batch programming, it's probably full of interesting tidbits.
For those who aren't into the technical aspects, TRACE.BAT is still fairly readable and may prove enlightening. I invite you to take a look, using Wordpad or any plain-text editor (it's too big for Notepad).
If you decide to modify the batchfile, fine; but please do so only for your own use; don't remove my copyright notice; and include comments that indicate what changes were made and by whom. Also, Do not distribute an altered TRACE.BAT. If you think I should change something, let me know. If I use your idea, I'll give you credit.
I would appreciate all possible input from users of this utility. Please email me anytime and tell me how it's working for you. I welcome suggestions.
TRACE.BAT is likely to be revised or updated at any time without notice. Only the version I offer at http://www.pc-help.org/trace/trace.zip is current and it is distributed nowhere else. Please update your copy and try the latest version before you notify me of bugs. See the bottom of this page for the date of last revision.
The Network Tracer is copyright © 1999 by pchelp.
Although TRACE.BAT is offered free of charge, I reserve all rights to its content and distribution. I forbid the distribution of any altered version without express permission in writing. I forbid its sale at any price, and I remind the user that
TRACE.BAT utilizes software applications produced by others which carry their own terms. Please respect their wishes and mine. I offer no warranty but will
make every effort to attend to users' input and to improve the utility.
Download TRACE.ZIP
Definitions:
NetBIOS Network Basic Input Output System. A type of basic networking. It's built into Microsoft's Windows and NT operating systems, usually implemented by default on their network connections.
MAC ADDRESS Media Access Control Address. Also called a "hardware address." A 12-digit hexa- decimal number which identifies network devices and is used in NetBIOS networking to differentiate among networked machines. The first 6 digits of this number comprise a vendor-specific code which identifies the manufacturer of the network interface device. The remaining digits are unique to that particular copy of the device. Sometimes MAC numbers are under software control and are therefore rendered irrelevant to the hardware.
IP ADDRESS Internet Protocol Address. A unique number which is assigned to a specific computer system on an IP network. Usually seen in "dotted-decimal" format, such as: 207.178.42.11
INTERNET PROTOCOL The set of technical standards on which the Internet's networking is based. It defines the methods of data transmission and the addressing scheme by which computers "find" one another.
NAME SERVER A computer system necessary to IP networking, which retrieves, stores, and passes on name, address, and related information. There are thousands of name servers on the Internet.
NSLOOKUP Name Server Lookup. An IP networking utility which queries name servers to correlate names to IP addresses and to fetch related information.
DNS Domain Name System. This is the "distributed database" which associates human-readable names with IP addresses and related informa- tion, allowing computers to find one another on the Net using names recognizable to their human users.
REVERSE DNS The usual "forward" use of DNS is to find the address for a name. Reverse DNS (rDNS) goes the other way; it asks the specific server
associated with an address for the name _it_ assigns to that IP address. Name-to-address information comes from a centralized source. Address-to-name information comes from name servers under localized control.
FORGED NAME When a reverse DNS lookup produces a name, one can then consult the presumably correct and authoritative DNS system for the name's IP address. If this shows a different address for the name than the remote server provided, the name is "forged." This is usually an error or an outdated record, but it can sometimes be a deliberate forgery. It will usually affect only those who rely on the errant name server.
BOGUS NAME Like a forged name, but a DNS lookup of the name fails to find any address. It could be intentional or an error. It's a common occurrence.
WHOIS A standard which implements online access to database-type information. It is used by most of the various IP allocation and domain registration organizations to provide DNS information, as well as by some businesses and universities for user directories.
RWHOIS Referral WHOIS. An extension of the WHOIS standard. RWHOIS servers provide referrals to other servers. The scheme allows for expanded access to numerous databases. Presently it is most useful to find network number assignments and domain records in the generic TLDs.
ARIN American Registry for Internet Numbers. One of the three regional Internet registries which control IP address block assignments. The other two are RIPE and APNIC. http://www.arin.net/
RIPE Reseaux IP Europeens (European IP Networks) "RIPE provides technical and administrative coordination for IP networking in Europe." http://www.ripe.net/
APNIC Asia Pacific Network Information Centre http://www.apnic.net/
TRACEROUTE An IP network utility which identifies machine names and addresses along the path between two points on the network, and gauges response times.
Supported domains*
In alphabetical order:
AC Ascension IslandAD AndorraAE United Arab EmiratesAF AfghanistanAI AnguillaAL AlbaniaAM ArmeniaAR ArgentinaAS American SamoaAT AustriaAU AustraliaBA Bosnia and HerzegowinaBD BangladeshBE BelgiumBG BulgariaBH BahrainBR BrazilBT BhutanCA CanadaCC Cocos (Keeling) IslandsCH SwitzerlandCN ChinaCOM(Generic: Commercial)CR Costa RicaDE GermanyDK DenmarkDO Dominican RepublicDZ AlgeriaEC EcuadorEDU(Generic: Educational Institution)EG EgyptFI FinlandFR FranceGOV(Generic: US Government)GR GreeceGU GuamHK Hong KongID IndonesiaIE IrelandIN IndiaINT(Generic: International)IS IcelandIT ItalyJP JapanKR Korea, Republic ofKZ KazakhstanLB LebanonLI LiechtensteinLK Sri LankaLU LuxembourgMD Republic of MoldovaMIL(Generic: US Military)MM MyanmarMN Mongolia
MO MacauMX MexicoMY MalaysiaNC New CaledoniaNET(Generic: Networks)NG NigeriaNL NetherlandsNO NorwayNZ New ZealandORG(Generic: Organizations)PF French PolynesiaPG Papua New GuineaPH PhilippinesPK PakistanPR Puerto RicoPT PortugalRU Russian FederationSE SwedenSG SingaporeSO SomaliaST Sao Tome and PrincipeTH ThailandTJ TajikistanTM TurkmenistanTW Taiwan, Republic of ChinaUK United KingdomUS United StatesVN Viet NamWS SamoaZA Republic of South AfricaZW Zimbabwe
*By "supported" is meant, all possible support has been provided:
Most country domains allow direct WHOIS lookups, and in those cases TRACE.BAT will attempt to obtain the record from the appropriate server.
Some NICs provide only a Web-based lookup. In those cases, TRACE.BAT tells you where to find that service. In some instances, such as NZ and PK, a Web address can be constructed that will produce the exact record. Your default browser will be invoked to display the domain record.
Some domains are virtually undeveloped, or for whatever reason may provide no domain registration information of any kind. In those cases, all TRACE.BAT can do is tell you so. Usually there is at least a NIC website.
Each and every time I have encountered a top-level domain for which I can find no whois service, I have gone to huge effort to make completely sure I'm not missing anything before conceding defeat. I've occasionally even scanned very large netblocks for whois servers. I've emailed any contacts I could find, searched the Web on numerous engines, and more. But I'm sure there will be some resources I haven't found.
The Net is constantly evolving. It's unlikely I can ever keep TRACE.BAT totally current with respect to domain lookups. If you discover any new (or vanished) WHOIS servers or NIC resources, I invite you to inform me.
Last updated 18 December 2000TRACE.BAT update status: http://www.pc-help.org/trace/updates.txt
Download TRACE.ZIP