Yes!

Finally, at last we are were I wanted to arrive: the Windows Command Prompt.

In this article you're going to all the Windows Command Prompt tools you need to pass the CompTIA Security+ exam.

Here's the list:

1. How to launch the Windows Command Prompt
2. Understanding the Windows Command Based Help System
3. How to use PING like a Pro
4. How to use the ARP command (and why you should)
5. How to use ipconfig in all it's awesomeness
6. How to use netstat
7. How to use tracert

Once you have all these under your belt I would strongly suggest that you play with these commands so you can really get comfortable with them.  Explore the help system and explore the universe of Windows Command Prompt commands.

Today we'll look at launching the Windows Command Prompt, understanding the Command Prompt help system and using PING and ARP.  Then next week we'll wrap up ipconfig, netstat and tracert.

Launching the Windows Command Prompt

There are two ways to open the Windows Command Prompt: the weak way and the leet way.  You want to be leet right? I'll show you the ordinary way first and then I'll show you a cool trick to pop it open like a pro.

Hit the Windows Key on your keyboard and type:

cmd.exe

Bam, the Windows Command Prompt opens 

If you want to open an elevated command prompt, that is, you want to open a command prompt as an Administrator you can press:

 Ctrl + Shift + Enter 

This shortcut works after hitting the Windows Key and typing "cmd"

The User Account Control box will pop up 

Alright, now we've got our spectacular command prompt before us.  The black void of creative excellence, our digital chalkboard, our...

Okay let me chill out. haha.

Using PING

Now that we've gained control of the Windows Command Prompt, let's have a little fun. 

PING stands for the packet internet groper (yeah, don't ask) and it's the de facto tool used by network admins and engineers when troubleshooting connectivity issues.

Before we dive into it I want to show you the help system.

You can access help for almost any built-in Windows command by adding a space and a forward slash "?" at the end.

So If I want to see what options are available for ping I can type:

ping /?

And this is what I see.

So I can do a bunch of geeky stuff here like change the TTL values with the -i flag or ping using IPv6 with the -6 flag.  But today I just want to whet your appetite with the -n flag.

Normally ping sends four ICMP echo request messages to the target; however, with the -n flag we can change that to almost any number we like.

Let's change it to 5.

Instead of typing:

ping 8.8.8.8

We'll type:

ping -n 5 8.8.8.8

Check this out...

The magic of ping ladies and gentleman.

Arp Arp Arp!

It's like a dog barking.  Think about that.

When you hear the dog barking the middle of the night, everyone in each house on your street hears it and wakes up. 

This is exactly what ARP does.

When a host, meaning a computer, a server, a router, a whatever... wants to send a message to another host it has to scream to everyone on its street.  

The street is the network.

And it's asking for the layer 2 MAC Address (also known as a physical address or burned-in address) of the target machine so it can assemble a data frame and forward it on it's way.

You see... computers actually need more than IP addresses to communicate.  

I've discovered that a lot of people don't really understand this point.  Listen closely:

IP Addresses provide end-to-end connectivity, for example, you to securitypluspro.com.  MAC Addresses provide hop-to-hop connectivity, for example, your computer to your home router and then your home router to your ISP's router and so on.

This is CRITICAL.  

So here's the thing - when you try to hit up securitypluspro.com, your machine resolves that domain name to its IP address: 104.24.116.171 then it creates an HTTP GET request to my webserver so you can see this beautiful blog post.  

But how does the HTTP GET request know where to go?

That's the point of ARP and IP addresses.  I'll dig into this in a future post, but right now I just want you to know that ARP is a layer 2 function and IP is a layer 3 function and sometimes when troubleshooting issues you'll want to use the ARP command.

For example, if you are having problems connecting to a computer on the LAN it might be because you have two hosts on the LAN with the SAME IP address.  So some of your data frames are going to the wrong destination. 

You can inspect your local ARP entries to see if your machine is sending frames to the right destination and that's what this command does:

arp -a

It tells Windows to show you all ARP entries on your PC.

I used 

arp /?

This displayed all the arptions... I mean options haha - man I'm cheezy.

So here you can see 10.1.1.1 has the MAC address (also known as a Physical Address) 00-57-1d-a3-fe-01.

And that's my default gateway.  You can see that's the case when I SSH into my Cisco Router and view the the IP addresses on each interface:

Typing:

show ip interface brief

Displays my IP address as 10.1.1.1.

So bingo.

And the really neat thing here is if we pop open Wireshark, we  can see exactly what's happening.

I know there's a lot going on (and a lot I haven't explained yet) but that will come in future lessons. 

For now I just want you to see that the Sender IP address: 10.1.1.10 is my Windows 10 machine.  And I sent an ARP Broadcast to 10.1.1.1 (my default gateway which is that Cisco router).

So I basically yelled, "WHO HAS THE IP ADDRESS 10.1.1.1?" And everyone on the 10.1.1.0 network received that broadcast but only the default gateway replied with his MAC Address.

When 10.1.1.1 replied with his MAC address I saved it in my local cache which is exactly what we viewed earlier with the:

arp -a

command.

Whew

Coming Up

Okay this post went longer than I expected but I really want you to understand how this stuff works.  And that's why I created this video for you.

It shows you everything I did here (and more) in step-by-step detail.  Check it out! And don't forget to subscribe to my email list after you watch so you can get more free content like this sent directly to your inbox.

Cheers!

Next week we'll look at netstat, ipconfig and tracert.