10 Windows commands you

need to know

The command line is a boon when you know what youre doing. Sometimes you simply
dont have the time to figure out pretty interfaces and buttons and you just want to
bang out a few commands and have the computer respond.
Well, Windows has a veritable encyclopedia of commands but there are only a few that
are essential.
There are multiple reasons why you should become a command line
advocate; besides the fact that itll make you look (and feel) like a bonafide geek, you
can actually execute common tasks faster at the command line - especially as you
become conversant with it.
Whether you want to flaunt the latest command line tricks to your boss or are simply
trying to view network information, here is my top 10 list of windows commands that
you absolutely have to know.
1.

pathping

2.

nslookup

3.

netsh

4.

netstat

5.

sfc

6.

driverquery

7.

sigverif

8.

cipher

9.

tasklist

10.

taskkill

1. pathping
I love pathping.
If tracert and ping made love they would produce a pathping baby.
Pathping gives you the best from both commands in a nice, succinct package. It traces
the path between hosts and chronicles the results over time so you can see each device
between you and your destination. It also shows the IP of each hop along the way.
Of course, this assumes no organizations are blocking ICMP packets (many do especially
at the network edge); however, even tracert cant circumvent this apparent liability so
theres no real advantage to using tracert.
In my example below, you can see pathping resolved fixedbyvonnie.com but stopped
at 10.0.2.2 which is my default gateway. The next hop doesnt respond to ICMP
packets so I received asterisks where the IP should be. Try it on your computer to see
what you get; your results will probably differ.

pathping fixedbyvonnie.com

2 nslookup
nslookup (short for nameserver lookup) is a classic command adored by geeks near
and far. It finds name server information by sending a query to the Domain Name
Server (DNS) designated for your home or business. If you want the nitty gritty about
how DNS works, see the article I wrote about DNS.
Just enter nslookup followed by the hostname to resolve and youll see the hostname
and IP of your Domain Name server followed by the resolved IP address of the
destination.

nslookup fixedbyvonnie.com

3. netsh
Everyone knows ipconfig gives you basic IP information; and sometimes thats all you
want. Other times you need verbose output so you enter ipconfig /all and well
thats great and all; however, few people know about the furtive netsh command and
the power it yields to those who respect it.

netsh interface ip show config

This command is almost identical to ipconfig except I like the output a little better.
The stuff I really care about such as whether or not DHCP is enabled, the IP address,
Subnet Mask, Default Gateway and DNS information is all there grouped by adapter. I
feel ipconfig inundates me with too much information so sometimes I like using the
netsh option.
On the flip side, one annoyance with netsh is that I dont get the MAC address but the
real purpose of netsh interface ip show config isnt to replace ipconfig; its just an
alternate means of displaying network info.
In the screen shot below I highlighted the command in yellow to make it easy to see
where the output starts.

4. netstat
Netstat is great command to run when you think you have malware on your computer.
If theres a Trojan or Bot sitting on your computer then it must open a port in a TCP/IP
state called LISTENING so it can await remote commands from the attacker. To view all
ports on your system enter this command:

netstat -ano

or if you want to see everything add the b switch to show each executable involved in
creating the connection.

netstat -bano

Now you can see all connections and listening ports along with the process ID and .EXE
file associated with the connection. If you suspect your computer has been
compromised research the executable or process name in Google to see what other
people have said about it. The other thing you can do is compare the netstat output
with a known working system and research the differences.

As an aside, since bano is bathroom in Spanish I never forget that netstat -bano shows
me all the digital dirt on my system. Its a helpful mnemonic.

5. sfc
Speaking of Malware, when scrutinizing aberrant files, the System File Checker (sfc) is
also a good tool to have on your belt. If your system is exhibiting anomalous behavior
or if youve recently received file corruption errors then you should run sfc.
SFC scans the integrity of all protected system files and replaces incorrect versions with
the right Microsoft versions. When teemed with the /scannow switch, SFC takes its
best shot at repairing problem files.
Depending on the size of your hard drive it can take several hours to complete so
sometimes its best to run it overnight.

sfc /scannow

6. driverquery
When you need to see a list of all your system drivers use driverquery. This command
completes in seconds.

driverquery

You can also output the list to a pretty spreadsheet by using this little trick:

driverquery /fo csv > my-drivers.xlsx

My driver list now resides in C:\Windows\system32 but it may vary for

you. driverquery simply dumps the output in the directory the command was executed
from.

7. sigverif
As a general rule of maintenance you can run the File Signature Verification tool to help
maintain the integrity of your computer. Any core files that are essential to system
operation are digitally signed so that changes can be easily detected.
A digital signature is a math formula designed to prove the authenticity of a digital
message. If the digital signature checks completes OK then you can have a high level
of confidence that the file wasnt alteredand thus has integrity.

sigverif

At the end of the report itll display a list of any files that havent been digitally
signed, the full path to those files, along with the version number and last modified

date. You should research any unsigned drivers to see if you can uninstall or update
them.

8. cipher
Besides having the coolest name on the list, cipher is actually one of the best kept
secrets of the command line. In addition to letting administrators encrypt and decrypt
drive data, it actually lets you overwrite deleted data rendering it virtually irrevocable.
Whenever you delete a file on a traditional hard drive the data isnt really zapped from
the disk; vestiges of it still remain. The only thing that really happens is that the
deleted data is deallocated and therefore made available for use when new data is
written to the hard drive.
The deleted data isnt really deleted. You can prove this by using free data recovery
software like Recuva . As long as the data isnt overwritten it can be easily restored.
On a side note, this isnt applicable if you have a Solid State Drive. You can read my
article about SSDs if you really want to know why.
But I digress, cipher is a quick and easy fix to make unauthorized recovery of your
data very hard (notimpossible but extremely arduous).
When youre ready to nuke your drive heres the metaphorical big red button:

Use with caution:

cipher /w:d:

9. tasklist
Sure you could press Ctrl + Alt + Del to conjure up the Windows Task Manager but the
command line has much too alluring.
To see a list of all running tasks on your PC enter this command:

tasklist/fi "STATUS eq running"

This says, show me a list of tasks that currently have a status of running.
You can also see all your frozen applications too:

tasklist/fi "STATUS eq not responding"

10. taskkill
When you find the obdurate process thats locking up your computer use taskkill to kill
it.
The PID switch kills a task by Process ID (PID) and taskkill /im kills a task by image
name which is the file name of the application.

In the graphic above I highlighted the image name iexplorer.exe so you could see how
I knew to kill PID3880.

The Bottom Line

The command line is a veritable swiss army knife for Windows IT professionals. Its
there when we need it but sometimes we wish it could do more. In this article I
illustrated 10 sure fire ways to make the command line work for you.
In the comments, let me know of any other commands you use that I didnt mention
here. I listed my favorites but you might have others that can benefit the group.

To break ping eg ping www.google.com t

Break ping control plus c