Show Menu

System Engineering Cheat Sheet by

Modul 157 Cheat Sheet


Beschr­eibung: Mit diesen Statis­tiken kann man heraus­finden, welche Ports geöffnet sind oder welche Verbin­dungen zu entfernten Rechnern bestehen. Für bestehende Verbin­dungen lässt sich unter anderem die Adresse der Gegens­telle ablesen.
Netstat -a: Displays all connec­tions and listening ports.
Netstat -e: Displays Ethernet statistics
Netstat -r: Displays the contents of the routing table


Beschr­eibung: Das Address Resolution Protocol (ARP) ist ein Netzwe­rkp­rot­okoll, das zu einer Netzwe­rka­dresse der Intern­ets­chicht die physische Adresse (Hardw­are­adr­esse) der Netzzu­gan­gss­chicht ermittelt und diese Zuordnung gegebe­nen­falls in den so genannten ARP-Ta­bellen der beteil­igten Rechner hinter­legt.
arp -d: Removes the listed entry from the ARP cache
arp -s: Adds a static entry to the ARP cache
arp -a: Displays all the current ARP entries for all interfaces


Beschr­eibung: Unter dem Ping-Wert versteht man die Zeitspanne zwischen dem Aussenden eines Datenp­aketes an einen Empfänger und des daraufhin unmitt­elbar zurück­ges­chi­ckten Antwor­tpa­ketes.
Ping -t: Pings the specified host until stopped. To see statistics and continue type Contro­l-B­reak. To stop type Control-C.
Ping -l: Sends packets of a particular size.
Ping -r: Records the route for count hops.


Beschr­eibung: Trace Route (trace­route / tracert) Trace Route ist ein Komman­doz­eil­en-­Tool, um in einem IP-Net­zwerk den Weg von Datenp­aketen zu verfolgen und sichtbar zu machen. Es geht darum festzu­ste­llen, welche Stationen ein Datenpaket bis zum Ziel nimmt.
Tracert -d: This option prevents tracert from resolving IP addresses to hostnames, often resulting in much faster results.
Tracert -h: This tracert option specifies the maximum number of hops in the search for the target. If you do not specify MaxHops, and a target has not been found by 30 hops, tracert will stop looking.
Tracert -6: This option forces tracert to use IPv6 only.


Beschr­eibung: Den Host-Namen eingeben kann und dann dessen dazuge­hörige IP-Adresse erhält. Ein sogena­nnter Reverse Lookup ist ebenfalls möglich, um den Host-Namen zu einer bestimmten IP-Adresse zu finden.
nslookup (ENTER) dann domain­nam­e.xy: gibt die grundl­egenden Ergebnisse aus
set q=any (ENTER) - legt fest, dass so viele Ergebnisse wie möglich angezeigt werden
set q=mx (ENTER) - legt fest, dass alle Einste­llungen für Mail angezeigt werden.


Beschr­eibung: MBSA (Microsoft Baseline Security Analyzer) ist ein kosten­loses Werkzeug, das Windows auf Sicher­hei­tsl­ücken unters­ucht. Es soll etwa typische sicher­hei­tsr­ele­vante Fehlko­nfi­gur­ationen in Micros­oft­-Pr­odukten und Windows ausfindig machen. Außerdem überprüft es, ob alle aktuellen Sicher­hei­tsu­pdates vorhanden sind. Das Programm kann ohne Gültig­kei­tsp­rüfung bei Microsoft herunt­erg­eladen werden
-qp: This switch instructs MBSA to not show scan progress.
-u: This switch lets you specify the user name of an admini­str­ato­r-level user on the target comput­er(s).
-nd: This switch instructs MBSA to not download any files from the Microsoft Web site when performing a scan. In other words, it instructs MBSA to perform the scan like it would in offline mode.

Nirsoft wnetwa­tcher

Beschr­eibung: Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.
/cfg <Fi­len­ame­>: Start Wireless Network Watcher with the specified config­uration file. For example: WNetWa­tch­er.exe /cfg "­c:­\con­fig­\wn­w.c­fg" WNetWa­tch­er.exe /cfg "­%Ap­pDa­ta%­\WN­etW­atc­­g"
/stext <Fi­len­ame­>: Scan your network, and save the network devices list into a regular text file.
/shtml <Fi­len­ame­>: Scan your network, and save the network devices list into HTML file (Horiz­ontal).


Beschr­eibung: ipconfig ist ein Befehl des Betrie­bss­ystems Microsoft Windows die Hardwa­rea­dressen bzw. die IP-Adr­essen der im lokalen Netzwerk verwen­deten Geräte anzeigt.
ipconfig -all: Show detailed inform­ation
ipconfig -renew: renew all adapters
ipconfig -flushdns: Clears the contents of the DNS resolver cache.

Windows Perfor­mance Analyzer

Beschr­eibung: WPA is a powerful analysis tool that combines a very flexible UI with extensive graphing capabi­lities and data tables that can be pivoted and that have full text search capabi­lities. WPA provides an Issues window to explore the root cause of any identi­fied.
CTRL+O: Open a new trace or session
CTRL+G: Show and navigate to Graph Explorer
F1: Open WPA help site


Beschr­eibung: This website can do Tests on every domain to test, if the are legit etc..
Blacklist: The blacklist check will test a mail server IP address against over 100 DNS based email blacklists
SMTP Diagno­stics: This test will connect to a mail server via SMTP, perform a simple Open Relay Test and verify the server has a reverse DNS (PTR) record.
Domain Health: The Domain Health Check will execute hundreds of domain­/em­ail­/ne­twork perfor­mance tests to make sure all of your systems are online and performing optimally


Beschr­eibung: Pathping ist ein erweit­erter Window­s-B­efehl zu Tracert und Ping. Im Gegensatz zu Tracert liefert Pathping detail­lierte Inform­ationen über die Weiter­leitung der Pakete zu den einzelnen Rechnern
PathPing -n: Does not resolve addresses to host names.
Pathping -p: Number of millis­econds to wait between pings.
Pathping -T: Attaches a layer 2 priority tag to the packets and sends it to each of the network devices in the path. This helps in identi­fying the network devices that do not have layer 2 priority configured properly. The -T switch is used to test for Quality of Service (QoS) connec­tivity.


Beschr­eibung: TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connec­tions.
Using Tcpvcon: Tcpvcon usage is similar to that of the built-in Windows netstat utility:
-a: Show all endpoints (default is to show establ­ished TCP connec­tions).
-n: Don't resolve addresses.

Sysint­ernals Process Explorer

Beschr­eibung: Process Explorer shows you inform­ation about which handles and DLLs processes have opened or loaded.
-l: Dump the sizes of pagefi­le-­backed sections.
-r: Flag DLLs that relocated because they are not loaded at their base address.
-t: Show process tree.


Beschr­eibung: Eine Routin­gta­belle (auch Routing Inform­ation Base) enthält Angaben zu möglichen Wegen, zum „optim­alen“ Weg, zum Status, zur Metrik, d. h. dem Bewert­ung­sma­ßstab des Weges, und zum Alter. Grundlage ist die Verknü­pfung der Ziel-I­P-A­dresse mit einer Richtu­ngs­angabe in Form des Folger­outers und des Interf­aces, über den der Paketstrom zu lenken ist.
Route -f: Clears the routing table of all gateway entries. If this is used in conjun­ction with one of the other commands, the tables are cleared prior to running the command.
Route -Print < destin­ation >: Prints a route to the specified host. Option­ally, prints the routes for the specified destin­ation.
Route -Change <de­sti­nat­ion> Mask <ne­tma­sk> <ga­tew­ay> Metric <me­tri­c> if <in­ter­fac­e>: Modifies an existing route.

Windows Perfor­mance Toolkit

Beschr­eibung: The Windows Perfor­mance Toolkit consists of two indepe­ndent tools: Windows Perfor­mance Recorder (WPR) and Windows Perfor­mance Analyzer (WPA). In addition, support is maintained for the previous comman­d-line tool, Xperf. However, Xperfview is no longer supported. All recordings must be opened and analyzed by using WPA.
IContr­olE­rro­rInfo: Provides functions that obtain inform­ation about errors that occur when the control manager performs an operation.
IOnOff­Tra­nsi­tio­nMa­nager: Enables the client to store the profiles of the IProfi­leC­oll­ection to the registry for boot tracing.
IProfile: Represents an individual profile that the client controls.

Microsoft Assessment and Planning Toolkit

Beschr­eibung: The Microsoft Assessment and Planning Toolkit makes it easy to assess your current IT infras­tru­cture for a variety of technology migration projects. This Solution Accele­rator provides a powerful inventory, assess­ment, and reporting tool to simplify the migration planning process.
How to run MAP tool: - Open MAP tool - Create inventory database which will be used to save inventory data and collected statistics inside it when working with the MAP tool , by default SQL express is installed by default when installing MAP tool , SQL express is used to host the inventory database. - After creating the database. the MAP console launches giving the option to select your Inventory scenario , since MAP tool can be used to target different scenarios like SQL database consol­ida­tion, VM migration, windows upgrade, lync readiness check, etc…

Help Us Go Positive!

We offset our carbon usage with Ecologi. Click the link below to help us!

We offset our carbon footprint via Ecologi


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.