Show Menu

System Engineering Cheat Sheet by

Modul 157 Cheat Sheet


Beschr­eibung: Mit diesen Statis­tiken kann man heraus­finden, welche Ports geöffnet sind oder welche Verbin­dungen zu entfernten Rechnern bestehen. Für bestehende Verbin­dungen lässt sich unter anderem die Adresse der Gegens­telle ablesen.
Netstat -a: Displays all connec­tions and listening ports.
Netstat -e: Displays Ethernet statistics
Netstat -r: Displays the contents of the routing table


Beschr­eibung: Das Address Resolution Protocol (ARP) ist ein Netzwe­rkp­rot­okoll, das zu einer Netzwe­rka­dresse der Intern­ets­chicht die physische Adresse (Hardw­are­adr­esse) der Netzzu­gan­gss­chicht ermittelt und diese Zuordnung gegebe­nen­falls in den so genannten ARP-Ta­bellen der beteil­igten Rechner hinter­legt.
arp -d: Removes the listed entry from the ARP cache
arp -s: Adds a static entry to the ARP cache
arp -a: Displays all the current ARP entries for all interfaces


Beschr­eibung: Unter dem Ping-Wert versteht man die Zeitspanne zwischen dem Aussenden eines Datenp­aketes an einen Empfänger und des daraufhin unmitt­elbar zurück­ges­chi­ckten Antwor­tpa­ketes.
Ping -t: Pings the specified host until stopped. To see statistics and continue type Contro­l-B­reak. To stop type Control-C.
Ping -l: Sends packets of a particular size.
Ping -r: Records the route for count hops.


Beschr­eibung: Trace Route (trace­route / tracert) Trace Route ist ein Komman­doz­eil­en-­Tool, um in einem IP-Net­zwerk den Weg von Datenp­aketen zu verfolgen und sichtbar zu machen. Es geht darum festzu­ste­llen, welche Stationen ein Datenpaket bis zum Ziel nimmt.
Tracert -d: This option prevents tracert from resolving IP addresses to hostnames, often resulting in much faster results.
Tracert -h: This tracert option specifies the maximum number of hops in the search for the target. If you do not specify MaxHops, and a target has not been found by 30 hops, tracert will stop looking.
Tracert -6: This option forces tracert to use IPv6 only.


Beschr­eibung: Den Host-Namen eingeben kann und dann dessen dazuge­hörige IP-Adresse erhält. Ein sogena­nnter Reverse Lookup ist ebenfalls möglich, um den Host-Namen zu einer bestimmten IP-Adresse zu finden.
nslookup (ENTER) dann domain­nam­e.xy: gibt die grundl­egenden Ergebnisse aus
set q=any (ENTER) - legt fest, dass so viele Ergebnisse wie möglich angezeigt werden
set q=mx (ENTER) - legt fest, dass alle Einste­llungen für Mail angezeigt werden.


Beschr­eibung: MBSA (Microsoft Baseline Security Analyzer) ist ein kosten­loses Werkzeug, das Windows auf Sicher­hei­tsl­ücken unters­ucht. Es soll etwa typische sicher­hei­tsr­ele­vante Fehlko­nfi­gur­ationen in Micros­oft­-Pr­odukten und Windows ausfindig machen. Außerdem überprüft es, ob alle aktuellen Sicher­hei­tsu­pdates vorhanden sind. Das Programm kann ohne Gültig­kei­tsp­rüfung bei Microsoft herunt­erg­eladen werden
-qp: This switch instructs MBSA to not show scan progress.
-u: This switch lets you specify the user name of an admini­str­ato­r-level user on the target comput­er(s).
-nd: This switch instructs MBSA to not download any files from the Microsoft Web site when performing a scan. In other words, it instructs MBSA to perform the scan like it would in offline mode.

Nirsoft wnetwa­tcher

Beschr­eibung: Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.
/cfg <Fi­len­ame­>: Start Wireless Network Watcher with the specified config­uration file. For example: WNetWa­tch­er.exe /cfg "­c:­\con­fig­\wn­w.c­fg" WNetWa­tch­er.exe /cfg "­%Ap­pDa­ta%­\WN­etW­atc­­g"
/stext <Fi­len­ame­>: Scan your network, and save the network devices list into a regular text file.
/shtml <Fi­len­ame­>: Scan your network, and save the network devices list into HTML file (Horiz­ontal).


Beschr­eibung: ipconfig ist ein Befehl des Betrie­bss­ystems Microsoft Windows die Hardwa­rea­dressen bzw. die IP-Adr­essen der im lokalen Netzwerk verwen­deten Geräte anzeigt.
ipconfig -all: Show detailed inform­ation
ipconfig -renew: renew all adapters
ipconfig -flushdns: Clears the contents of the DNS resolver cache.

Windows Perfor­mance Analyzer

Beschr­eibung: WPA is a powerful analysis tool that combines a very flexible UI with extensive graphing capabi­lities and data tables that can be pivoted and that have full text search capabi­lities. WPA provides an Issues window to explore the root cause of any identi­fied.
CTRL+O: Open a new trace or session
CTRL+G: Show and navigate to Graph Explorer
F1: Open WPA help site


Beschr­eibung: This website can do Tests on every domain to test, if the are legit etc..
Blacklist: The blacklist check will test a mail server IP address against over 100 DNS based email blacklists
SMTP Diagno­stics: This test will connect to a mail server via SMTP, perform a simple Open Relay Test and verify the server has a reverse DNS (PTR) record.
Domain Health: The Domain Health Check will execute hundreds of domain­/em­ail­/ne­twork perfor­mance tests to make sure all of your systems are online and performing optimally


Beschr­eibung: Pathping ist ein erweit­erter Window­s-B­efehl zu Tracert und Ping. Im Gegensatz zu Tracert liefert Pathping detail­lierte Inform­ationen über die Weiter­leitung der Pakete zu den einzelnen Rechnern
PathPing -n: Does not resolve addresses to host names.
Pathping -p: Number of millis­econds to wait between pings.
Pathping -T: Attaches a layer 2 priority tag to the packets and sends it to each of the network devices in the path. This helps in identi­fying the network devices that do not have layer 2 priority configured properly. The -T switch is used to test for Quality of Service (QoS) connec­tivity.


Beschr­eibung: TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connec­tions.
Using Tcpvcon: Tcpvcon usage is similar to that of the built-in Windows netstat utility:
-a: Show all endpoints (default is to show establ­ished TCP connec­tions).
-n: Don't resolve addresses.

Sysint­ernals Process Explorer

Beschr­eibung: Process Explorer shows you inform­ation about which handles and DLLs processes have opened or loaded.
-l: Dump the sizes of pagefi­le-­backed sections.
-r: Flag DLLs that relocated because they are not loaded at their base address.
-t: Show process tree.


Beschr­eibung: Eine Routin­gta­belle (auch Routing Inform­ation Base) enthält Angaben zu möglichen Wegen, zum „optim­alen“ Weg, zum Status, zur Metrik, d. h. dem Bewert­ung­sma­ßstab des Weges, und zum Alter. Grundlage ist die Verknü­pfung der Ziel-I­P-A­dresse mit einer Richtu­ngs­angabe in Form des Folger­outers und des Interf­aces, über den der Paketstrom zu lenken ist.
Route -f: Clears the routing table of all gateway entries. If this is used in conjun­ction with one of the other commands, the tables are cleared prior to running the command.
Route -Print < destin­ation >: Prints a route to the specified host. Option­ally, prints the routes for the specified destin­ation.
Route -Change <de­sti­nat­ion> Mask <ne­tma­sk> <ga­tew­ay> Metric <me­tri­c> if <in­ter­fac­e>: Modifies an existing route.

Windows Perfor­mance Toolkit

Beschr­eibung: The Windows Perfor­mance Toolkit consists of two indepe­ndent tools: Windows Perfor­mance Recorder (WPR) and Windows Perfor­mance Analyzer (WPA). In addition, support is maintained for the previous comman­d-line tool, Xperf. However, Xperfview is no longer supported. All recordings must be opened and analyzed by using WPA.
IContr­olE­rro­rInfo: Provides functions that obtain inform­ation about errors that occur when the control manager performs an operation.
IOnOff­Tra­nsi­tio­nMa­nager: Enables the client to store the profiles of the IProfi­leC­oll­ection to the registry for boot tracing.
IProfile: Represents an individual profile that the client controls.

Microsoft Assessment and Planning Toolkit

Beschr­eibung: The Microsoft Assessment and Planning Toolkit makes it easy to assess your current IT infras­tru­cture for a variety of technology migration projects. This Solution Accele­rator provides a powerful inventory, assess­ment, and reporting tool to simplify the migration planning process.
How to run MAP tool: - Open MAP tool - Create inventory database which will be used to save inventory data and collected statistics inside it when working with the MAP tool , by default SQL express is installed by default when installing MAP tool , SQL express is used to host the inventory database. - After creating the database. the MAP console launches giving the option to select your Inventory scenario , since MAP tool can be used to target different scenarios like SQL database consol­ida­tion, VM migration, windows upgrade, lync readiness check, etc…

Support Cheatography!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.