The command line is a boon when you know what you’re doing. Sometimes you simply don’t have the time to figure out pretty interfaces and buttons and you just want to bang out a few commands and have the computer respond.
Well, Windows has a veritable encyclopedia of commands but there are only a few that are essential.
There are multiple reasons why you should become a command line advocate; besides the fact that it’ll make you look (and feel) like a bonafide geek, you can actually execute common tasks faster at the command line – especially as you become conversant with it.
Whether you want to flaunt the latest command line tricks to your boss or are simply trying to view network information, here is my top 10 list of windows commands that you absolutely have to know.
I love pathping.
If tracert and ping made love they would produce a pathping baby.
Pathping gives you the best from both commands in a nice, succinct package. It traces the path between hosts and chronicles the results over time so you can see each device between you and your destination. It also shows the IP of each hop along the way.
Of course, this assumes no organizations are blocking ICMP packets (many do especially at the network edge); however, even tracert can’t circumvent this apparent liability so there’s no real advantage to using tracert.
In my example below, you can see pathping resolved fixedbyvonnie.com but stopped at 10.0.2.2 which is my default gateway. The next hop doesn’t respond to ICMP packets so I received asterisks where the IP should be. Try it on your computer to see what you get; your results will probably differ.
nslookup (short for nameserver lookup) is a classic command adored by geeks near and far. It finds name server information by sending a query to the Domain Name Server (DNS) designated for your home or business. If you want the nitty gritty about how DNS works, see the article I wrote about DNS.
Just enter nslookup followed by the hostname to resolve and you’ll see the hostname and IP of your Domain Name server followed by the resolved IP address of the destination.
Everyone knows ipconfig gives you basic IP information; and sometimes that’s all you want. Other times you need verbose output so you enter ipconfig /all and – well – that’s great and all; however, few people know about the furtive netsh command and the power it yields to those who respect it.
netsh interface ip show config
This command is almost identical to ipconfig except I like the output a little better.
The stuff I really care about such as whether or not DHCP is enabled, the IP address, Subnet Mask, Default Gateway and DNS information is all there grouped by adapter. I feel ipconfig inundates me with too much information so sometimes I like using the netsh option.
On the flip side, one annoyance with netsh is that I don’t get the MAC address but the real purpose of netsh interface ip show config isn’t to replace ipconfig; it’s just an alternate means of displaying network info.
In the screen shot below I highlighted the command in yellow to make it easy to see where the output starts.
Netstat is great command to run when you think you have malware on your computer. If there’s a Trojan or Bot sitting on your computer then it must open a port in a TCP/IP state called LISTENING so it can await remote commands from the attacker. To view all ports on your system enter this command:
or if you want to see everything add the b switch to show each executable involved in creating the connection.
Now you can see all connections and listening ports along with the process ID and .EXE file associated with the connection. If you suspect your computer has been compromised research the executable or process name in Google to see what other people have said about it. The other thing you can do is compare the netstat output with a known working system and research the differences.
As an aside, since bano is bathroom in Spanish I never forget that netstat -bano shows me all the digital dirt on my system. It’s a helpful mnemonic.
Speaking of Malware, when scrutinizing aberrant files, the System File Checker (sfc) is also a good tool to have on your belt. If your system is exhibiting anomalous behavior or if you’ve recently received file corruption errors then you should run sfc.
SFC scans the integrity of all protected system files and replaces incorrect versions with the right Microsoft versions. When teemed with the /scannow switch, SFC takes its best shot at repairing problem files.
Depending on the size of your hard drive it can take several hours to complete so sometimes it’s best to run it overnight.
When you need to see a list of all your system drivers use driverquery. This command completes in seconds.
You can also output the list to a pretty spreadsheet by using this little trick:
driverquery /fo csv > my-drivers.xlsx
My driver list now resides in C:\Windows\system32 but it may vary for you. driverquery simply dumps the output in the directory the command was executed from.
As a general rule of maintenance you can run the File Signature Verification tool to help maintain the integrity of your computer. Any core files that are essential to system operation are digitally signed so that changes can be easily detected.
A digital signature is a math formula designed to prove the authenticity of a digital message. If the digital signature checks completes OK then you can have a high level of confidence that the file wasn’t altered and thus has integrity.
At the end of the report it’ll display a list of any files that haven’t been digitally signed, the full path to those files, along with the version number and last modified date. You should research any unsigned drivers to see if you can uninstall or update them.
Besides having the coolest name on the list, cipher is actually one of the best kept secrets of the command line. In addition to letting administrators encrypt and decrypt drive data, it actually lets you overwrite deleted data rendering it virtually irrevocable. Whenever you delete a file on a traditional hard drive the data isn’t really zapped from the disk; vestiges of it still remain. The only thing that really happens is that the deleted data is deallocated and therefore made available for use when new data is written to the hard drive.
The deleted data isn’t really deleted. You can prove this by using free data recovery software like Recuva . As long as the data isn’t overwritten it can be easily restored.
On a side note, this isn’t applicable if you have a Solid State Drive. You can read my article about SSDs if you really want to know why.
But I digress, cipher is a quick and easy fix to make unauthorized recovery of your data very hard (not impossible but extremely arduous).
When you’re ready to nuke your drive here’s the metaphorical big red button:
Use with caution:
Sure you could press Ctrl + Alt + Del to conjure up the Windows Task Manager but the command line has much too alluring.
To see a list of all running tasks on your PC enter this command:
tasklist/fi "STATUS eq running"
This says, “show me a list of tasks that currently have a status of running”.
You can also see all your frozen applications too:
tasklist/fi "STATUS eq not responding"
When you find the obdurate process that’s locking up your computer use taskkill to kill it.
The PID switch kills a task by Process ID (PID) and taskkill /im kills a task by image name which is the file name of the application.
In the graphic above I highlighted the image name iexplorer.exe so you could see how I knew to kill PID 3880.
The Bottom Line
The command line is a veritable swiss army knife for Windows IT professionals. It’s there when we need it but sometimes we wish it could do more. In this article I illustrated 10 sure fire ways to make the command line work for you.
In the comments, let me know of any other commands you use that I didn’t mention here. I listed my favorites but you might have others that can benefit the group.