Top 10 Commands You Will Use Every Day in Tech Support

Specific commands are the bread and butter of daily operations in technical support and cyber security specialists. Here's an expanded look at the top 10 commands for Windows and Linux that I fell every Tech Support specialist should know, complete with their functions and sample outputs:

ping

This command tests connectivity with another network host. It sends packets and waits for a response, indicating whether the host is reachable.
Example: ping www.example.com might return

Reply from 93.184.216.34: bytes=32 time=76ms TTL=56.

Let's look at the output of the command

Reply from 93.184.216.34: This indicates that the IP address 93.184.216.34 responded to a network request. The IP address is a unique identifier for a device on a network.

bytes=32: This specifies the size of the data packet sent in the reply. In this case, it’s a 32-byte packet.

time=76ms: The response time in milliseconds (ms) indicates how long it took for the reply to reach the sender. In this case, it took approximately 76 milliseconds.

TTL=56: The Time to Live (TTL) value represents the number of hops (routers or devices) the packet can pass through before being discarded. A TTL of 56 means the packet can traverse up to 56 hops.

netstat

This command is essential for monitoring network connections. It displays incoming and outgoing connections and routing table information.
Example: netstat -a will list all ports and their respective states.

Let’s explore installing the netstat command on Linux and provide practical examples.

Windows netstat

The netstat command provides network statistics and information about active connections on a Windows system. It displays local and foreign addresses, protocol, state, and port numbers. Useful for diagnosing network issues, monitoring connections, and identifying open ports.

Basic Usage:

To display all active connections (both TCP and UDP), open a Command Prompt and type:

netstat

Example Output (partial):

Active Connections

Explanation:

Proto: Protocol of the connection (TCP or UDP).

Local Address: IP address and port of the local end.

Foreign Address: IP address and port of the remote end.

State: Connection state (e.g., ESTABLISHED, LISTENING).

ESTABLISHED: This state indicates an active connection between the local and remote hosts.

Data can flow freely in both directions.

For example, when browsing a website, your computer establishes an ESTABLISHED connection with the web server.

LISTENING: This state applies to server applications waiting for incoming connections.

When a server process is listening, it’s ready to accept new connections.

For instance, a web server (like Apache or Nginx) listens on port 80 for incoming HTTP requests.

Advanced Options:

You can filter by protocol (TCP or UDP) and display additional information.

For example:

To list only listening ports: netstat -an | find "LISTENING"

To show detailed statistics: netstat -s

Remember, netstat is a powerful tool for network analysis and troubleshooting on Windows systems. 🌐🔍

Linux Installing Netstat:

The netstat command is part of the net-tools package. On modern Linux systems, it often comes pre-installed. However, if you encounter an error like bash: netstat: command not found, you can install it using the following commands based on your distribution:

Debian, Ubuntu, and Mint:

sudo apt install net-tools

RHEL, CentOS, Fedora, and Rocky/AlmaLinux:

sudo yum install net-tools

Gentoo Linux:

sudo emerge -a sys-apps/net-tools

Alpine Linux:

sudo apk add net-tools

Arch Linux:

sudo pacman -S net-tools

OpenSUSE:

sudo zypper install net-tools

Once installed, you can check the version of netstat using:

netstat -v

Practical Examples of Netstat Usage:

Viewing the Network Routing Table: To display the network routing table, use the -r flag:

netstat -nr

Display Network Interface Statistics: To get statistics for a network interface, use the -i flag:

netstat -ai

Show Network Connections: To list active network connections, use the -ant options:

netstat -ant

Show Network Services: To list services, their states, and corresponding ports, run:

netstat -pnltu

tracert/traceroute

This command helps identify issues in the network by revealing the path packets take to reach a host and displaying the response times from each intermediate router. It’s a valuable tool for diagnosing connectivity problems and understanding the network topology.
Example: tracert www.example.com can show each hop and the time taken to get there.

The traceroute command identifies the slow leg of a network packet’s journey and helps troubleshoot sluggish connections.

It reveals the path packets take from your computer to a destination server, showing intermediate hops (routers).

By sending packets to each router, it measures the time from origin to destination.

How It Works:

traceroute uses TCP/IP and sends UDP packets.

Each packet has a Time to Live (TTL) field (an eight-bit integer).

As packets travel, the TTL counter decreases at each hop.

If TTL reaches one, the router decrements it to zero, discards the packet, and sends an ICMP Time Exceeded message back.

The message contains the original header and part of the original packet’s data.

Output Explanation:

Tracing route to google.com [172.217.12.238]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 5 ms 4 ms 4 ms 10.0.0.1
3 10 ms 9 ms 9 ms 203.0.113.1
4 20 ms 19 ms 18 ms 72.14.233.85
5 19 ms 19 ms 19 ms 172.217.12.238

Displays routers (hops) to the destination.

Shows IP address, hostname (if available), and round-trip time.

Round-trip time helps identify bottlenecks or delays.

Installation on Linux:

Debian/Ubuntu/Mint:

sudo apt install traceroute

Fedora/CentOS/RHEL:

sudo yum install traceroute

Use traceroute followed by an IP address or URL to trace the route.

Remember that traceroute is valuable for diagnosing network issues and understanding packet paths.

nslookup

This command queries the DNS to obtain a domain name or IP address mapping, which helps troubleshoot DNS problems. Rember, it is always DNS until its not DNS 😄

The nslookup command is a powerful tool for querying Domain Name System (DNS) records. It helps you obtain information related to domain names, IP addresses, and other DNS-related details. Whether troubleshooting DNS issues or exploring domain records, nslookup it is your go-to utility.
Example: nslookup www.example.com might return Server: dns1.example.com Address: 93.184.216.34.

Let’s delve into the nslookup command its purpose and provide example outputs.

How to Use nslookup:

To start an interactive session, simply type:

nslookup

You’ll see a prompt where you can enter domain names or IP addresses to query. For example:

> www.google.com

Non-Interactive Mode:

In non-interactive mode, you can issue single queries directly from the command line:

nslookup google.com

> www.google.com
Server:  UnKnown
Address:  192.168.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4009:80a::200e
          172.217.164.142

Common Options:

-type=a: View information about DNS A address records (IPv4 addresses).

-type=mx: Get Mail Exchange (MX) server information.

-type=ns: View Name Server records.

-type=ptr: Used in reverse DNS lookups to view Pointer records.

-type=soa: View Start of Authority records.

Example Output:

Let’s say we query the IP address for jimgogarty.com

Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	jimgogarty.com
Address: 98.71.32.86

Here’s what the output means:

Server: The DNS server that was queried (usually your local DNS server).

Non-authoritative answer: The response is from a server not directly associated with the domain.

Name: The domain name queried.

Addresses: The IP address associated with example.com (in this case, 98.71.32.86).

ipconfig / IP

These commands display all current TCP/IP network configuration values and can be used to renew an IP address or flush DNS.

Windows: ipconfig

The ipconfig command is commonly used in Windows for network administration. It provides information about your network configuration, including IP addresses, subnet masks, default gateways, etc. Here are some examples of using ipconfig:

The ipconfig command is used to display information about your network configuration.

By default, it shows your IP Address, Subnet Mask, and default gateway.

You can use additional parameters to get more detailed information about your network adapters.

For example, running ipconfig /all provides comprehensive details for each adapter, including the MAC address, DHCP status, DNS servers, and more.

ipconfig /flushdns:

This command clears and resets the DNS Resolver Cache.

It helps troubleshoot DNS problems by ensuring future requests use fresh DNS information.

After executing this command, your computer will fetch updated DNS data when accessing websites.

ipconfig /release:

The /release parameter sends a DHCPRELEASE message to the DHCP server.

It discards the current IP address configuration and marks the old client’s IP address as available. Helpful in resetting or refreshing network settings.

If DHCP is enabled, you can request a new IP address from the DHCP server after releasing the old one.

ipconfig /renew:

The /renew parameter renews the DHCP configuration for all adapters.

After releasing the old IP address, this command requests a new IP address from the DHCP server. It helps obtain a fresh IP address for your network connection.

Remember, these commands are essential for managing network settings and troubleshooting connectivity issues. I recommend using them together when facing local computer server issues.

Linux: ip Command

In Linux, the equivalent command for displaying IP configuration is the ip command. It provides similar functionality to ipconfig. Here are some examples using the ip command:

To display IP addresses and related network information for all interfaces (equivalent to ipconfig /all on Windows):

ip a

To view the default gateway IP address (similar to ipconfig /all showing the default gateway on Windows):

ip r

To show only IPv4 or IPv6 addresses:

ip -4 a   # Show IPv4 addresses

To display information for a specific interface (e.g., enp0s3):

ip a show enp0s3

To show information only for active interfaces (omit down interfaces):

ip link ls up

To assign an IP address to an interface (e.g., setting IP address 192.168.1.150 with subnet mask 255.255.255.0 on enp0s3):

sudo ip a add 192.168.1.150/24 dev enp0s3

To remove a previously assigned IP address from an interface:

sudo ip a del 192.168.1.150/24 dev enp0s3

tasklist / ps

Viewing all currently running processes on your system is crucial for identifying unwanted or malicious tasks.
Example: tasklist on Windows lists all running processes with their PID.

Windows: tasklist

Purpose:

The tasklist command provides a list of currently running processes on a Windows system.

It displays the Image Name (program name), Process ID (PID), and Memory Usage for each task.

By default, it shows a table with several columns of information.

Basic Usage:

To list all running processes, enter tasklist Into the command prompt:

tasklist

Customizing Output:

You can change the output format using the /fo option:

/fo table: Default format (table).

/fo list: Displays a list of processes.

/fo csv: Outputs in CSV format (useful for scripting).

Example Output:

Here’s a partial example of the default output:

Image Name                     PID Session Name        Session#    Mem Usage

Linux: ps

The ps command in Linux displays information about running processes.

It provides details such as the Process ID (PID), TTY, CPU time, and more.

There are various options to customize the output.

Basic Usage:

To list all processes in the current shell:

ps

Customizing Output:

Use options to display specific information (e.g., ps -ef for a detailed list).

Common options:

-e: Show all processes.

-f: Full-format listing.

-u: Display user-oriented format.

Example Output:

Here’s a simplified example:

  PID TTY          TIME CMD
 1432 pts/1    00:00:00 bash
 1473 pts/1    00:00:00 ps
 2638 pts/1    00:00:00 sshd
 2659 pts/1    00:00:00 vim

PID: Process ID of the task.

TTY: Terminal type that the user is logged into.

TIME: Cumulative CPU time.

COMMAND: Command name or command line that started the task.

chkdsk

These commands check the integrity of your filesystem and fix logical file system errors, which is vital for system health.
Example: chkdsk C: on Windows checks the C drive for errors.

Windows: chkdsk

The chkdsk command checks and repairs file system errors on Windows drives.

It scans for logical and physical errors, fixes issues, and recovers data from bad sectors.

You can use it to verify and repair the integrity of your hard drive.

Basic Usage:

To check the C: drive, fix errors, recover data from bad sectors, and display a full report, type:

chkdsk C: /f /r /x

The command will scan the drive, fix problems, and recover data from any bad sectors.

Example Output:

Stage 1: Examining basic file system structure...

net user / passed

Authorised access to systems must be ensured to manage user accounts and passwords.
Example: net user username on Windows displays information about the user's account.

Windows: net user

Purpose:

The net user command manages user accounts on Windows systems.

It allows you to create, modify, and delete user accounts.

Common usage:

net user <username> <password> /add

Example Output:

The command completed successfully.

Linux Equivalent: passwd

The passwd command in Linux allows you to change user passwords, lock accounts, and expire passwords.

It works on the /etc/passwd file, where changes are reflected.

Passwords are stored in encrypted form in the /etc/shadow file.

Example Usage:

To change your own password:

passwd

To create a root password (requires sudo privileges):

sudo passwd root

To change another user’s password (as root or with sudo):

sudo passwd <username>

To check a user’s password status:

sudo passwd -S <username>

Example Output:

<username> P 06/13/2020 0 99999 7 -1

sfc / scannow

This command scans and repairs system files, a preventative measure against system corruption.
Example: Running sfc /scannow on Windows will scan protected system files and replace incorrect versions.

Windows: sfc /scannow

The sfck /scannow command is used to scan and verify the integrity of all protected system files on a Windows system.

It replaces incorrect versions of system files with correct versions from the system’s cache.

It restores the correct version if it detects a protected file overwritten.

Basic Usage:

Open a Command Prompt as an administrator.

Run the following command:

sfc /scannow

Example Output:

Beginning system scan. This process will take some time.

Linux Equivalent: fsck

The fsck command in Linux checks and repairs file system errors.

It works with various file system types (e.g., ext4, ext3, XFS).

Use it to verify and fix issues with your partitions.

Basic Usage:

To check and repair the file system on /dev/sda1, run:

sudo fsck /dev/sda1

Example Output:

/dev/sda1: clean, 100/131072 files, 25000/524288 blocks

gpupdate / gpresult:

To manually refresh Group Policy settings and display policy information to ensure policies are applied correctly.
Example: gpupdate /force on Windows forces a Group Policy update.

Windows: gpupdate /gpresult

The gpupdate command is used to refresh Group Policy settings on a Windows system.

It forces an immediate update of Group Policy settings, including user and computer policies.

Common usage:

gpupdate /force

gpresult:

The gpresult command displays a user or computer's Resultant Set of Policies (RSOP).

It shows which Group Policy settings are applied and their source (Local, Site, Domain, or Organizational Unit).

Usage:

gpresult /r

Example Output (partial):

User Configuration

Linux Equivalent: systemd and pam (for some aspects)

systemd:

In Linux, systemd manages system services, including startup scripts and daemons.

It doesn’t directly correlate with Group Policy, but it handles service management.

For example, to restart the httpd service:

sudo systemctl restart httpd

pam (Pluggable Authentication Modules):

pam provides authentication and authorization services.

It doesn’t directly mirror Group Policy, but it controls user access and authentication.

For example, to configure password policies:

sudo nano /etc/security/pwquality.conf

In conclusion, the commands discussed in this post are indispensable tools for anyone in the tech support and cybersecurity fields. Mastering these commands can significantly enhance your ability to diagnose and resolve issues swiftly, ensuring smooth and secure operations. Whether you’re a seasoned professional or just starting, incorporating these commands into your daily routine will equip you with the skills necessary to tackle the challenges of the digital world. Keep exploring, practising, and updating your command knowledge to stay ahead in the ever-evolving landscape of technology.