Mission Operations & Analysis
🛠️ Operations Tools
🖥️ Command Generator Network Connectivity
Using Test-NetConnection to test connectivity, trace route, and perform detailed diagnostics Using ping to check network connectivity and measure latency Using tracert to trace the route packets take to a network host Using pathping to combine features of ping and tracert Using nmap for network exploration and security auditing Using telnet to test TCP connections to specific ports
// Tests basic TCP connectivity to www.example.com on port 80
Test-NetConnection -ComputerName www.example.com -Port 80
// Performs a trace route to www.example.com
Test-NetConnection -ComputerName www.example.com -TraceRoute
// Tests connectivity and provides detailed diagnostic information
Test-NetConnection -ComputerName www.example.com -InformationLevel Detailed
// Checks connectivity to www.example.com with a specific source address
Test-NetConnection -ComputerName www.example.com -Source '192.168.1.2'
// Verifies if ICMP Echo Request messages (pings) are allowed
Test-NetConnection -ComputerName www.example.com -CommonTCPPort HTTP
// Sends 4 echo requests to www.example.com
ping www.example.com
// Sends a ping with the specified number of echo requests
ping -n 10 www.example.com
// Sends a ping with larger packets
ping -l 128 www.example.com
// Pings the host until stopped
ping -t www.example.com
// Specifies a timeout (in milliseconds) for each reply
ping -w 500 www.example.com
// Traces the route to www.example.com
tracert www.example.com
// Traces the route and bypasses the DNS resolution for each hop
tracert -d www.example.com
// Specifies the maximum number of hops in the route search
tracert -h 30 www.example.com
// Traces the route using IPv6 addresses
tracert -6 www.example.com
// Traces the route and uses large packets
tracert -l 100 www.example.com
// Combines the features of ping and tracert to www.example.com
pathping www.example.com
// Specifies the number of pings per hop
pathping -q 10 www.example.com
// Specifies the timeout for each ping
pathping -w 5000 www.example.com
// Specifies the number of hops to trace
pathping -h 25 www.example.com
// Performs the pathping without resolving addresses to names
pathping -n www.example.com
// Scans the host for open TCP ports
nmap -p 1-65535 www.example.com
// Performs a fast scan
nmap -F www.example.com
// Detects OS and services
nmap -A www.example.com
// Scans using a specific network interface
nmap --interface eth0 www.example.com
// Outputs the scan in XML format
nmap -oX scan_results.xml www.example.com
Basic DNS querying using nslookup Using nslookup to query all records associated with a domain Using nslookup to check delegation and server information Using PowerShell to perform DNS lookups Using dig (Windows Subsystem for Linux or third-party tool) for advanced DNS queries Using ipconfig to flush and display DNS resolver cache
// Queries the IP address for www.example.com
nslookup www.example.com
// Uses a specific DNS server to query the IP address for www.example.com
nslookup www.example.com 8.8.8.8
// Queries the MX records for example.com
nslookup -query=mx example.com
// Queries the SOA record for example.com
nslookup -type=soa example.com
// Performs a reverse DNS lookup for an IP address
nslookup 192.168.1.1
// Queries all records for example.com
// Queries all records for example.com
nslookup -query=any example.com
// Enters interactive mode with nslookup
nslookup
> set type=any
> example.com
> exit
// Checks DNS server details and zone delegation for example.com
nslookup -type=ns example.com
// Uses nslookup in debug mode to get detailed information
nslookup -debug example.com
// Performs a DNS lookup using PowerShell
Resolve-DnsName www.example.com
// Retrieves MX records using PowerShell
Resolve-DnsName -Type MX example.com
// Retrieves TXT records for domain verification
Resolve-DnsName -Type TXT example.com
// Performs a detailed DNS lookup including DNSSEC details
Resolve-DnsName -Name example.com -DnssecOk
// Retrieves all DNS records associated with the domain
Resolve-DnsName -Type ALL example.com
// Performs a basic DNS query using dig
dig www.example.com
// Queries a specific type of record with dig
dig example.com MX
// Performs a reverse DNS lookup using dig
dig -x 192.168.1.1
// Uses dig to trace the path of the DNS query
dig +trace www.example.com
// Performs a DNS query specifying a particular DNS server
dig @8.8.8.8 www.example.com
Basic usage of curl to make HTTP requests Using curl to handle cookies and sessions Testing HTTPS connections with curl Using curl to upload files to a server Using curl to download files Using PowerShell's Invoke-WebRequest as an alternative to curl for HTTP requests Using PowerShell's Invoke-RestMethod for API interaction
// Makes a simple GET request to a web page
curl http://www.example.com
// Uses curl to make a GET request and display headers
curl -I http://www.example.com
// Makes a POST request with curl
curl -d 'login=username&password=password' -X POST http://www.example.com/login
// Sends a DELETE request using curl
curl -X DELETE http://www.example.com/resource
// Makes a GET request with headers using curl
curl -H 'Accept: application/json' -H 'Content-Type: application/json' http://www.example.com/api
// Saves cookies received during a session to a file
curl -c cookies.txt http://www.example.com
// Uses a cookie file for subsequent requests
curl -b cookies.txt http://www.example.com
// Makes a request using both cookie save and load
curl -b cookies.txt -c new_cookies.txt http://www.example.com
// Accesses an HTTPS site without verifying the SSL certificate
curl -k https://www.example.com
// Makes a secure HTTPS request verifying the SSL certificate
curl --cacert path/to/certfile https://www.example.com
// Uploads a file using POST
curl -F 'file=@path/to/localfile' http://www.example.com/upload
// Uploads a file with PUT
curl -T path/to/localfile http://www.example.com/destination
// Downloads a file and saves it locally
curl -o localfilename http://www.example.com/remotefile
// Downloads a file with the original filename
curl -O http://www.example.com/remotefilename
// Makes a basic GET request
$response = Invoke-WebRequest -Uri http://www.example.com
// Posts data to a web service
$postData = @{username='user'; password='pass'}
$response = Invoke-WebRequest -Uri http://www.example.com/login -Method Post -Body $postData
// Captures and displays headers of a response
$response.Headers
// Calls a RESTful API to get JSON data
$result = Invoke-RestMethod -Uri http://www.example.com/api/data -Method Get
// Sends data to a RESTful API using POST
$body = @{id=123; value='abc'} | ConvertTo-Json
$result = Invoke-RestMethod -Uri http://www.example.com/api/post -ContentType 'application/json' -Method Post -Body $body
Viewing installed SSL certificates in the local machine store Finding certificates that are about to expire Exporting a certificate to a file Importing a certificate into the local machine store Checking SSL certificate details on a website using PowerShell Verifying the SSL chain of a certificate Using OpenSSL to convert a certificate from DER to PEM format Using OpenSSL to verify a certificate against a CA Using certutil to dump certificate information Using certutil to repair a certificate store Creating a self-signed certificate using PowerShell Using certreq to request certificate installation Using PowerShell to list certificates with a specific key usage Using PowerShell to remove an expired certificate Checking SSL/TLS versions supported by a server using Test-SSL
// Lists all certificates in the LocalMachine store
Get-ChildItem -Path Cert:\LocalMachine\My
// Lists certificates with details
Get-ChildItem -Path Cert:\LocalMachine\My | Format-List -Property *
// Finds certificates expiring in the next 90 days
$threshold = (Get-Date).AddDays(90)
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
$expiringCerts = $certs | Where-Object { $_.NotAfter -lt $threshold }
$expiringCerts
// Exports a certificate to a .cer file
$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Subject -like '*example.com*' }
Export-Certificate -Cert $cert -FilePath 'C:\example.cer'
// Imports a certificate from a file
Import-Certificate -FilePath 'C:\example.cer' -CertStoreLocation Cert:\LocalMachine\My
// Retrieves SSL certificate details from a website
$request = [Net.HttpWebRequest]::Create('https://www.example.com')
$request.ServicePoint | Select-Object Certificate -ExpandProperty Certificate
// Verifies the certificate chain for a given cert
$cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object { $_.Subject -like '*example.com*' }
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
$chain.Build($cert)
// Converts a DER format certificate to PEM
openssl x509 -inform der -in certificate.der -out certificate.pem
// Creates a self-signed certificate
New-SelfSignedCertificate -DnsName 'example.com' -CertStoreLocation 'cert:\LocalMachine\My'
// Requests certificate installation from a CA
certreq -submit -attrib "CertificateTemplate:WebServer" requestfile.inf
// Lists certificates that are valid for server authentication
$certs = Get-ChildItem -Path Cert:\LocalMachine\My
$serverAuthCerts = $certs | Where-Object { $_.Extensions | Where-Object { $_.Oid.FriendlyName -eq 'Key Usage' -and $_.KeyUsages -match 'KeyEncipherment' } }
$serverAuthCerts
Network Configuration
Viewing all network adapters using PowerShell Enabling a network adapter using PowerShell Disabling a network adapter using PowerShell Renaming a network adapter using PowerShell Changing the IP address of an adapter using PowerShell Viewing network adapter properties using the GUI Configuring IP settings via GUI Resetting network settings using Command Prompt Viewing and modifying firewall settings using PowerShell Configuring WiFi settings using GUI Configuring network profiles using PowerShell Managing network routes using Command Prompt Monitoring network traffic using PowerShell Changing DNS settings using the GUI Troubleshooting network issues using PowerShell Setting up bandwidth control using Command Prompt
// Lists all network adapters with status
Get-NetAdapter | Select-Object Name, Status, InterfaceDescription
// Renames a network adapter named 'Ethernet' to 'Local Area Connection'
Rename-NetAdapter -Name 'Ethernet' -NewName 'Local Area Connection'
// Renames a network adapter from 'Ethernet' to 'Primary Ethernet'
Rename-NetAdapter -Name 'Ethernet' -NewName 'Primary Ethernet'
// Sets a static IP address
New-NetIPAddress -InterfaceAlias 'Ethernet' -IPAddress 192.168.1.100 -PrefixLength 24 -DefaultGateway 192.168.1.1
// Sets DNS server addresses
Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses ('8.8.8.8', '8.8.4.4')
// Steps to view properties of a network adapter
Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings
> Right-click an adapter > Status > Details
// Steps to configure IP settings using GUI
Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings
> Right-click an adapter > Properties > Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6)
> Properties > Use the following IP address > Enter IP address, Subnet mask, and Default gateway > OK
// Resets TCP/IP stack to installation defaults
netsh int ip reset
// Flushes DNS resolver cache
ipconfig /flushdns
// Resets Winsock Catalog
netsh winsock reset
// Lists all active firewall rules
Get-NetFirewallRule -Enabled True
// Disable a specific firewall rule
Set-NetFirewallRule -DisplayName 'Rule Name' -Enabled False
// Steps to connect to a WiFi network using GUI
Click the network icon on the taskbar > Select the network SSID > Click Connect
> Enter the network security key > OK
// Sets the network location to private
Get-NetConnectionProfile -InterfaceAlias 'Ethernet' | Set-NetConnectionProfile -NetworkCategory Private
// Adds a static IP route to the routing table
route add 192.168.2.0 mask 255.255.255.0 192.168.1.1
// Deletes a route from the routing table
route delete 192.168.2.0
// Captures and displays packets from a specified interface
netsh trace start capture=yes EthernetInterfaceName=Ethernet
netsh trace stop
// Steps to change DNS server address using GUI
Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings
> Right-click an adapter > Properties > Internet Protocol Version 4 (TCP/IPv4) or Version 6 (TCP/IPv6)
> Properties > Use the following DNS server addresses > Enter Preferred DNS server and Alternate DNS server > OK
Enabling and disabling the Windows Firewall using PowerShell Adding a new inbound firewall rule using PowerShell Configuring firewall to allow an application using PowerShell Removing a firewall rule using PowerShell Modifying an existing firewall rule using PowerShell Enabling and disabling firewall rules using the GUI Creating an outbound rule to block a specific port using the GUI Allowing a program through the firewall using the GUI Viewing active firewall rules using PowerShell Exporting and importing firewall rules using PowerShell Checking firewall status for all profiles using PowerShell Setting firewall profiles (Private, Public, Domain) using PowerShell Logging dropped packets and successful connections using PowerShell Configuring firewall to prevent all outbound connections by default using the GUI Creating advanced firewall rules to handle complex scenarios using PowerShell
// Enables Windows Firewall
Set-NetFirewallProfile -All -Enabled True
// Disables Windows Firewall
Set-NetFirewallProfile -All -Enabled False
// Adds an inbound rule to allow TCP traffic on port 80
New-NetFirewallRule -DisplayName 'Allow HTTP Inbound' -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
// Allows an application through the firewall
New-NetFirewallRule -DisplayName 'Allow MyApp' -Program 'C:\Program Files\MyApp\app.exe' -Action Allow
// Removes a firewall rule named 'Allow HTTP Inbound'
Remove-NetFirewallRule -DisplayName 'Allow HTTP Inbound'
// Modifies an existing rule to change the local port
Set-NetFirewallRule -DisplayName 'Allow HTTP Inbound' -LocalPort 8080
// Steps to enable/disable firewall rules using GUI
Control Panel > System and Security > Windows Defender Firewall > Advanced Settings
> Inbound Rules or Outbound Rules > Right-click a rule > Enable Rule or Disable Rule
// Steps to block a specific port using GUI
Control Panel > System and Security > Windows Defender Firewall > Advanced Settings > Outbound Rules
> New Rule > Port > Specify TCP or UDP and the port number > Block the connection > Finish
// Steps to allow a program through the firewall using GUI
Control Panel > System and Security > Windows Defender Firewall > Allow an app or feature through Windows Defender Firewall
> Change settings > Allow another app... > Browse to the program > Add > OK
// Displays all active firewall rules
Get-NetFirewallRule -Enabled True | Format-Table DisplayName, Direction, Action
// Exports all firewall rules to a file
netsh advfirewall export "C:\firewallrules.wfw"
// Imports firewall rules from a file
netsh advfirewall import "C:\firewallrules.wfw"
// Sets the firewall profile to private and enables it
Set-NetFirewallProfile -Profile Private -Enabled True
// Disables the public firewall profile
Set-NetFirewallProfile -Profile Public -Enabled False
// Enables logging for dropped packets
Set-NetFirewallProfile -Profile Domain -LogDroppedPackets True
// Enables logging for successful connections
Set-NetFirewallProfile -Profile Domain -LogAllowedConnections True
// Steps to set the firewall to block all outbound connections by default using GUI
Control Panel > System and Security > Windows Defender Firewall > Advanced Settings > Windows Defender Firewall Properties
> Outbound connections > Block > OK
// Creates a rule to allow inbound FTP traffic on port 21
New-NetFirewallRule -DisplayName 'FTP Inbound' -Direction Inbound -Protocol TCP -LocalPort 21 -Action Allow
// Creates a rule to block outbound traffic to a specific IP range
New-NetFirewallRule -DisplayName 'Block Outbound to 192.168.1.0/24' -Direction Outbound -RemoteAddress 192.168.1.0/24 -Action Block
Monitoring live network traffic using PowerShell Using Performance Monitor to track network performance Using Wireshark for detailed network packet analysis Using the netstat command to view active connections Configuring Data Collector Set in Performance Monitor for extended monitoring Using Resource Monitor to view network activity Using PowerShell to audit network sessions Monitoring DNS queries and responses on your network Using the pathping command for network path analysis Analyzing network interface performance counters using PowerShell Using TcpView to monitor network connections in real-time Monitoring bandwidth usage using PowerShell Logging packet drops and network errors using Event Viewer Using nmap to scan your network for open ports and service detection Configuring SNMP for network device monitoring Using Netsh to monitor and log network traffic Using BgInfo to display network configuration on desktop Using Microsoft Message Analyzer for advanced network diagnostics Checking network adapter errors using PowerShell Using Advanced IP Scanner to analyze network hosts
// Captures live network traffic from a specific adapter
Get-NetAdapter | Where-Object { $_.Name -eq 'Ethernet' } | Get-NetAdapterStatistics
// Monitors TCP connections in real-time
Get-NetTCPConnection | Format-Table -Property LocalAddress, LocalPort, RemoteAddress, RemotePort, State -AutoSize
// Steps to set up Performance Monitor for network tracking
Start > Type 'Performance Monitor' > Open Performance Monitor > Add counters > Select 'Network Interface'
> Choose counters like Bytes Total/sec, Current Bandwidth > Add > OK
// Guide to capture network packets using Wireshark
Download and install Wireshark > Open Wireshark > Select the network interface
> Click 'Start Capturing Packets' > Apply display filters for specific analysis, e.g., 'ip.addr == 192.168.1.1'
// Displays all active TCP connections
netstat -an | findstr 'ESTABLISHED'
// Shows all listening ports
netstat -an | findstr 'LISTEN'
// Steps to create and start a Data Collector Set
Performance Monitor > Data Collector Sets > User Defined > New > Data Collector Set
> Define the set and add desired counters > Schedule and start collection
// Steps to access and use Resource Monitor for network monitoring
Press Win + R > Type 'resmon' and press Enter > Click on the 'Network' tab to see network activity
// Retrieves detailed information about active network sessions
Get-SmbSession | Format-List -Property *
// Using PowerShell to monitor DNS client events
Get-WinEvent -LogName 'Microsoft-Windows-DNS-Client/Operational' | Where-Object { $_.Id -eq 3008 }
// Collects and displays performance data for network interfaces
$NICs = Get-Counter -Counter '\Network Interface(*)\Bytes Total/sec'
$NICs.CounterSamples | Format-Table -AutoSize
// Steps to use TcpView for real-time network monitoring
Download TcpView from Sysinternals > Run the tool > Observe dynamic display of endpoints and connections
// Measures bandwidth usage per interface
$interfaces = Get-NetAdapterStatistics
foreach ($interface in $interfaces) {
Write-Output "Interface: $($interface.Name)`tReceived: $($interface.BytesReceivedPersec)`tSent: $($interface.BytesSentPersec)"
}
// Viewing network error logs in Event Viewer
Event Viewer > Windows Logs > System > Filter current log > Event sources > Network
// Guide to configure SNMP via PowerShell
Install-WindowsFeature -Name SNMP-Service -IncludeAllSubFeature -IncludeManagementTools
// Configuring SNMP community string
cmd /c 'echo SNMP_COMMUNITY_NAME public > snmp.txt'
cmd /c 'reg import snmp.txt'
// Configures netsh to capture traffic
netsh trace start capture=yes tracefile=C:\network_trace.etl
// Stops the trace
netsh trace stop
// Steps to configure BgInfo to show network settings on desktop
Download BgInfo from Sysinternals > Configure BgInfo to display desired network parameters on desktop >
Apply and set it to run at startup
// Steps to use Microsoft Message Analyzer
Download and install Microsoft Message Analyzer > Open tool and start a new session to capture traffic >
Analyze and view detailed network communications