Tool
|
Use
|
| Netstat.exe |
Displays protocol statistics and current TCP/IP network connections. |
| Arp.exe |
Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). |
| Net.exe |
Net used with [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] allows user to stop and start services, add remove users, etc. |
| Nbtstat.exe |
Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). |
| Route.exe |
Manipulates network routing tables. |
| Cmd.exe |
Starts a new instance of the Windows XP command interpreter |
| Fport.exe |
TCP/IP Process to Port Mapper |
| Handle.exe |
This handy command-line utility will show you what files are open by which processes, and much more. |
| Pslist.exe |
Process Information Lister |
| Psinfo.exe |
local and remote system information viewer |
| Psloggedon.exe |
Logon Session Displayer |
| Listdlls.exe |
DLL lister Lists executable and the DLLs that support them |
| Filemon.exe |
Filemon is an application that monitors and displays all file system activity |
| Ntfsinfo.exe |
Sdisplays NTFS information |
| Portmon.exe |
Portmon is an application that lets you monitor serial and parallel activity on your local system, or any computer on the network that you can reach via TCP/IP |
| Processexplorer.exe |
Process Explorer shows you information about which DLLs processes have loaded and which handles they have opened. |
| Regmon.exe |
Regmon is an application that monitors and displays all Registry activity on a system. |
| Tcpview.exe |
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the owning process name, remote address and state of TCP connections. |
| Tdimon.exe |
TDImon is an application that lets you monitor TCP and UDP activity on your local system. It is the most powerful tool available for tracking down network-related configuration problems and analyzing application network usage. |
| Tokenmon.exe |
The security activity Tokenmon monitors includes the following-Logon/logoff, Enabling and disabling of privileges, Impersonation, Process creation/exit |
| MD5sum.exe |
Print or check MD5 checksums. |
| PromiscDetect.exe |
Checks for possible sniffer activity on the local box |
| Nc.exe (Netcat) |
utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. |
| Dumpreg.exe |
Somarsoft DumpReg is a program for Microsoft Windows that will dump registry values in an easy-to-use listbox. Options include finding all registry key or values whose name or data matches a specified string, filtering so only the matching items are shown, copying to the clipboard, printing. For Windows NT, the time of last modification is shown and there is an option to sort by time, which makes it easy to find recently modified registry entries. |
| DumpACL.exe |
Somarsoft DumpAcl is a security auditing program for Microsoft. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpAcl also dumps user, group and replication information. DumpAcl is a must-have product for Windows NT systems administrators and computer security auditors. |
| MD5.exe |
Integrity file checker – gets the hash of a file and after transport to ensure image integrity |
| DD.exe |
dd reads and writes data by blocks, and can convert the data between formats. dd is frequently used for devices such as tapes which have discrete block sizes, or for fast multi-sector reads from disks. The conversions can accommodate computers that require de-blocking, conversion to/from EBCDIC and fixed length records. |
