Monthly Archives: May 2014

Route commands and usages

Dos command route
Command to manually configure the routes in the routing table


ROUTE [-f] [-p] [-4|-6] command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]

-f Clears the routing tables of all gateway entries. If this is
used in conjunction with one of the commands, the tables are
cleared prior to running the command.

-p When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes.This
option is not supported in Windows 95.

-4 Force using IPv4.

-6 Force using IPv6.

command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host.
MASK Specifies that the next parameter is the ‘netmask’ value.
netmask Specifies a subnet mask value for this route entry.
If not specified, it defaults to
gateway Specifies gateway.
interface the interface number for the specified route.
METRIC specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star ‘*’), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The ‘*’ matches any string,
and ‘?’ matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Pattern match is only allowed in PRINT command.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD MASK IF 1
The route addition failed: The specified mask parameter is invalid.
(Destination & Mask) != Destination.


> route PRINT
> route PRINT -4
> route PRINT -6
> route PRINT 157* …. Only prints those matching 157*

> route ADD MASK METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
If IF is not given, it tries to find the best interface for a given
> route ADD 3ffe::/32 3ffe::1


CHANGE is used to modify gateway and/or metric only.

> route DELETE
> route DELETE 3ffe::/32

Command Purpose
add Adds a route.
change Modifies an existing route.
delete Deletes a route or routes.
print Prints a route or routes.

Route add

route add “destination” mask “subnetmask” “gateway” metric “costmetric” if “interface”

route add -p mask metric 2

In simple route add -p mask

Routes added by using the -p option are stored in the Windows registry under the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes

To delete the route to the destination with the subnet mask of, type:

route delete mask

To delete all routes in the IP routing table that begin with 10., type:

route delete 10.*

To change the next hop address of the route with the destination of and the subnet mask of from to, type:

route change mask

Linux route command
Display Existing Routes
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth0

$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth0 UG 0 0 0 eth0

Adding a Default Gateway
$ route add default gw

List Kernel’s Routing Cache Information
$ route -Cn
Kernel IP routing cache
Source Destination Gateway Flags Metric Ref Use Iface 0 0 1 eth0 0 0 0 eth0

Reject Routing to a Particular Host or Network
$ route add -host reject
$ route add -net netmask reject


Memory checks in windows-commanline

Findout Available Local Memory
systeminfo |find “Available Physical Memory”

systeminfo | findstr /C:”Total Physical Memory”

Remote system
systeminfo /s:hostname | findstr “Physical”
systeminfo /s <system> /u <username> /p <password>
wmic /node:”IP” /user:IP\username “MEMPHYSICAL”

Total Memory in system
wmic memorychip get capacity
wmic OS get TotalVisibleMemorySize /Value
wmic computersystem get TotalPhysicalMemory
wmic memphysical list full
wmic memorychip list full

Free memory
wmic OS get FreePhysicalMemory /Value

Note:in xp can use ‘mem’ command

Powershell command
(Get-WMIObject Win32_PhysicalMemory |  Measure-Object Capacity -Sum).sum/1GB

Information about your memory
wmic MemoryChip get BankLabel, Capacity, MemoryType, TypeDetail, Speed

Memorychip information
wmic memorychip list full
wmic memorychip get capacity

TASKLIST displays the process ID number for each running task
Tasklist /M

Find more memory using application
tasklist /fi “memusage gt 1000000”

tasklist /s:IP /fi “memusage gt 1000000”

Powershell command
get-process | where-object {$_.WorkingSet -gt 100000000}

memory healths checks and report
perfmon /report

CPU checks in windows-commandline

CPU load on serevr
c:\>wmic cpu get loadpercentage


C:\>@for /f “skip=1″ %p in (‘wmic cpu get loadpercentage’) do @echo %p%

on remote machine
wmic /node:”serevrname or IP” /user:IP\username cpu get loadpercentage

Get CPU usage on server
C:\Windows\system32>typeperf “\Processor(_Total)\% Processor Time”

“(PDH-CSV 4.0)”,”\\vm\Processor(_Total)\% Processor Time”
“02/01/2012 14:10:59.361″,”0.648721”
“02/01/2012 14:11:00.362″,”2.986384”

Typeperf :-Writes performance counter data to the command window, or to a supported log file format. To stop Typeperf, press CTRL+C.

current usage
typeperf -sc 1 “\processor(_total)\% processor time”

List of all process
typeperf “\Process(*)\% Processor Time” -sc 1

If you want a specific process, Rtvscan for example:

typeperf “\Process(Rtvscan)\% Processor Time” -si 10 -sc 5

collecting 20 samples to a csv file
Typeperf “\Processor(_Total)\% Processor Time” -sc 20 -o c:\users\win7\desktop\Report.csv

Save to a file
typeperf “\Processor(_Total)\% Processor Time” -o CpuUsage.csv


typeperf “\Processor(_Total)\% Processor Time” >> CpuUsage.csv

Processor Information
wmic cpu get caption
x86 Family 6 Model 37 Stepping 2
x86 Family 6 Model 37 Stepping 2

We can get process information using system environment variables also. The environment variables related to CPU are listed below.


x86 x86 Family 6 Model 37 Stepping 2, GenuineIntel 6 2502

Info about your system’s BIOS, current version and it’s serial number
C:\>wmic bios get name,serialnumber,version
Name                                    SerialNumber  Version
Phoenix ROM BIOS PLUS Version 1.10 A04  5xyz6BS       DELL   – 15

Motherboard (that happen to be the name) and it’s UUID
wmic csproduct get name,identifyingnumber,uuid

CPU clock speed
wmic cpu get name,CurrentClockSpeed,MaxClockSpeed

Clock speed every 1 second
wmic cpu get name,CurrentClockSpeed,MaxClockSpeed /every:1

Cache sizes of the CPU
C:\>wmic cpu get L2CacheSize, L2CacheSpeed, L3CacheSize, L3
L2CacheSize  L2CacheSpeed  L3CacheSize  L3CacheSpeed
2048                       0            0

Get process and percentage process time
> wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime

LOad % every 5 sec
C:\>wmic cpu get loadpercentage /every:5

Powershell command
Get-WmiObject Win32_Processor

Any Task runing morethan 10 sec

C:\>tasklist /FI “CPUTIME gt 00:00:10”

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         24 K
csrss.exe                      344 Services                   0      3,300 K
csrss.exe                      408 Console                    1     15,836 K
services.exe                   504 Services                   0     10,408 K

Tasklist usage
TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

Name of the running process is “iexplore”
C:\>wmic path win32_perfformatteddata_perfproc_process wher
e Name=”iexplore” get Name, Caption, PercentProcessorTime, IDProcess /format:lis


C:\>wmic path win32_perfformatteddata_perfproc_process wher
e (Name=’iexplore’) get Name, Caption, PercentProcessorTime, IDProcess /format:lis


Name of the running process
C:\>wmic path win32_perfformatteddata_perfproc_process get
Name, Caption, PercentProcessorTime, IDProcess /format:list




Monitor a process named test.exe

Click on Start, Run, and enter “perfmon”
Click on Performance Logs and Alerts
Click on Counter Logs
Right-click Counter Logs
Click New Log Settings
Enter a log name that makes sense, e.g., Monitor Test.exe CPU
The Counter Log configuration dialog opens
On the General tabl, click Add Counters..
Click “Use local computer counters”
Choose Process for Performance Object
Select % Processor Time for Select counters from list
Select Test from Select instances from list
Click Add
Click Close
For Interval, choose something logical, such as 15 minutes
Click the Log Files tab
Choose a Log File Type of “Text File (Command delimited)”
Choose the file destination directory in Location
Click Ok
Determine whether (and how) you want the log file to rotate with “End file names with..”
Click Ok

Using Netsh

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running.

Usage: netsh [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]Use
rName] [-p Password | *]
[Command | -f ScriptFile]

The following commands are available:

Commands in this context:
? – Displays a list of commands.
add – Adds a configuration entry to a list of entries.
advfirewall – Changes to the `netsh advfirewall’ context.
branchcache – Changes to the `netsh branchcache’ context.
bridge – Changes to the `netsh bridge’ context.
delete – Deletes a configuration entry from a list of entries.
dhcpclient – Changes to the `netsh dhcpclient’ context.
dnsclient – Changes to the `netsh dnsclient’ context.
dump – Displays a configuration script.
exec – Runs a script file.
firewall – Changes to the `netsh firewall’ context.
help – Displays a list of commands.
http – Changes to the `netsh http’ context.
interface – Changes to the `netsh interface’ context.
ipsec – Changes to the `netsh ipsec’ context.
lan – Changes to the `netsh lan’ context.
mbn – Changes to the `netsh mbn’ context.
namespace – Changes to the `netsh namespace’ context.
nap – Changes to the `netsh nap’ context.
netio – Changes to the `netsh netio’ context.
p2p – Changes to the `netsh p2p’ context.
ras – Changes to the `netsh ras’ context.
rpc – Changes to the `netsh rpc’ context.
set – Updates configuration settings.
show – Displays information.
trace – Changes to the `netsh trace’ context.
wcn – Changes to the `netsh wcn’ context.
wfp – Changes to the `netsh wfp’ context.
winhttp – Changes to the `netsh winhttp’ context.
winsock – Changes to the `netsh winsock’ context.
wlan – Changes to the `netsh wlan’ context.

The following sub-contexts are available:
advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ips
ec lan mbn namespace nap netio p2p ras rpc trace wcn wfp winhttp winsock wlan
Netsh contexts
Netsh utility interacts with others using dynamic-link library files. Each Netsh helper DLL provides an extensive set of features called a context, which is a group of commands specific to this DLL networking component. These contexts extend the functionality of netsh. For ex., Dhcpmon.dll provides netsh the context and set of commands necessary to configure and manage DHCP settings.

For more information about Netsh contexts, use this command in the netsh shell:

netsh>show helper
DLL Filename Command
———— ——-
FWCFG.DLL firewall
IFMON.DLL interface
IPV6MON.DLL isatap
IPV6MON.DLL portproxy
RASMONTR.DLL appletalk
IPPROMON.DLL routerdiscovery
IFMON.DLL winsock
List of available netsh contexts
AAAA – commands for AAAA
Shows and sets the configuration of the Authentication, Authorization, Accounting, and Auditing (AAAA) database used by the Internet Authentication Service (IAS) and the Routing and Remote Access service.

DHCP – commands for DHCP
Administers DHCP servers and provides an equivalent alternative to console-based management.

Diag – diagnostic (diag) commands
Administers and troubleshoots operating system and network service parameters.

Interface – commands for Interface IP
Configures the TCP/IP protocol (including addresses, default gateways, DNS servers, and WINS servers) and displays configuration and statistical information.

RAS – commands for RAS
Administers remote access servers.

Routing – commands for Routing
Administers Routing servers.

WINS – commands for WINS
Administers WINS servers.
Displaying all of the adapter
To display all of the adapters in the computer with their current IP addresses to determine the correct adapter name, type the following command:

Netsh interface ip show config

Change static address to DHCP
To switch the specified adapter from a static address to DHCP, type the following command:

netsh interface ip set address “Local Area Connection” dhcp

Displays just the DNS server addresses
netsh interface ip show dnsservers

Displays the TCP connections
netsh interface ip show tcpconnections

Shows only TCP statistics
netsh interface ip show tcpstats

Displays the UDP connections
netsh interface ip show udpconnections

Shows only UDP statistics
netsh interface ip show udpstats

Change to a static address
netsh interface ip set address “Local Area Connection” static ipaddr subnetmask gateway metric

eg:- netsh interface ip set address “Local Area Connection” static 1

Dump all the network information
netsh dump

Import your IP settings

netsh -f c:\location1.txt or netsh exec c:\location2.txt

some examples

>netsh interface ipv4 show compartments

Id Interfaces Routes HopLimit
—— ———- —— ——–
1 3 15 128

>netsh interface ipv4 show global
Querying active state…

General Global Parameters
Default Hop Limit : 128 hops
Neighbor Cache Limit : 256 entries per interface
Route Cache Limit : 128 entries per compartment
Reassembly Limit : 536866752 bytes
ICMP Redirects : enabled
Source Routing Behavior : dontforward
Task Offload : enabled
Dhcp Media Sense : enabled
Media Sense Logging : disabled
MLD Level : all
MLD Version : version3
Multicast Forwarding : disabled
Group Forwarded Fragments : disabled
Randomize Identifiers : enabled
Address Mask Reply : disabled

Current Global Statistics
Number of Compartments : 1
Number of NL clients : 7
Number of FL providers : 4

>netsh interface ipv4 show ipstats
MIB-II IP Statistics
Forwarding is: Disabled
Default TTL: 128
In Receives: 2390189991
In Header Errors: 26416400
In Address Errors: 7060
Datagrams Forwarded: 0
In Unknown Protocol: 123
In Discarded: 8170
In Delivered: 2364039939
Out Requests: 2522875753
Routing Discards: 0
Out Discards: 2071
Out No Routes: 1462
Reassembly Timeout: 60
Reassembly Required: 0
Reassembled Ok: 0
Reassembly Failures: 0
Fragments Ok: 0
Fragments Failed: 0
Fragments Created: 0
>netsh interface ipv4 show route

>netsh interface ipv4 show subinterfaces

MTU MediaSenseState Bytes In Bytes Out Interface
—— ————— ——— ——— ————-
4294967295 1 0 8784 Loopback Pseudo-Interface 1
1500 1 1352228023139 1700849690717 Local Area Connection 2
1300 1 61980 13485540 Local Area Connection* 9

Enforce a system lock (screen saver lock)after a defined interval

It is possible to enforce a system lock after a defined interval. This requires the following two policy settings:
• Password protect the screen saver
• Screen saver timeout

using group policy preferences power plan is not a solution here ,as it is workgroup.

Local Group Policy Object (LGPO) that you can use to lock down settings on that machine. And if you have admin privileges on every machine in your workgroup, you can configure the LGPOs for your machines remotely from a single machine instead of having to walk around to each of them and log on locally.

To configure the LGPO on a remote machine, open a new MMC console, add the Group Policy snap-in, and click Browse to set the focus to a different machine than the local computer.

screensaver TS
Group Policy under/User Configuration/Administrative Templates/Control Panel/Display

Click “Start.” Type “Gpedit.msc” into the search box at the bottom of the Start menu. Press “Enter.”
Click “Yes” in the User Account Control prompt window, if one appears.
Navigate to the “User Configuration\Administrative Templates\Control Panel\Personalization” folder in the left pane of the Group Policy window.
Double-click the “Password Protect the Screen Saver” setting in the right pane of the Group Policy Editor window.
Click “Enabled.” Click “OK.”
Double-click the “Screen Saver Timeout” setting in the right pane.
Click “Enabled.”
Type the number of seconds you want to lock the PC after into the “Seconds” box. For example, type “600” if you want to lock the PC after 10 minutes.
Click “OK.”


The setting for the screensaver is in the path HKCU\ControlPanel\Desktop\ScreenSaveActive – a value of 0 switches off the Screensaver, while the value 1 turns it on.the screensaver is activated and is switches on after 10 minutes.

%d bloggers like this: