Windows is a popular operating system that provides a number of built-in command-line tools, also known as “Windows system commands,” that can be used to perform a wide range of tasks.
These commands can be typed into the command prompt or PowerShell, which is a more advanced version of command prompt and that provide additional functionality. Windows system commands can be used to perform a wide range of tasks, from managing files and directories, to monitoring network connections, to troubleshooting network and system issues. Some of these commands can be powerful and can cause damage if used improperly. Therefore, it’s recommended to use these commands with caution and after gaining the appropriate knowledge.
Some examples of commonly used Windows system commands include.
- DIR: Displays a list of files and subdirectories in a directory.
The DIR command is a command-line utility in Windows that is used to display a list of files and subdirectories in a directory. The DIR command can be used with a variety of options and parameters to customize the output and display specific information about the files and directories in the target directory.
When you type “dir” in the command prompt and hit enter, by default it will list the files and directories in the current working directory.
The basic syntax of the DIR command is:
C:\> dir [path] [options]
where “path” is the directory you want to list the contents of, and “options” are any additional options or switches you want to use to customize the output. Here are some examples of how the DIR command can be used:
- To list the contents of the current working directory: dir
- To list the contents of a specific directory: dir c:\users
- To list files and directories in a directory and all its subdirectories: dir /s
- To display detailed information about the files and directories, including file sizes and timestamps: dir /w
- To display hidden files and directories: dir /a:h
The DIR command can be useful for a variety of tasks, such as quickly finding a file in a directory, checking the space usage of a directory, or verifying the contents of a directory.
It’s important to note that the DIR command will not display files with the hidden attribute set and by default, it doesn’t list files with system attribute set. To view those you can use /a:h or /a:s switches accordingly.
- CD: Changes the current working directory.
The CD (Change Directory) command is a command-line utility in Windows that is used to change the current working directory. The current working directory is the directory that the command prompt is currently pointing to, and all subsequent commands will be executed in that directory, unless a specific directory is specified.
The basic syntax of the CD command is:
C:\>cd [directory]
where “directory” is the path of the directory you want to change to.Here are some examples of how the CD command can be used:
- To change to the root directory: cd\
- To change to a subdirectory within the current directory: cd subdirectory
- To change to a directory on a different drive: cd d:\directory
- To change to the parent directory: .
You can also use the CD command in combination with other commands, for example dir and cd commands can be used together to display the contents of a specific directory and then navigate into that directory.
It’s important to note that the CD command does not create a new directory, it only changes the current working directory, if you need to create a new directory you would have to use md (make directory) command.
Also, you can use the pushd command which not only changes the current directory but also “pushes” the current directory to a stack, this allows you to switch back and forth between the current directory and the previous one using the popd command.
- COPY: Copies one or more files to another location.
The COPY command is a command-line utility in Windows that is used to copy files from one location to another. The COPY command can be used to copy one or more files or directories to a new location, and it has a number of options and parameters that can be used to customize the copy operation.
The basic syntax of the COPY command is:
C:\>copy [source] [destination]
Where “source” is the file or directory you want to copy, and “destination” is the location where you want to copy the file or directory to. Here are some examples of how the COPY command can be used:
- To copy a single file to a new location: copy c:\originalfile.txt c:\backup\originalfile.txt
- To copy multiple files to a new location: copy c:\originalfile1.txt c:\originalfile2.txt c:\backup
- To copy all files in a directory to a new location: copy c:\originalfolder\* c:\backup
- To copy files with a specific file extension: copy c:\originalfolder\*.txt c:\backup
To copy a directory to a new location, including all subdirectories and files: copy /e c:\originalfolder c:\backup
The COPY command can also be used with options such as /v (verifies that new files are written correctly) or /y (overwrite the files without prompt) and /z (copy files in restartable mode), these options can help to improve the copy operation depending on the requirements and the size of the files.
It’s important to note that the COPY command does not remove the original files from the source location, it only makes a copy of them to the destination location. If you want to move the files you can use the move command or use copy with /y to overwrite the files on the destination.
- DEL: Deletes one or more files or directories.
The DEL (or Delete) command is a command-line utility in Windows that is used to delete one or more files or directories. The DEL command is used to remove files and directories that are no longer needed, and it has a number of options and parameters that can be used to customize the delete operation.
The basic syntax of the DEL command is:
C:\>del [file or directory]
Where “file or directory” is the path of the file or directory you want to delete. Here are some examples of how the DEL command can be used:
- To delete a single file: del c:\file.txt
- To delete multiple files: del c:\file1.txt c:\file2.txt
- To delete all files in a directory: del c:\folder\*
- To delete all files with a specific file extension: del c:\folder\*.txt
The DEL command also has options such as /p (prompts for confirmation before deleting each file) or /f (forces the deletion of read-only files) and /q (deletes files quietly, without asking for confirmation), these options can help to improve the delete operation depending on the requirements.
It’s important to use the DEL command with caution, once a file or directory is deleted, it is permanently removed from the file system and it can’t be recovered. It’s always a good idea to use the /p option when deleting files to confirm that you’re deleting the correct files, and also, it’s a good practice to backup important files before deleting them.
- MOVE: Moves one or more files or directories to another location.
The MOVE command is a command-line utility in Windows that is used to move one or more files or directories from one location to another. The MOVE command is similar to the COPY command, but it is used to physically move files and directories rather than copying them, which means the original files or directories are removed from the source location after the move operation.
The basic syntax of the MOVE command is:
C:\>move [source] [destination]
Where “source” is the path of the file or directory you want to move, and “destination” is the location where you want to move the file or directory to. Here are some examples of how the MOVE command can be used:
- To move a single file to a new location: move c:\originalfile.txt c:\backup\originalfile.txt
- To move multiple files to a new location: move c:\originalfile1.txt c:\originalfile2.txt c:\backup
- To move all files in a directory to a new location: move c:\originalfolder\* c:\backup
- To move files with a specific file extension: move c:\originalfolder\*.txt c:\backup
- To move a directory to a new location, including all subdirectories and files: move c:\originalfolder c:\backup
The MOVE command can also be used with options such as /y (overwrite the files without prompt) and /z (copy files in restartable mode) these options can help to improve the move operation depending on the requirements and the size of the files.
It’s important to use the MOVE command with caution, like the DEL command, once a file or directory is moved, the original files or directories are removed from the source location after the move operation, and it can’t be recovered. It’s always a good idea to use the option /y to overwrite the files on the destination and also, it’s a good practice to backup important files before moving them.
- NETSTAT: Displays active network connections and their status. Displays protocol statistics and current TCP/IP network connections, this tool can be used to monitor incoming and outgoing network connections, identify open ports, and troubleshoot network issues.
The NETSTAT command is a command-line utility in Windows that is used to display active network connections and their status. The NETSTAT command can be used to display information about the current TCP/IP network connections, including the local and remote addresses and ports, the connection state, and the process ID (PID) of the process that is using the connection.
The basic syntax of the NETSTAT command is:
C:\>netstat [options]
Where “options” are any additional options or switches you want to use to customize the output. Here are some examples of how the NETSTAT command can be used:
- To display a list of all active TCP connections: netstat -a
- To display only the active TCP connections on the local computer: netstat -a -n
- To display the TCP and UDP ports on which the computer is listening: netstat -an
- To display the statistics by protocol: netstat -s
- To display the contents of the routing table for all IP protocols: netstat -r
NETSTAT command can be useful for troubleshooting network problems, monitoring network activity, and identifying open ports and listening services. The options like -a (Displays all active connections) or -n (Displays addresses and port numbers in numerical form), -b (Displays the executable involved in creating each connection or listening port), can provide more information depending on the task you’re trying to accomplish.
It’s important to note that NETSTAT command is not a tool to detect or prevent intrusions or malware, but it can be used to identify suspicious activity on your network.
- IPCONFIG: Displays the current IP configuration for all network adapters on the system.
The IPCONFIG command is a command-line utility in Windows that is used to display the current IP configuration for all network adapters on a system. The IPCONFIG command can be used to view the current IP address, subnet mask, default gateway, and other network configuration information for all network adapters on the system. It also can be used to release and renew DHCP-assigned IP addresses.
The basic syntax of the IPCONFIG command is:
C:\>ipconfig [options]
Where “options” are any additional options or switches you want to use to customize the output. Here are some examples of how the IPCONFIG command can be used:
- To display the current IP configuration for all network adapters: ipconfig
- To display the IP configuration for a specific network adapter: ipconfig /all
- To release the DHCP assigned IP address for a specific network adapter: ipconfig /release
- To renew the DHCP assigned IP address for a specific network adapter: ipconfig /renew
- To flush the DNS cache: ipconfig /flushdns
- To display the DHCP class ID: ipconfig /showclassid
The IPCONFIG command can be useful for troubleshooting network connectivity issues, identifying IP conflicts, and viewing the network configuration information. The options like /all (Displays the full configuration), /renew (Renews DHCP leases for all adapters), or /flushdns (Flushes the DNS resolver cache) can provide more information depending on the task you’re trying to accomplish.
It’s important to note that IPCONFIG command only provides information about the IP configuration of the local system, it doesn’t provide information about remote systems.
- PING: Sends an ICMP echo request to a specified IP address to test network connectivity.
The PING command is a command-line utility in Windows that is used to test network connectivity between devices. The PING command sends Internet Control Message Protocol (ICMP) Echo Request packets to a specified IP address and listens for ICMP Echo Reply packets in return. By sending a series of these packets and measuring the time it takes for each packet to be returned, the PING command can determine the round-trip time (RTT) of packets to a specified destination, which can be used to assess the quality of the connection and to identify any potential network-related problems.
The basic syntax of the PING command is:
C:\>ping [destination]
Where “destination” is the IP address or hostname of the device you want to ping. Here are some examples of how the PING command can be used:
To ping the local host: ping localhost
- To ping a specific IP address: ping 192.168.1.1
- To ping a specific hostname: ping insectechs.in
- To change the number of echo request packets sent: ping -n 10 192.168.1.1
- To change the time-out for the response: ping -w 1000 192.168.1.1
The PING command can be useful for troubleshooting network connectivity issues, determining the reachability of a device on a network, and measuring the responsiveness of a device. The options like -n (number of echo requests to send) or -w (time-out in milliseconds) can be used to fine-tune the test and gather more information about the network status.
It’s important to note that PING command uses ICMP (Internet Control Message Protocol) to determine the connectivity and it’s not the only method to check if the device is reachable, sometimes network security policies may block IC
- TRACERT: Determines the route taken to a destination by sending ICMP echo requests to the destination with incrementally increasing Time-To-Live (TTL) values.
The TRACERT command is a command-line utility in Windows that is used to trace the path that a packet takes from the source device to the destination device. The TRACERT command sends Internet Control Message Protocol (ICMP) Echo Request packets to a specified IP address and listens for ICMP Time Exceeded and Echo Reply messages in return. By sending a series of these packets and measuring the time it takes for each packet to be returned, the TRACERT command can determine the path that the packets take through the network and the IP address of each device in the path.
The basic syntax of the TRACERT command is:
C:\>tracert [destination]
Where “destination” is the IP address or hostname of the device you want to trace the path to. Here are some examples of how the TRACERT command can be used:
- To trace the path to a specific IP address: tracert 192.168.1.1
- To trace the path to a specific hostname: tracert insectechs.in
- To change the maximum number of hops in the search: tracert -h 30 google.com
- To resolve IP addresses to hostnames: tracert -d google.com
The TRACERT command can be useful for troubleshooting network connectivity issues, identifying the path that packets take through the network, and identifying the location of network bottlenecks. The options like -h (maximum number of hops) or -d (do not resolve IP addresses to hostnames) can be used to fine-tune the test and gather more information about the network topology.
It’s important to note that TRACERT command uses ICMP (Internet Control Message Protocol) to determine the path,
- TASKLIST: Displays a list of currently running processes and their associated process ID numbers (PIDs).
The TASKLIST command is a command-line utility in Windows that is used to display a list of currently running processes on a system. The TASKLIST command displays information about the process name, process ID (PID), and other details such as memory usage, the user that started the process, and the status of the process.
The basic syntax of the TASKLIST command is:
C:\>tasklist [options]
Where “options” are any additional options or switches you want to use to customize the output. Here are some examples of how the TASKLIST command can be used:
- To display a list of all running processes: tasklist
- To display a list of running processes along with their PIDs: tasklist /v
- To filter the output to show only processes that are running under a specific user: tasklist /fi “username eq [username]”
- To filter the output to show only processes that are running a specific executable: tasklist /fi “imagename eq [processname.exe]”
The TASKLIST command can be useful for troubleshooting performance issues, identifying the cause of system errors, and viewing the status of running processes. The options like /v (verbose) or /fi (filter) can be used to fine-tune the test and gather more information about the running processes.
It’s important to note that TASKLIST only displays information about running processes on the local system, not on remote systems. Also, the information provided by TASKLIST is useful for identifying the processes that are running on a system, but it
Here are some additional examples of Windows system commands that can be useful in various scenarios:
- chkdsk: Scans a disk and verifies the integrity of the file system, can also be used to fix errors on the disk.
- taskkill: Terminates one or more running processes.
- sfc: Scans system files and replaces any that are found to be corrupted or missing.
- fsutil: A collection of command-line tools for managing and manipulating file systems, this tool can be used to perform tasks such as creating, formatting, and extending volumes, and managing disk space.
- net: a collection of command-line tools for managing network connections and user accounts, this tool can be used to perform tasks such as creating, modifying, and deleting user accounts, managing network shares, and configuring network settings.
- systeminfo: Displays detailed information about the system, such as the OS version, system uptime, and installed hotfixes.
- task scheduler: used to schedule tasks to run automatically at specified times, this tool can be used to schedule maintenance tasks, backups, and other regular processes.
- event viewer: used to view and manage event logs, this tool can be used to troubleshoot system issues and identify security events.
- powershell: A more advanced command-line interface than the command prompt, PowerShell provides access to a wide range of powerful built-in cmdlets and allows the use of scripts, it’s widely used by administrators and IT professionals for automation and management.
It’s important to note that these commands are just a small sample of the many built-in Windows system commands that are available, there are many more and not all commands may be available in every version of Windows. also, using these commands require knowledge about the command’s function and parameters, and should be used carefully.
Windows Networking Commands
ipconfig: Displays the current IP configuration for all network adapters on the system.
ping: Sends an ICMP echo request to a specified IP address to test network connectivity.
tracert: Determines the route taken to a destination by sending ICMP echo requests to the destination with incrementally increasing Time-To-Live (TTL) values.
arp: Displays and modifies the ARP cache.
nbtstat: Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP)
- netstat: Displays active network connections and their status, this command can be used to monitor incoming and outgoing network connections, identify open ports, and troubleshoot network issues.
- netstat -a: Displays all active TCP connections and the TCP and UDP ports on which the computer is listening.
- netstat -e: Displays Ethernet statistics, including the number of bytes and packets sent and received.
- netstat -r: Displays the routing table for all IP protocols.
- netstat -s: Displays statistics by protocol.
NETSH interface ipv4 show interfaces: Shows the status of all network interfaces configured with IPv4.
netsh interface ipv6 show interfaces: Shows the status of all network interfaces configured with IPv6.
- netsh interface ipv4 set address name=”Local Area Connection” static 192.168.0.10 255.255.255.0 192.168.0.1: Configures a static IP address for the Local Area Connection interface.
- netsh interface ipv6 set address interface=”Local Area Connection” source=static address=2001:0db8:85a3:0000:0000:8a2e:0370:7334: Configures a static IPv6 address for the Local Area Connection interface.
nslookup: Queries DNS servers to resolve hostnames to IP addresses and vice versa.
nslookup insectechs.in: Resolves the hostname “insectechs.in” to an IP address
route print: Displays the contents of the IP routing table, this command can be used to view the current routing table and identify any problems with routing.
route: Displays and modifies the IP routing table.
net: a collection of command-line tools for managing network connections and user accounts, this tool can be used to perform tasks such as creating, modifying, and deleting user accounts, managing network shares, and configuring network settings.
All of these commands can be used in Command prompt or PowerShell. It’s important to note that these commands require knowledge about the command’s function and parameters, and should be used carefully. These commands can be very helpful for troubleshooting network problems, monitoring network activity, and performing basic network configurations, but they need to be used with caution, as some commands can have unintended consequences if used improperly.