ARP

arp -a [Displays current ARP entries by interrogating the current protocol data.]

>arp /?

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr] [-v]

-a            Displays current ARP entries by interrogating the current
protocol data.  If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed.  If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g            Same as -a.
-v            Displays current ARP entries in verbose mode.  All invalid
entries and entries on the loop-back interface will be shown.
inet_addr     Specifies an internet address.
-N if_addr    Displays the ARP entries for the network interface specified
by if_addr.
-d            Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s            Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr.  The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr      Specifies a physical address.
if_addr       If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212   00-aa-00-62-c6-09  …. Adds a static entry.
> arp -a                                    …. Displays the arp table.

Advertisements

NBTSTAT

nbtstat  -A 192.168.1.1 [Lists the remote machine’s name table given its IP address.]

>NBTSTAT /?

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a   (adapter status) Lists the remote machine’s name table given its name
-A   (Adapter status) Lists the remote machine’s name table given its
IP address.
-c   (cache)          Lists NBT’s cache of remote [machine] names and their IP addresses
-n   (names)          Lists local NetBIOS names.
-r   (resolved)       Lists names resolved by broadcast and via WINS
-R   (Reload)         Purges and reloads the remote cache name table
-S   (Sessions)       Lists sessions table with the destination IP addresses
-s   (sessions)       Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR  (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName   Remote host machine name.
IP address   Dotted decimal representation of the IP address.
interval     Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

Export Registry Key with a CMD Script

CMP PROMPT>reg.exe export /?

REG EXPORT KeyName FileName [/y]

Keyname    ROOTKEY[\SubKey] (local machine only).
ROOTKEY  [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey   The full name of a registry key under the selected ROOTKEY.

FileName   The name of the disk file to export.

/y       Force overwriting the existing file without prompt.

Examples:

REG EXPORT HKLM\Software\MyCo\MyApp File01.reg
Exports all subkeys and values of the key MyApp to the file File01.reg

Delete registry key with a CMD script.

CMD PROMPT>reg.exe delete /?

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

KeyName    [\\Machine\]FullKey
Machine  Name of remote machine – omitting defaults to the current machine.
Only HKLM and HKU are available on remote machines.
FullKey  ROOTKEY\SubKey
ROOTKEY  [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey   The full name of a registry key under the selected ROOTKEY.

ValueName  The value name, under the selected Key, to delete.
When omitted, all subkeys and values under the Key are deleted.

/ve        delete the value of empty value name (Default).

/va        delete all values under this key.

/f         Forces the deletion without prompt.

Examples:

REG DELETE HKLM\Software\MyCo\MyApp\Timeout
Deletes the registry key Timeout and its all subkeys and values

REG DELETE \\ZODIAC\HKLM\Software\MyCo /v MTU
Deletes the registry value MTU under MyCo on ZODIAC