Ultimate Command Reference Guide for System Administrators and Network Engineers

A comprehensive collection of essential commands for Wireshark, Linux, and Windows systems

Introduction

This guide serves as a complete reference for system administrators, network engineers, security professionals, and IT enthusiasts. Whether you’re troubleshooting network issues with Wireshark, managing Linux servers, or automating tasks in Windows environments, this cheat sheet provides the most commonly used commands all in one place.

Each section is organized by functionality to help you quickly find the commands you need. Bookmark this page or print it out for easy reference during your daily tasks.

Table of Contents

1. Wireshark Commands
2. Linux Commands
3. Windows CMD Commands
4. PowerShell Equivalents
5. Networking Best Practices
6. Troubleshooting Tips

Wireshark Filters and Commands

Display Filters Syntax

• == : Equal
• != : Not equal
• > : Greater than
• < : Less than
• >= : Greater than or equal
• <= : Less than or equal
• contains : Protocol, field or text contains specified value
• matches : Protocol or text matches regular expression
• ! : Logical NOT
• && or and : Logical AND
• || or or : Logical OR

Common Filtering Commands

• ip.addr == 192.168.1.1 : Filter for specific IP address
• http : Show only HTTP packets
• tcp.port == 80 : Show only traffic on TCP port 80
• !tcp.port == 443 : Show all traffic except TCP port 443
• ip.src == 10.0.0.5 && ip.dst == 10.0.0.10 : Filter by source and destination
• frame contains "login" : Find frames containing specific text
• http.request.method == "GET" : Show only HTTP GET requests
• tcp.flags.syn == 1 and tcp.flags.ack == 0 : Find SYN packets

Wireshark Keyboard Shortcuts

• Ctrl + E : Start/Stop capture
• Ctrl + R : Restart current capture
• Ctrl + K : Stop current capture
• Ctrl + N : Create new capture file
• Ctrl + O : Open capture file
• Ctrl + S : Save capture file
• Ctrl + G : Go to specified packet
• Ctrl + F : Find packet
• F2 : Go back in the packet history
• F3 : Move to next packet of that conversation
• F4 : Go to previous packet of that conversation
• F5 : Go to next packet of the conversation
• F6 : Go to first packet
• F7 : Go to last packet
• F8 : Go to next marked packet
• F9 : Mark/unmark current packet
• F10 : Go to previous marked packet

Main Toolbar Items

• Capture → Start : Start the new packet capturing session
• Capture → Stop : Stop current capture session
• Capture → Restart : Restarts active capture session
• Capture → Options : Opens “Capture Options” dialog box
• File → Open : Opens “file open” dialog box to load a capture
• File → Save As : Save current capture file
• File → Close : Close current capture file
• Edit → Find Packet : Find packet based on different criteria
• Go → Go Back : Move back in the packet history

Linux Commands Reference

System Commands

• uname -a : Display Linux system information
• hostname : Show system host name
• uptime : Show how long the system has been running + load
• last reboot : Show system reboot history
• date : Show the current date and time
• cal : Show this month calendar
• w : Display who is online
• whoami : Who you are logged in as
• finger user : Display information about user

Hardware Information

• dmesg : Detected hardware and boot messages
• cat /proc/cpuinfo : CPU information
• cat /proc/meminfo : Hardware memory
• cat /proc/interrupts : Lists the interrupts per CPU per I/O device
• lshw : Displays information on hardware configuration
• lsblk : Display block device related information
• free -m : Used and free memory (-m for MB)
• lspci -tv : Show PCI devices
• lsusb -tv : Show USB devices
• dmidecode : Show hardware info from the BIOS
• hdparm -i /dev/sda : Show info about disk sda
• hdparm -tT /dev/sda : Do a read speed test on disk sda
• badblocks -s /dev/sda : Test for unreadable blocks on disk sda

Users Management

• id : Show the active user id with login and group
• last : Show last logins on the system
• who : Show who is logged on the system
• groupadd admin : Add group “admin”
• useradd -c "Sam Tomshi" -g admin -m sam : Create user “sam”
• userdel sam : Delete user “sam”
• adduser sam : Add user “sam”
• usermod : Modify user information

File Commands

• ls -al : Display all information about files/directories
• pwd : Show the path of current directory
• mkdir directory-name : Create a directory
• rm -rf directory-name : Delete directory recursively
• rm -f file-name : Force remove file
• rm -rf directory-name : Remove directory recursively
• cp file1 file2 : Copy file1 to file2
• cp -r dir1 dir2 : Copy dir1 to dir2; create dir2 if it doesn’t exist
• mv file1 file2 : Rename source to dest / move source to directory
• ln -s /path/to/file-name link-name : Create symbolic link to file-name
• touch file : Create an empty file
• cat > file : Places standard input into file
• more file : Output the contents of file
• head file : Output the first 10 lines of file
• tail file : Output the last 10 lines of file
• tail -f file : Output the contents of file as it grows starting with the last 10 lines
• gpg -c file : Encrypt file
• gpg file.gpg : Decrypt file
• wc : Print the number of bytes, words, and lines in files
• xargs : Execute command lines from standard input

Process Related

• ps : Display your currently active processes
• ps aux | grep 'telnet' : Find all process related to telnet process
• pmap : Memory map of process
• top : Display all running processes
• kill pid : Kill process with mentioned pid
• killall proc : Kill all processes named proc
• pkill process-name : Send signal to a process with its name
• bg : Resume suspended jobs without bringing them to foreground
• fg : Brings the most recent job to foreground
• fg n : Brings job n to the foreground

File Permissions

• chmod octal file-name : Change the permissions of file to octal
• chmod 777 /data/test.c : Set rwx permission for owner, group, world
• chmod 755 /data/test.c : Set rwx for owner, rx for group and world
• chown owner-user file : Change owner of the file
• chown owner-user:owner-group file : Change owner and group owner of the file
• chown owner-user:owner-group directory : Change owner and group owner of the directory

Network Commands

• ifconfig : Display all network interfaces and ip address
• ip addr show : Display all network interfaces and ip address
• ifconfig eth0 : Set IP address for eth0
• ethtool eth0 : Linux tool to show ethernet status
• ping host : Send echo request to test connectivity
• whois domain : Get whois information for domain
• dig domain : Get DNS information for domain
• dig -x host : Reverse lookup host
• host google.com : Lookup DNS ip address for the name
• hostname -i : Lookup local ip address
• wget file : Download file
• netstat -tupl : Listing all active listening ports

Compression / Archives

• tar cf home.tar home : Create tar named home.tar containing home/
• tar xf file.tar : Extract the files from file.tar
• tar czf file.tar.gz files : Create a tar with gzip compression
• gzip file : Compress file and renames it to file.gz

Install Packages

• rpm -i pkgname.rpm : Install rpm based package
• rpm -e pkgname : Remove package

Install from Source

• ./configure :
• make :
• make install :

Search

• grep pattern files : Search for pattern in files
• grep -r pattern dir : Search recursively for pattern in dir
• locate file : Find all instances of file
• find /home -name "index*" : Find files names that start with “index”
• find /home -size +10000k : Find files larger than 10000k in /home

Login (SSH and Telnet)

• ssh user@host : Connect to host as user
• ssh -p port user@host : Connect to host using specific port
• telnet host : Connect to the system using telnet port

File Transfer

• scp file.txt server2:/tmp : Secure copy file.txt to remote host /tmp folder
• rsync -a /home/apps /backup/ : Synchronize source to destination

Disk Usage

• df -h : Show free space on mounted filesystems
• df -i : Show free inodes on mounted filesystems
• fdisk -l : Display disks partitions sizes and types
• du -ah : Display disk usage in human readable form
• du -sh : Display total disk usage on the current directory
• findmnt : Displays target mount point for all filesystems
• mount device-path mount-point : Mount a device

Directory Navigation

• cd : To go to home folder
• cd .. : To go to parent directory
• / : Root directory
• . : Current directory
• .. : Parent directory
• cd /test : Change to /test directory

Windows CMD Commands

File Management

• ASSOC : Displays or modifies file extension associations
• ATTRIB : Displays or changes file attributes
• CD : Shows the name of or changes to a current directory
• CHCP : Displays or sets the active code page number
• CHDIR : Displays the name of or changes to the current directory
• CHKDSK : Checks a disk and displays a status report
• CHOICE : Batch command that allows users to select from a set of options
• CIPHER : Displays or alters the encryption of directories (files) on NTFS partitions
• COMP : Compares the contents of two files or sets of files byte-by-byte
• COMPACT : Displays or alters the compression of files on NTFS partitions
• CONVERT : Converts FAT volumes to NTFS (You cannot convert the current drive)
• COPY : Copies one or more files to another location
• DEL : Deletes one or more files
• DIR : Displays a list of files and sub-directories in a directory
• DISKCOMP : Compares the contents of two floppy disks
• DISKCOPY : Copies the contents of one floppy disk to another
• DISKPART : Displays or configures Disk Partition properties
• ECHO : Displays messages, or turns command echoing on or off
• ERASE : Deletes one or more files
• EXPAND : Expands compressed files
• FC : Compares two files or sets of files, and displays the differences between them
• FIND : Searches for a text string in a file or files
• FINDSTR : Searches for strings in files
• FOR : Runs a specified command for each item in a set
• FORFILES : Selects files in a folder for batch processing
• FORMAT : Formats a disk for use with Windows
• FSUTIL : Displays or configures the file system properties
• FTYPE : Displays or modifies file types used in file extension associations
• LABEL : Creates, changes, or deletes the volume label of a disk
• MD : Creates a directory
• MKDIR : Creates a directory
• MKLINK : Creates Symbolic Links and Hard Links
• MOVE : Moves one or more files from one directory to another directory
• OPENFILES : Queries, displays, or disconnects open files or files opened by network users
• RD : Removes a directory
• REN : Renames a file or files
• RENAME : Renames a file or directory
• REPLACE : Replaces files
• RMDIR : Removes a directory
• ROBOCOPY : Advanced utility to copy files and directory trees
• SORT : Sorts input
• TREE : Graphically displays the directory structure of a drive or path
• TYPE : Displays the contents of a text file
• WHERE : Displays the location of files that match a search pattern
• XCOPY : Copies files and directory trees

System Management

• BCDEDIT : Sets properties in boot database to control boot loading
• BREAK : Sets or clears extended CTRL+C checking
• CACLS : Displays or modifies access control lists (ACLs) of files
• CALL : Calls a batch program from another
• CHKNTFS : Displays or modifies the checking of disk at boot time
• CLS : Clears the screen
• CMD : Starts a new instance of the Windows command interpreter
• CMDKEY : Creates, lists, and deletes stored user names and passwords or credentials
• COLOR : Sets the default console colors
• DATE : Displays or sets the date
• DRIVERQUERY : Displays current device driver status and properties
• EXIT : Quits and closes the command shell
• GPRESULT : Displays Group Policy information for machine or user
• HELP : Provides help information for Windows commands
• ICACLS : Display, modify, backup, or restore ACLs for files and directories
• IPCONFIG : Displays all current TCP/IP network configuration values
• MODE : Configures a system device
• MORE : Displays output one screen at a time
• PAUSE : Suspends processing of a batch file
• POPD : Restores the previous value of the current directory saved by PUSHD
• POWERCFG : Manages power settings and power consumption
• PRINT : Prints a text file
• PROMPT : Changes the Windows command prompt
• PUSHD : Saves the current directory then changes it
• RECOVER : Recovers readable information from a bad or defective disk
• REM : Designates comments (remarks) in batch files
• SCHTASKS : Schedules commands and programs to run on a computer
• SETLOCAL : Begins localization of environment changes in a batch file
• SETX : Sets environment variables
• SHUTDOWN : Allows proper local or remote shutdown of machine
• START : Starts a separate window to run a specified program or command
• SYSTEMINFO : Displays machine specific properties and configuration
• TASKKILL : Kill running process or application
• TASKLIST : Displays all currently running tasks including services
• TIME : Displays or sets the system time
• TIMEOUT : Pauses the command processor for the specified number of seconds
• TITLE : Sets the window title for a CMD.EXE session
• TRACERT : Route tracing tool
• VER : Displays the Windows version
• VERIFY : Tells Windows whether to verify that your files are written correctly to a disk
• VOL : Displays a disk volume label and serial number
• WMIC : Displays WMI information inside interactive command shell
• RUNAS : Allows a user to run specific tools and programs with different permissions

Networking

• ARP : Displays and modifies the IP-to-Physical address translation tables
• GETMAC : Displays the MAC address of network adapters
• IPCONFIG : Displays IP network settings
• NETSH : Network services configuration tool
• NETSTAT : Network statistics
• NSLOOKUP : DNS query tool
• PATHPING : Advanced version of ping, used on multiple routers
• PING : Sends echo requests to an address
• ROUTE : Manipulates network routing tables
• TRACERT : Traces route to a remote host showing all hops

PowerShell Equivalents

PowerShell has become the preferred scripting and automation tool for Windows environments. Here are PowerShell equivalents for common CMD commands:

Networking Best Practices

When working with network tools and commands, keep these best practices in mind:

1. Documentation: Always document network changes, especially firewall rules and routing configurations.
2. Backup Configurations: Before making significant changes, back up device configurations.
3. Use Filtering Efficiently: When using Wireshark, apply specific display filters to reduce noise and focus on relevant traffic.
4. Security First: Always use encrypted protocols (SSH instead of Telnet, SFTP instead of FTP) when managing remote systems.
5. Test in Isolation: Test complex commands or scripts in isolated environments before applying to production.
6. Monitor Resource Usage: Use commands like top (Linux) or Resource Monitor (Windows) to monitor system resources during troubleshooting.
7. Regular Updates: Keep systems updated with security patches and firmware updates.

Troubleshooting Tips

Network Connectivity Issues

1. Check Physical Connections: Verify all cables and physical connections.
2. Verify IP Configuration: Use ipconfig (Windows) or ifconfig/ip addr (Linux) to check IP addressing.
3. Test Basic Connectivity: Use ping to test basic network connectivity.
4. Check DNS Resolution: Use nslookup or dig to verify DNS is working correctly.
5. Trace Route: Use tracert (Windows) or traceroute (Linux) to identify where connections are failing.
6. Examine Firewall Rules: Check if firewalls are blocking necessary traffic.
7. Packet Capture: Use Wireshark to capture and analyze packets for deeper troubleshooting.

System Performance Issues

1. Check Resource Usage: Use top or htop in Linux, Task Manager in Windows.
2. Review Logs: Check system logs for errors or warnings.
3. Monitor Disk Space: Use df -h in Linux or dir in Windows to check available disk space.
4. Check Running Services: Review which services are running and consuming resources.
5. Scan for Malware: Ensure the system isn’t compromised.

Conclusion

Mastering these commands will significantly enhance your effectiveness as a system administrator or network engineer. While graphical interfaces provide user-friendly ways to manage systems, command-line proficiency offers greater flexibility, efficiency, and the ability to automate routine tasks.

Remember that the best way to learn these commands is through regular practice and application in real-world scenarios. Start with basic commands and gradually incorporate more advanced ones into your daily workflow.

Additional Resources

• Official Wireshark Documentation
• Linux Documentation Project
• Microsoft Command Line Reference
• PowerShell Documentation

Last Updated: April 2025