What is a MAC Address
* MAC stands for Media Access Control.
* It's a unique number assigned to each network interface card (NIC).
* Also called physical address, hardware address, network adapter address
* Used in media access control protocol sublayer.
How to Find a Machine MAC Address
Most Unix Machines
* /sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:30:A6:C0:1F:C0
eth1 Link encap:Ethernet HWaddr 00:30:B6:C0:F7:FA
Windows Machines
* ipconfig /all
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-1F-23-1D-00-3D
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Networ
k Connection
Physical Address. . . . . . . . . : 00-1F-AE-23-28-67
Reference
* http://en.wikipedia.org/wiki/MAC_address
* http://www.coffer.com/mac_info/locate-unix.html
Filed under: Linux, WinOS, unix | |Comments off
Application Commands
ACCWIZ.EXE - Accessibility Wizard
BCKGZM.EXE - Backgammon
CALC.EXE - Calculator
CHARMAP.EXE - Character Map
CHKRZM.EXE - Checkers
CLEANMGR.EXE - Disk Space Cleanup Manager
CLICONFG.EXE - SQL Client Configuration Utility
CLIPBRD.EXE - Clipbook Viewer
CLSPACK.EXE - Class Package Export Tool
CMD.EXE - Command Line
CMSTP.EXE - Connection Manager Profile Installer
CONF.EXE - NetMeeting
CONTROL.EXE - Control Panel
DCOMCNFG.EXE - Component Services
DDESHARE.EXE - DDE Share
DIALER.EXE - Phone Dialer
DRWATSON.EXE - Doctor Watson v1.00b
DRWTSN32.EXE - Doctor Watson Settings
DVDPLAY.EXE - DVD Player
DXDIAG.EXE - DirectX Diagnostics
EUDCEDIT.EXE - Private Character Editor
EVENTVWR.EXE - Event Viewer
EXPLORER.EXE - Windows Explorer
FREECELL.EXE - Free Cell
FXSCLNT.EXE - Fax Console
FXSCOVER.EXE - Fax Cover Page Editor
FXSEND.EXE - MS Fax Send Note Utility
HELPCTR.EXE - Help and Support
HRTZZM.EXE - Internet Hearts
HYPERTRM.EXE - HyperTerminal
ICWCONN1.EXE - Internet Connection Wizard
IEXPLORE.EXE - Internet Explorer
IEXPRESS.EXE - IExpress 2.0
INETWIZ.EXE - Setup Your Internet Connection
INSTALL.EXE - User’s Folder
LOGOFF.EXE - System Logoff
MAGNIFY.EXE - Microsoft Magnifier
MIGWIZ.EXE - File and Settings Transfer Wizard
MMC.EXE - Microsoft Management Console
MOBSYNC.EXE - Microsoft Synchronization Manager
MOVIEMK.EXE - Windows Movie Maker
MPLAY32.EXE - Windows Media Player version 5.1
MPLAYER2.EXE - Windows Media Player Version 6.4.09.1120
MSCONFIG.EXE - System Configuration Utility
MSHEARTS.EXE - Hearts
MSIMN.EXE - Outlook Express
MSINFO32.EXE - System Information
MSMSGS.EXE - Windows Messenger
MSN6.EXE - MSN Explorer
MSPAINT.EXE - Paint
MSTSC.EXE - Remote Desktop Connection
NARRATOR.EXE - Microsoft Narrator
NETSETUP.EXE - Network Setup Wizard
NOTEPAD.EXE - Notepad
NSLOOKUP.EXE - NSLookup Application
NTSD.EXE - Symbolic Debugger for Windows 2000
ODBCAD32.EXE - ODBC Data Source Administrator
OSK.EXE - On Screen Keyboard
OSUNINST.EXE - Windows Uninstall Utility
PACKAGER.EXE - Object Packager
PBRUSH.EXE - Paint
PERFMON.EXE - Performance Monitor
PINBALL.EXE - Pinball
PROGMAN.EXE - Program Manager
RASPHONE.EXE - Remote Access Phonebook
REGEDIT.EXE - Registry Editor
REGEDT32.EXE - Registry Editor
RESET.EXE - Resets Session
RSTRUI.EXE - System Restore
RTCSHARE.EXE - RTC Application Sharing
RVSEZM.EXE - Reversi
SFC.EXE - System File Checker
SHRPUBW.EXE - Create Shared Folder
SHUTDOWN.EXE - System Shutdown
SHVLZM.EXE - Spades
SIGVERIF.EXE - File Signature Verification
SNDREC32.EXE - Sound Recorder
SNDVOL32.EXE - Sound Volume
SOL.EXE - Solitaire
SPIDER.EXE - Spider Solitaire
SYNCAPP.EXE - Create A Briefcase
SYSEDIT.EXE - System Configuration Editor
SYSKEY.EXE - SAM Lock Tool
TABLE30.EXE - User’s Folder
TASKMGR.EXE - Task Manager
TELNET.EXE - MS Telnet Client
TOURSTART.EXE - Windows Tour Launcher
TSSHUTDN.EXE - System Shutdown
USERINIT.EXE - My Documents
UTILMAN.EXE - System Utility Manager
VERIFIER.EXE - Driver Verifier Manager
WAB.EXE - Windows Address Book
WABMIG.EXE - Address Book Import Tool
WIAACMGR.EXE - Scanner and Camera Wizard
WINCHAT.EXE - Windows for Workgroups Chat
WINHELP.EXE - Windows Help Engine
WINHLP32.EXE - Help
WINMINE.EXE - Minesweeper
WINNT32.EXE - User’s Folder
WINVER.EXE - Windows Version Information
WMPLAYER.EXE - Windows Media Player
WRITE.EXE - Wordpad
WRITE.EXE - WordPad
WSCRIPT.EXE - Windows Script Host Settings
WUPDMGR.EXE - Windows Update
Control Panel Applets
ACCESS.CPL - Accessibility Options
APPWIZ.CPL - Add or Remove Programs
DESK.CPL - Display Properties
HDWWIZ.CPL - Add Hardware Wizard
INETCPL.CPL - Internet Explorer Properties
INTL.CPL - Regional and Language Options
JOY.CPL - Game Controllers
MAIN.CPL - Mouse Properties
MMSYS.CPL - Sounds and Audio Device Properties
NCPA.CPL - Network Connections
NUSRMGR.CPL - User Accounts
ODBCCP32.CPL - ODBC Data Source Administrator
POWERCFG.CPL - Power Options Properties
SYSDM.CPL - System Properties
TELEPHON.CPL - Phone and Modem Options
TIMEDATE.CPL - Date and Time Properties
Management Consoles
CERTMGR.MSC - Certificates
CIADV.MSC - Indexing Service
COMPMGMT.MSC - Computer Management
DEVMGMT.MSC - Device Manager
DFRG.MSC - Disk Defragmenter
DISKMGMT.MSC - Disk Management
EVENTVWR.MSC - Event Viewer
FSMGMT.MSC - Shared Folders
LUSRMGR.MSC - Local Users and Groups
NTMSMGR.MSC - Removable Storage
NTMSOPRQ.MSC - Removable Storage Operator Requests
PERFMON.MSC - Performance Monitor
SERVICES.MSC - Services
WMIMGMT.MSC - Windows Management Infrastructure
Other Run Line Commands
CONTROL USERPASSWORDS2 - Conventional User Account Interface
References
http://www.listikal.com/windows-xp-professional-and-home-command-line-commands-run-line-commands/
Filed under: WinOS | |Comments off
Install Monitoring Agent on Windows
* Download NSClient++ from http://sourceforge.net/projects/nscplus/.
* Install NSClient++ on the Windows machine as a service. Check "Allow service to interact with desktop" on the Logon tab.
* Uncomment and edit c:\Program Files\NSClient++\NSC.ini:
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
NRPEListener.dll
SysTray.dll
CheckEventLog.dll
CheckHelpers.dll
CheckExternalScripts.dll
NSCAAgent.dll
LUAScript.dll
NRPEClient.dll
CheckTaskSched.dll
use_file=1
allowed_hosts=192.60.250.134
port=12489
* Start NSClient++ service.
Enable Nagios to Monitor Windows
* Verify check_nt command in /usr/local/nagios/etc/objects/commands.cfg
* Verify windows-server template in /usr/local/nagios/etc/objects/templates.cfg
* Uncomment in /usr/local/nagios/etc/nagios.cfg
cfg_file=/usr/local/nagios/etc/objects/windows.cfg
* Modify /usr/local/nagios/etc/objects/windows.cfg
- Global replacement of window-server with the Name of windows box.
- Add/Remove services to be monitored.
* If password protection is enabled on NSClient++, edit check_nt command in /usr/local/nagios/etc/objects/commands.cfg file
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s secrete -v $ARG1$ $ARG2$
}
* Verify config and restart Nagios
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/sbin/service nagios restart
References
http://nagios.sourceforge.net/docs/3_0/monitoring-windows.html
http://www.thegeekstuff.com/2008/07/how-to-monitor-remote-windows-machine-using-nagios-on-linux/
Filed under: Linux, WinOS | |Comments off
Over the weekend, Google and Yahoo searches were all redirected to some shopping and porn sites on one of the laptops. Tried various anti malwares (AVG, Spyware Terminator, Adware) to no avail. Finally, I found that system32/drivers/etc/hosts file was modified and a long list of Google and Yahoo domains got redirected to various sites. But the hosts file was locked. It can not be modified or deleted although it can be renamed. Rename the hosts file fixed the problem. I also took the precaution to make the hosts file read only hoping it won't get modified again.
Filed under: WinOS, security | |No Comments