PS-Tools Sysinternals: PsInfo.exe, ComputerInfo.exe and Psping.exe ICMP test mode

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
foreign [Music] [Music] ER pool and this channel is dedicated to I.T students I.T professionals and anyone who enjoys learning technical subjects [Applause] thank you [Music] [Applause] when I started on this journey doing PS tools from CIS internals I really didn't know how many videos I would do and then I hit PS ping and wow so we're going to be doing latency bandwidth we're going to explain and show you how to set up a PS Ping Server and what that entails we're going to be looking at histograms and how to collect data when you go to our Channel if you slide down we have a section for members only so if you become a member it's secure and safe 299 per month as of this video we're up to 55 members it's a safe secure way of supporting channel that produces content that is helpful to you very fascinating tool that provides the it professionals some really significant information about it now PS info to remotely gather information about any device on the network including the type of installation kernel build number system uptime register owner organization number of processors and type and amount of memory and much more at the time that Mark rezinovich wrote PS info it was really a great tool but because it pulled up basic information about the system you're troubleshooting and you could do it remotely relatively easy you could even create a text file with a list of servers list of PCS and it will just go through that text file and produce this information it also allows you to format that information into something like a CSV text file the time that Mark wrote this tool there wasn't a big issue of having remote registry access available today that's a No-No it's a security risk having remote registry access service enabled is almost non-existent today in most environments it's that service is disabled so this tool becomes handicapped because it needs that service but I'm going to show you how to get around that very easily with today's environment still use the tool for your advantage let's take a quick look at syntax backslash backslash the remote computer you can do at file and then have a file and a path to a text file with a list of computers or servers that you want to run PS info against you can use an optional username and password minus U minus B and then this is really important especially for servers minus H show a list of install hotfixes desktops and laptops rarely use hotfixes there are occasions where you do but on servers this is more common and that can be a big problem so having the ability to pull up hotfixes very easily is really nice with PS info showed a list of your installed apps again very nice show your disk volume information how many times have you troubleshot a remote user or a user or they have 250 megabytes of free space left on their C drive this is very very nice and it runs command line so it doesn't have the GUI impact on the system when it runs it's all very low resource impact to run this investigation of hardware and operating system parameters on that that machine you can also minus C you can print in CSV format here I've run it on my local admin station so PS info Dash H which is hotfix dash s installed software Dash D which is your disk and I can look and see my uptime windows version product product version all stuff that can be very very helpful processor type processor speed when a system root which is very helpful if you've got a developer who has installed Windows a very different way I can see all my drives and most importantly I can see my free space and I can look at any hot fixes which are none and then various applications which could be a problem I can scroll through the applications on that machine here I'm going to run it against an IP address remotely and you can see my problem because the remote registry service is disabled today across the board it's a security risk you can see it's not going to work but I'm going to show you a way to get around that and still use the tool as I've already discussed a remote registry service is typically disabled in today's environment on the other hand Windows Remote Management Service is typically enabled and deployed via Group Policy so that administrators can do their work remotely across their Enterprise and their domain we're going to use that Windows Remote Management Service to actually get around the problem of PS info so here I have a laptop on the network and the user has sent an help desk ticket in concerning a problem I'm going to launch my Powershell with administrative rights and I'm going to go ahead and start a Powershell remote session and then the computer that I want to start this remote Powershell session with you notice my prompt now is showing this remote computer when 11 ENT vm18 so I have a Powershell environment on that remote computer so now I can do PSM I'll look at the disk space so here I can see that they've got 71 percent free disk space so my perception of the problem has changed they've got plenty of free desk space it must be something else and so I can tackle the problem another way but this is a way of getting around that service that we no longer really can use another helpful utility allows you to pull up system information like PS info is a built-in utility that's in all your operating systems client server no install no download and it's called system info and notice it has a remote capability forward slash S put in the name of the computer or the IP address you can also assign a different username and password if you want to log in with domain rights you can also format your output let's take a look at system info now back to my administrative Powershell notice I'm still in that remote laptop and I want to close out that remote Powershell session that I have running in that laptop memory that won't go away until they reboot so good policy would be go ahead and exit this remote session and notice my prompt goes back to my local Powershell now I'm going to go ahead and do System Info yes and this time I'll do the same thing when and I'll just hit enter notice again my error message so we see that firewalls block the use of system information when I try to use it remotely so I can go back to remote Powershell and do this again now I'm back into that Remote device and this time I can do system info and I'm running it locally and it gives me a lot of great information about that PC this is a lot of Rich information very helpful for help desk or working with Hardware on a server or any Windows environment you get boot time you get bias biased version you get the windows directory you get the system directory you can see the boot device so if you're working on a server you can see which disk is booting the server here I see time zones so I can make sure that this particular PC is in sync with the domain very helpful here I can see what domain controller log this PC on which is very nice I can see my ip6 and ip4 address as well as my DHCP server for my help desk point of view this is fantastic now in the video notes I will have lots of very cool examples that you can use if you really like System Info different things that you can do to extract specific information using this utility another fantastic tool for help desk is get computer info and I'm still in this remote Powershell session on this laptop so let's go ahead and use Powershell this gives me incredible amounts of information just almost overwhelming but you have just about everything you would want to know concerning this PC or This Server so this is a very comprehensive audit of the hardware the operating system and things about that PC that can be very helpful in troubleshooting one feature I like about the Powershell extraction of information is it allows me to see is secure boot enabled is it a UEFI platform a lot of the security components enabled in the operating system or disabled in the operating system that is extremely helpful we're going to be looking at PSP right now at present when this was recorded we were looking at version 2.12 psping is a command line utility that allows admins I.T professionals to perform Network latency tests reliability tests bandwidth test as well as connectivity tests you can take PSP and apply it in many many practical ways latency measurements bandwidth testing firewall rule testing packet loss detection TCP handshake monitoring route path analysis I have enlist over 15 practical applications where you can use psping to perform things that we need done now PSP is not the only tool in these practical applications sometimes there's additional features utilities and tools maybe some calculations needed but PS ping is definitely involved in every one of these 15 practical applications for the ID Pro for example if you're a member of our Channel you actually get the video notes and here I walk through one of those practical uses of PSP and where I'm troubleshooting the TCP stack and I walk you through step by step how to do that I also walk you through how to use the PSP to test firewall rules members will also be able to see how we're going to use PSP to monitor TCP handshake now a lot of the information that we are presenting in this video series is also augmented by our reading and studying of the troubleshooting with Windows system internals book that Mark and Aaron wrote to supplement and give more information about this this internal Suite without that information we would have been forced to only use what's on Microsoft's website which is absolutely Bare Bones you can get this book on Amazon I've got a link I've also got the ISBN numbers if you'd like to look for it at your favorite bookstore now if you remember in my first video on PS tools I ranted just a little bit about my frustration with Microsoft documentation in the fact that they give you so little information about their utilities you can't complain they do give us the utilities and they give you a little bit on the syntax but it's just to me it's very frustrating as an I.T professional to try to have to spend hours of trying to figure out what the utility can really do what it can't do because Microsoft will not include that information on their documentation but let me give you a clear example of what I'm saying this is Microsoft's website this is concerning psping icmp usage in other words we're going to be using just like the Ping command look at the syntax that's what you get from Microsoft let me show you what I get from the textbook that I just showed you this is the exact same set of syntax notice the amount of information that I have concerning each of these syntax and arguments that I have here an enormous amount plus the book gives me a great deal of information to understand things that I really would like to know about the utility I don't get that on Microsoft's website and many times you spend a lot of wasted time trying to figure this out because Mike Microsoft will not give it to us now PS ping will allow you to test connectivity just like the Ping command but much better we'll see why you can also use TCP as a test function icmp is a test function and as we get into bandwidth and latency we're going to see that we can use UDP also it supports ipv4 IPv6 it allows us to test bandwidth allows us to test latency and from latency measurements you can calculate Jitter it reports time with an accuracy of about 0.01 millisecond about a hundred times better than ping it can also create histograms which allows you to take the data that you receive from the command and the utility and plot it in Excel dsping has four test types one using icmp just like Ping command it also has using pest connectivity using TC P it also has a latency test and bandwidth test to see the parameters of them you would use these switches to show you the help and parameters for each of these test types at the bottom of the table is shown what's known as the psping server and that's going to be used when we do latency and bandwidth test now remember psbing has four test modes One is psping using the protocol icmp and here are the syntax that we use when we want to use PSP and we're going to Leverage The protocol icmp in order to bring Clarity on these arguments I'm going to bring this computer this is a 192.168 0.141 and then I'm going to use my admin station to actually demonstrate all of these syntax as we ping this device on the network so I'm going to start off with PS ping and just simply put in the IP address of this device and you can see it goes out and starts with a warm-up and then it begins to do a 32 byte packet four times and we can see the response time so it looks and acts a lot like a ping command except ping doesn't give a warm-up whereas PS ping does we're going to start with the argument Dash I which is intervals in seconds and we're just going to tell it ping every two seconds I'm going to pull up the command and just add the minus I and we'll put in a 2 and we'll go ahead and it will ping every two seconds it will then ping another time and so it basically does same thing as ping except now we can control the the intervals in seconds on how often it pings this is really handy if you want to get measurements over a long period you could add 10 seconds Dash L allows me to decide the size of the packet as I am sending it out and receiving it so I could do it in kilobytes or megabytes whatever size packet I want to use larger packets give you a better sense of congestion so smaller packets really don't give you as good of an idea of a congested router as large packets do so I'm going to add a large packet size and we'll take a look so you can look at my command PSP Dash I will leave it at two seconds and then we're going to change our packet size from 32 bytes to 1500 bytes and again the same let's go ahead and hit enter it still does the warm-up which ping does not do you can look because we're dealing with a switched environment you really don't see a big difference between when I did 32 bytes up here versus 1500 bytes down below there's only a switch between myself and the virtual machine that we're testing so we're not expecting huge changes if I'm interested in the number of pings rather than the interval per second I could do a dash n and then put some value 10 100 1000 now if I add s to the end of the number then it specifies seconds not the number of pings here I'm going to remove the interval and I'm just going to add dash n and we're going to do a thousand pings with a packet size of 1500. again I'm on a switch Network you don't see really any major difference but you can see this will go on for a long time now I can end this by just doing a control C and it stops that's always your go-to if you want to stop psping at any process control C ends the process if I don't want any display while this is happening you can see this would display for a thousand pings if I don't want any display just go ahead and do it I can use the dash queue I left everything the same I'm going to come down here and add Dash Q so that it won't display anything until it's all completed so here it's now shown me percent done and it's showing me iterations and this will sit here for a while because I've got a thousand it is giving me the information about how much is being completed but you can see nothing is displayed because I said don't do it until it's finished I'm going to hit Ctrl C now if I can force the use of ip4 I can force the use of ip6 I can add warm up ping so that if I want 10 warm-ups I can do that I can also add histogram information and collect data keep in mind this is still using icmp protocol so it's limited it will not go through a lot of firewalls on the internet it can be blocked or dropped so just be aware psping in the icmp test mode has a lot of the same limitations that ping has also so this morning I did a psping using icmp to microsoft.com from Orlando Florida and you can see the latency how long it took to get to Microsoft about 213.13 milliseconds and it varied a little bit and then it shows me my minimum my maximum my average how many were sent how many received how many were lost we're going to look at PS ping using TCP now keep in mind when we use PSP with TCP we have to have a port number that we can use to use this tool for example if we're dealing with the internet and we're wanting to use psping in the TCP test mode then we have to know a port number that we can use now that's pretty easy on the internet in terms of websites because we can pretty much use 443 or https it will ping that web server using TCP this many times avoids firewall blocking which is why that's very helpful and why this one feature of PSP makes it so much more effective than icmp you use PS ping the arguments are very similar to what we saw with icmp so there's not a lot of change in those but remember we must use a port number in order to activate the TCP test mode so let's get started I'm going to do a PS ping so in order to find out Microsoft's IP address I'm just going to PS ping www.microsoft dot com and it will give me as 97 1763 142 now I can use psping and instead of using the name I'm going to use the IP address 96.17.63.142 and I'm going to use the colon number 443 and now I'm going to Ping that https site and so now I'm actually using TCP and you can see below TCP to connect to that web server using Port 443 so this is typically the port you would use for an internet web server bsp does one warm-up ping and does four pings based on a 32-bit packet if I would like to test congestion in the routers between me and Microsoft I'm going to make that packet size larger so let's do it I'm going to come back here and use the dash L and raise it up to 1500. 1500 bytes packet size and we'll do the same thing and notice it didn't like that it when I tried to use a larger packet size the host said no not going to do that so sometimes hosts can just simply say I'm not going to participate in this connection this time I reduced it from 1500 to 150 I'm going to see if Microsoft site will buy it no they didn't like that one either so as I added the size of the packet and tried to Ping that 443 it just said no we're not going to play that game which is good it tells me that their security is pretty good here I've done the dash n which means I'm going to do this and how many numbers of pings do I want to specify and I'm going to put a hundred and still we'll see whether Microsoft's website will accept it and it looks like it is I left the packet size at 32 bytes and it looks like it's going to take it so here we've got a hundred pings I'm going to go ahead and cancel that but you can see that as long as I didn't send it a big packet it was okay with 32 byte now here's an example where I'm using psping and a port number to test my DNS server I'm using a public Cloud flares DNS server and it's 1.1.1.1 and I use the colon 53 which is the DNS port number for TCP and it allowed me to test the response of that DNS server so there are other ports that I can use if I understand what I'm doing in this case I knew that 1.1.1.1 is a DNS server and would respond Port 53. so what if I want to use psping using TCP and ping a server on my local area network gets more tricky because my firewall is up on the server and I need to understand what port number is available on my server that will respond to a TCP ping let's take a look at some practical uses for PS ping with its TCP Port capability obviously we can use it for basic connectivity testing some application and you know it's port number you can use it to test the connectivity is it there is it up you can also test with multiple iterations so you can test multiple times to determine the stability of the application or the circuit to the data center we know with PSP ping we can choose intervals of pings the number of pings the packet size and packet size gets a little bit tricky because a lot of applications if you send that large packet it's going to say now I'm out of here so just keep your packet size small you can also take a script so that you can connect to multiple ports sequentially or concurrently to make sure that those services are up you can dump it into a text file and then review that whenever you want to you can also monitor packet loss you can use task scheduler and run a PSP ping against your circuit you may have an MLs circuit you want to test that service level agreement or a VPN circuit for the same purpose if you have two data centers that you have applications on you may want to compare latency between those two data centers many companies use load balancers where they have multiple servers behind the load balancers and you want to send out packets to make sure that load balancer is Distributing those incoming requests across your servers accurately and then firewalls if you've got a firewall on your Amazon cloud or firewall on your Azure account you want to go in there and test those open ports and close ports to verify things are working correctly many times it's difficult to understand what port your applications in the data center in the cloud or in your server room are actually using this is my quote server it's just a virtual machine but I'm going to use a great application called TCP view it's from cyst internals and I'm going to run it as an administrator you don't have to run it as administrator you can just run a user and what it does is it gives me a great graphical view of this device I can see all of the software modules that are running on this particular device in this case this is a Windows 11 box but it would look very similar if I was looking at a server and then it gives me the process ID for that software then I can see I'm using the TCP protocol and here's the key thing it's got a listen state that tells me that that module is using TCP and it's on the network listening that's the software that I can ping or send a connectivity packet to now whether it will receive it or not is part of our expiration we're going to find out does this software respond to a psping packet over here in the column here I've got the port number here I can see that it's listening that tells me firewall rules are open you can't listen if the firewall is down so those ports all of these ports over here for I have listening and local port numbers I know the firewall is open so I can use any one of those to ask for stability test connectivity is it up if this is a server behind a load balancing I can ping these ports so let's let's quickly try that here's my admin station I'm going to do PSP ping PS ping 192.168.0.120. I want to go ahead and go after that first local Port 135 and see if it responds and it does so I could use that Port I know that module software responds to this PSP ping so this is how I would go through the software on a server or a host on my cloud or wherever it is I would look for the module of software what protocol it's using is it listening and then the port that it's using and then I can use PSP ping to test the various things that we just talked about [Music] foreign [Music] [Music] [Music] [Music]
Info
Channel: TechsavvyProductions
Views: 1,893
Rating: undefined out of 5
Keywords:
Id: KG1NUU829eQ
Channel Id: undefined
Length: 29min 32sec (1772 seconds)
Published: Sun Sep 17 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.