Archive for the ‘Windows’ Category

Set Domain multiple alias (Aliases) in IIS on Windows server howto

Saturday, October 24th, 2020

On Linux as mentioned in my previous article it is pretty easy to use the VirtualHost Apache directive etc. to create ServerName and ServerAlias but on IIS Domain multiple alias add too me a while to google.

<VirtualHost *>

In click and pray environments as Winblows, sometimes something rather easy to be done can be really annoying if you are not sure what to do and where to click and you have not passed some of the many cryptic microsoft offered ceritification programs offer for professional sysadmins, I'll name a few of them as to introduce UNIX guys like me to what you might ask a M$ admin during an interview if you want to check his 31337 Windows Sk!lls 🙂


  • Microsoft Certified Professional (MCP)
  • Microsoft Technology Associate (MTA) –
  • Microsoft Certified Solutions Expert (MCSE)-
  • Microsoft Specialist (MS) etc. –

A full list of Microsoft Certifed Professsional program here

Ok enough of  balling.

Here is  how to  create a domain alias in IIS on Windows server.

Login to your server and click on the START button then ‘Run’¦’, and then type ‘inetmgr.exe’.

Certainly you can go and click trough the Administrative tools section to start ISS manager, but for me this is fastest and easiest way.


Now expand the (local computer), then ‘Web Sites’ and locate the site for which you want to add alias (here it is called additional web site identification).

Right click on the domain and choose ‘Properties’ option at the bottom.

This will open the properties window where you have to choose ‘Web Site’ and then to locate ‘Website identification‘ section. Click on the ‘Advanced’¦’ button which stands next to the IP of the domain.

Advanced Web site identification window (Microsoft likes to see the word ‘Advanced’ in all of the management menus) will be opened, where we are going to add a new domain alias.


Click on the ‘Add’¦’ button and ‘Add/Edit website (alias)identification’ window will appear.


Make sure that you will choose the same IP address from the dropdown menu, then set the port number on which your web server is running (the default is 80), write the domain you want, and click ‘OK’ to create the new domain alias.

Actually click ‘OK’ until you have ‘Advanced Web site identification’ and the domain properties windows closed.

Right click on the domain again and ‘Stop’ and ‘Start’ the service.
This will be enough the IIS domain alias to start working.


Another useful thing for novice IIS admins that come from UNIX is a domain1 to domain2 redirect, this is done with writting an IIS rule which is an interesting but long topic for a limited post as like this, but just for the reference of fun to let you know this exist.

Domain 1 to Domain 2 Redirect
This rule comes handy when you change the name of your site or may be when you need to catch and alias and direct it to your main site. If the new and the old URLs share some elements, then you could just use this rule to have the matching pattern together with the redirect target being


That's all folks, if you enjoyed the clicking laziness you're ready to retrain yourself to become a successful lazy Windows admin who calls Microsoft Support everyday as many of the errors and problems Windows sysadmins experience as I heard from a friend can only be managed by M$ Support (if they can be managed at all). 

Yes that's it the great and wonderful life of the avarage sysadmin. Long live computing … it's great! Everyday something broken needs to get fixed everyday something to rethink / relearn / reupdate and restructure or migrate a never ending story of weirdness.

A remark to  make, the idea for this post is originated based on a task I had to do long time ago on IIS, the images and the description behind them are taking from a post originally written on Domain Aliasing in IIS originally written by Anthony Gee unfortunately his blog is not available anymore so credits goes to him.

Use multiple certificates using one IP address (same IP address) on IIS Windows web server

Saturday, October 24th, 2020

If you had to administer some Windows webservers based on IIS and you're coming from the Linux realm, it would be really confusing on how you can use a single IP address to have binded multiple domain certificates.

For those who have done it on linux, they know Apache and other webservers in recent versions support the configuration Directive of a Wildcard instead of IP through the SNI extension capble to capture in the header of the incoming SSL connection the exact domain and match it correctly against the domain with the respective certificate.  Below is what I mean, lets say you have a website called and you want this domain to be pointing to another location for example to

For example in Apache Webserver this is easily done by defining 2 separate virtualhost configuration files similar to below:


<Virtualhost *>


        SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/



<Virtualhost *>



        SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/


Unfortunately for those who still run legacy Windows servers  with IIS version 7 / 7.5 your only option is to use separate IP addresses (or ports, but not really acceptable for public facing sites) and to bind each site with it's SSL certificate to that IP address.

IIS ver. 8+ supports the Server Name Indication extension of TLS which will allow you to bind multiple SSL sites to the same IP address/port based on the host name. It will be transparent and the binding will work the same as with non-HTTPS sites.

In Microsoft IIS Webserver to configure, it is not possible to simply edit some configurations but you have to do it the clicking way as usually happen in Windows. thus you will need to have generated the Domain Certificate requests and so on and then you can simply do as pointed in below screenshots.







Fix Blocked Unresponsive keyboard keys on Windows 7 / 10

Tuesday, February 25th, 2020



The Problem

If you're still using Windows 7 Operating system in your company due to some weird security concern policies and your company gets custom end user updates from Microsoft due to a special EULA agreement and you are new to using Windows E.g. have for many users used for your daily work Linux and Mac OS you might hit a strange issue wtih many of the keyboard keys strangely being locked with some of the keys such as Num Lock, Escape tab working where the Alphabet keys then don't panic. This is not a Windows bug its a feature (as usual) 🙂

Reason behind Blocked Unresponsive Keyboard


First logical thought I had is maybe my Logitech K120 Membrane 17 EURO cheap keyboard externally attached keyboard broke up thus I've tried to connect another LOGIC keyboard I had at hand just to assure myself the problem with partial keys on kbd reacting was present with the other Working keyboard as well.
This was an indicator that either the custom installed Windows by the company Helpdesk Office with the preassumed common additional features for corporations such as Keyloggers on this Laptop has messed up somohow the Windows service that is managing the keyboard or some kind of mechanical error or electronic circuit on the laptop embedded keyboard has occured or the KBD DLL Loaded driver damaged
I have to say here a colleague of mine was having a weird keyboard problems back in the day when I was still working in Project Services as a Web and Middleware in Hewlett Packard, where misteriously a character was added to his typed content just like a key on his keyboard has stuck and he experienced this issue for quite some time, he opened the keyboard to physically check whether all is okay and even checked the keyboard electricity whether levels on each of the keys and he couldn't find anything, and after running Malware Bytes anti-malware and a couple of other anti-malware programs which found his computer was infected with Malware and issue resolved.


Hard Fix – Reboot ..


As as a solution most times so far I've restarted the Windows which was reloading the Windows kernel / DLL libraries etc.

However just hit to this Windows accessibility feature once again today and since this is not the first time I end up with unworking keyboard (perhaps due to my often) furious fast typing – where I press sometimes multiple keys in parallel as a typing error then you trigger the Windows Disabled accessibiltiy Windows Feature, which as I thought makes the PC only usable for Mouse but unusuable for providing any meaningful keyboard input.

This problem I've faced already multiple times and usually the work around was the good known Windows User recipee phrase "Restart and It will get fixed", this time I was pissed off and didn't wanted to loose another 5 minutes in Restarting Reconnecting to the Company's Cisco Secure VPN reopening all my used files Notepad++ / Outlook / Browsers etc plus I was already part of online Lync (Skype) Meeting in which Colleague was Sharing his remote Desktop checking some important stuff about Zabbix Monitored AIX machine, hence didn't wanted to restart but still wanted to use my computer and type some stuff to send Email and do a simple googling.

Temporary work around to complete work with Virtual Keyboard

Hence as a temporary work around, I've used the Windows Virtual Keyboard, I've mentioned it in the earlier  blog post – How to run Virtual Keyboard in Windows XP / Vista article
To do so I'verun by typing osk command in cmd.exe command Prompt:

Either Search for osk.exe from Start menu


or run via command line via

Windows Button (on the Keyboard) + R and run

cmd.exe -> osk




Solution Without PC Restart

After a bit of thought and Googling I've found the fix  here

From the Start -> Control Panel from here I had to go to Accessibility Options.
Select Ease of Access Center.


Select the keyboard settings and
Ensure the following options are unchecked: Turn on Sticky Keys, Turn on Toggle Keys and Turn on Filter Keys.


I've found in the Turn on Toggle Keys tick present (e.g. service was enabled) – hence  after unticking it and 

Press Apply and OK, keyboard restored its usual functions.
Now all left was to  Enjoy as your keyboard was back usable and I could conitnue my Citrix sessions and SSH console Superputty terminals  and complete my started to write E-mail
without loosing time meanlessly for reboot.


Windows 10 Disable the Filter Keys option


This feature makes your keyboard ignore brief or repeated keystrokes, which might have led to your WinKey issue in Windows 10. To disable filter keys, use the instructions below:

1. Right-click on your Start menu icon.
2. Select Settings from the menu.
3. Navigate to Ease of Access and click on it.
4. Go to the left pane and click Keyboard.
5. Locate the Filter Keys feature.
6. Toggle it off.
7. Check if this manoeuvre has resolved your issue.

Closing Notes 

Of course this might be not always the fix, as sometimes it could be that the Winblows just blows your keyboard buffer due to some buggy application or a bug, but in most of the times that should solve it 🙂
If it didn't go through and debug all the other possible reasons, check whether you have a faulty keyboard cable (if you're still on a non-bluetooth Wired Keyboard), unplug and plug the keyboard again,
scan the computer for spyware and malware, rethink what really happened or what have you done until the problem occured and whether blocked keyboard is triggered by your user action or was triggered
by some third party software anti-virus stuff that did it as an attempt to prevent keylog sniffer / Virus or other weird stuff.

Check when Windows Active Directory user expires and set user password expire to Never

Thursday, January 9th, 2020


If you're working for a company that is following high security / PCI Security Standards and you're using m$ Windows OS that belongs to the domain it is useful to know when your user is set to expiry
to know how many days are left until you'll be forced to change your Windows AD password.
In this short article I'll explain how to check Windows AD last password set date / date expiry date and how you can list expiry dates for other users, finally will explain how to set your expiry date to Never
to get rid of annoying change password every 90 days.


1. Query domain Username for Password set / Password Expires set dates

To know this info you need to know the Password expiration date for Active Directory user account, to know it just open Command Line Prompt cmd.exe

And run command:


NET USER Your-User-Name /domain


Note that, many companies does only connect you to AD for security reason only on a VPN connect with something like Cisco AnyConnect Secure Mobility Client whatever VPN connect tool is used to encrypt the traffic between you and the corporate DMZ-ed network

Below is basic NET USER command usage args:

Net User Command Options

Item          Explanation

net user    Execute the net user command alone to show a very simple list of every user account, active or not, on the computer you're currently using.

username    This is the name of the user account, up to 20 characters long, that you want to make changes to, add, or remove. Using username with no other option will show detailed information about the user in the Command Prompt window.

password    Use the password option to modify an existing password or assign one when creating a new username. The minimum characters required can be viewed using the net accounts command. A maximum of 127 characters is allowed1.
*    You also have the option of using * in place of a password to force the entering of a password in the Command Prompt window after executing the net user command.

/add    Use the /add option to add a new username on the system.
options    See Additional Net User Command Options below for a complete list of available options to be used at this point when executing net user.

/domain    This switch forces net user to execute on the current domain controller instead of the local computer.

/delete    The /delete switch removes the specified username from the system.

/help    Use this switch to display detailed information about the net user command. Using this option is the same as using the net help command with net user: net help user.
/?    The standard help command switch also works with the net user command but only displays the basic command syntax. Executing net user without options is equal to using the /? switch.



2. Listing all Active Directory users last set date / never expires and expiration dates

If you have the respective Active Directory rights and you have the Remote Server Administration Tools for Windows (RSAT Tools), you are able to do also other interesting stuff,


such as

– using PowerShell to list all user last set dates, to do so use Open Power Shell and issue:

get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires


This should show you info as password last set date and whether password expiration is set for account.

– Using PS to get only the password expirations for all AD existing users is with:


Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

If you need the output data to get stored in CSV file delimitered format you can add to above PS commands



3. Setting a user password to never Expiry


If the user was created with NET USER command by default it will have been created to have a password expiration. 
However if you need to create new users for yourself (assuming you have the rights), with passwords that never expire on lets say Windows Server 2016 – (if you don't care about security so much), use:

NET USER "Username" /Add /Active:Yes

WMIC USERACCOUNT WHERE "Name='Username' SET PasswordExpires=False




To view the general password policies, type following:




How to clear ARP cache on Linux / Windows for a single IP address / Flush All IPs ARP cache

Wednesday, December 11th, 2019


On times of Public Internet IP migration or Local IPs between Linux servers or especially in clustered Linux Application Services running on environments like Pacemaker / Corosync / Heartbeat with services such as Haproxy.
Once an IP gets migrated due to complex network and firewall settings often the Migrated IP from Linux Server 1 (A) to Linux Server 2 (B) keeps time until a request to reload the Internet server IP ARP cache with to point to the new IP location, causing a disruption of accessibility to the Newly configured IP address on the new locations. I will not get much into details here what are the ARP (Address Resolution protocol) and Network ARP records on a Network attached Computer and how they correspond uniquely to each IP address assigned on Ethernet or Aliased network Interfaces (eth0 eth0:1 eth0:2) . But in this article, I'll briefly explain once IP Version 4 address is migrated from one server Data Center location to another DC, how the unique corresponding ARP record kept in OS system memory should be flushed in the ARP corresponding Operating System so called ARP table (of which you should think as a logical block in memory keeping a Map of where IP addresses are located physically on a Network recognized by the corresponding Unique MAC Address.

1. List the current ARP cache entries do

Arp is part of net-tools on Debian GNU / Linux and is also available and installed by default on virtually any Linux distribution Fedora / CentOS / RHEL / Ubuntu / Arch Linux and even m$ Windows NT / XP / 2000 / 10 / whatever, the only difference is Linux tool has a bit of more functionality and has a bit more complex use.
Easiest use of arp on GNU / Linux OS-es is.

# arp -an 

The -a lists all records and -n flag is here to omit IP resolving as some IPs are really slow to resolve and output of command could get lagged.

2. Delete one IP entry from the cache

Assuming only one IP address was migrated, if you want to delete the IP entry from local ARP table on any interface:

# arp -d

It is useful to delete an ARP cached entry for IP address only on a certain interface, to do so:

# /usr/sbin/arp -i eth1 -d


3. Create ARP entry MAC address with a static one for tightened security

A useful Hack is to (assign) / bind specific Static MAC addresses to be static in the ARP cache, this is very useful to improve security and fight an ARP poisoning attacks.
Doing so is pretty easy, to do so:

Above will staticly make IP to always appear in the ARP cache table to the MAC 00:50:ba:85:85:ca. So even if we have another system with the same MAC
trying to spoof our location and thus break our real record location for the Hostname in the network holding in reality the MAC 00:50:ba:85:85:ca, poisoning us
trying to make our host to recognize to a different address this will not happen as the static ARP will be kept unchanged in ARP caching table.


 # arp -s 00:50:ba:85:85:ca


4. Flush all ARP records only for specific Ethernet Interface

After the IP on interface was migrated run:


# ip link set arp off dev eth0 ; ip link set arp on dev eth0


5. Remove a set of few IPs only migrated ARP cache entries


# for i in; do sudo arp -d $i; done

Once old ARP entries are removed the arp command would return as:


linux:~$ arp
? ( at <incomplete>  on eth1
? ( at <incomplete>  on eth2

The / entry now shows as incomplete, which means the ARP entry will be refreshed when it is needed again, this would also depend
on the used network switches / firewalls in the network settings so often could take up to 1 minute or so..


6. Flush all ARP table records on Linux



# ip -s -s neigh flush all


7. Delete ARP Cache on FreeBSD and other BSDs

# arp -d -a 


8.  Flush arp cache on Windows

Run command prompt as Administrator -> (cmd.exe)  and do:

C:\> ipconfig /all
netsh interface ip delete arpcache


9. Monitoring the arp table

On servers with multiple IP addresses, where you expect a number of IP addresses migrated to change it is useful to use watch + arp like so:

# watch -n 0.1 'arp -an'

The -n 0.1 will make the arp -an be rerun every 10 miliseconds and by the way is a useful trick to monitor stuff returned by commands that needs a higher refresh frequency.


In short in this article, was explained how to list your arp cache table.The arp command is also available both on Linux and Windows) and as integral part of OS networking it is useful to check thoroghfully to its man page (man arp).
Explained was how to create Static ARP table records to prevent ARP poisoning attacks on a server.
I went through how to delete only a single ARP records (in case if) only certain IPs on a host are changed and an ARP cache entry reload is needed, as well as how to flush the complete set of ARP records need to get refreshed, sometimes useful on networks with Buggy Network Switches or when completely changing the set of IP-addresses assigned on a server host.

A Concise and Complete Strategy to Earn Microsoft MCSE: Core Infrastructure Certification

Wednesday, August 21st, 2019


This article is going to be a bit astray from Linux but as recently, there are so many jobs offered for Windows administrators, I believe it will be useful for sysadmins, who are more interested in Windows sysadmin job, so lets get through some of the essential Microsoft certificates to give you idea what kind of certificate you might want to enter the world of Windows.

In recent months, Microsoft is by-and-by altering its certification program. But, how does this affect the certification track as a whole? This creates a new breed of Microsoft credentials that are specifically aligned to certain job roles like administrator, solution architect, developer, and functional consultant.

Further, the incorporation of role-based certifications means the phasing out of old certifications tracks like MCSA: Cloud Platform, MCSA: Linux on Azure, MCSE: Mobility and the list continues. All the retired certifications and certification exams are pensioned off to reflect the newest technologies and advancements, which are highly needed by different IT job roles.

But even with the changes, Microsoft hasn’t totally ditched some of their previous certification tracks―simply because these are still significant up to the present time. And one of the limited expert-level Microsoft validations that deserve a mention is, without a doubt, MCSE: Core Infrastructure.


The Past and the Present Days of MCSE: Core Infrastructure

MCSE: Core Infrastructure is certainly the best way to certify your expertise in managing more complex and modern IT technologies, including data center, system and identity management, storage, virtualization, and networking.

To get you ready, see the functional preparation guide that shows three main steps to earn this MCSE endorsement.

  1. Acquire your MCSA certification

The very first step is to arm yourself with an entry-level credential that declares your foundational understanding of specific IT technologies. This means that you can’t just jump directly to the expert-tier without gaining valuable groundwork, which for this case, is either the MCSA Windows Server 2012 or MCSA Windows Server 2012. Both these certifications are aimed to give you a significant footing in specific Microsoft infrastructure in an enterprise setting, to further improve the business worth and abate unnecessary expenses.

  1. Choose your preferred MCSE certification exam

Next step is to pick from given five MCSE certifications exams: 70-744, 70-745, 70-413, 70-414, and 70-537. Though there are five listed options, only four are available since exam 70-537 hasn’t been released up to now.

  • Exam 70-744

Dubbed as the exam for Securing Windows Server 2016, 70-744 tests how well you utilize various technologies and methodologies relating to server hardening environments and virtual and network machines infrastructure.

Featuring topics such as Active Directory, Enhanced Security Administrative Environment, Local Administrator Password Solution, Threat Detection Solutions, Privileged Access Workstations, and such, the exam serves a remarkable way to fully take a grasp of the security needed in Windows Server 2016.

  • Exam 70-745

If securing Windows Server 2016 does not entice you, there’s another option―exam 70-745, which is implementing a Software-Defined Datacenter. This test is suitable for both analysts and data scientists who’ve got a thing for complex processes and data sets as well as virtual machine manager.

Software-defined networking, software-defined data center, and software-defined storage are three main subjects expounded in this exam. You will learn how to implement, manage, secure, and maintain these various solutions. Accordingly, it’s recommended to have background skills in data structures, programming concepts, R functions, and statistical methods for you to easily take up and pass this exam.

  • Exam 70-413

Next on the list is the test that corroborates your capability in designing and implementing a 2012 Windows Server 2012 infrastructure. Exam 70-413 is part one of a two-series test that revolves around key functions of a server environment.

If you pass this exam, this means that you are fully-furnished with abilities in core topics related to Windows Server 2012, including network access services, server virtualization, deployment, and infrastructure. This is because your skills in creating and implementing both logical and physical active directory infrastructures will be put into test.

  • Exam 70-414

70-414 is the second test of the two-part series exam about Windows Server 2012. This means that you have to complete and pass both exams 70-413 and 70-414 to earn your MCSE.

In comparison to the first exam, this refers to a more complicated server infrastructure in a highly virtualized setting. The exam sets the seal in your command in managing and maintaining advanced server infrastructure. Furthermore, you get to mug up your skills in planning and implementing highly available enterprise and server virtualization infrastructures along with designing and executing identity and access solutions.

   3. Start practicing the exam

Once you’ve decided what exam/s you’ll take, you need to start gathering essential exam materials. Start with books and Microsoft exam guides so that you’ll acquire a deeper understanding of each topic. Training courses are other imperative resources you shouldn’t miss. These are relevant in mounting your knowledge―in a more stimulating and less stressful manner. Either in an instructor-led or self-paced format, these training courses are carved to give you a more advanced yet highly engaging type of learning. And luckily, there’s no need for you to look further because Microsoft provides candidates with official and vital training courses for every exam.

And to accompany your exam preparation, get assistance from Examsnap’s series of practice tests. Featuring the most updated test questions with answers, the practice tests offered by Examsnap are not just limited to one but a lot of files per exam. They have all the MCSE required and current exams, which are 70-744, 70-745, 70-413, and 70-414. With the various files on offer, these give you several options to expand your knowledge bank before the exam day. Since the tests are offered in .ete format, you can train them with the help of the ETE Simulator. This will give you the insight of what is waiting for you at the exam. Moreover, you can practice the file unlimited times, track your results, improve them, thus you’ll be confident in your skills and knowledge and escape nervousness.


And when you pass the required exam/s, you’ll be rewarded with the ever-famous MCSE: Core Infrastructure to your profile. More than that highly-distinguished international credential, you are now qualified for various job roles like information security specialist, computer support analyst, IT administrator, architect, and such. So, keep the ball rolling and tighten your preparation stage for you to earn this amazing Microsoft validation.


Check the count and monitor of established / time_wait TCP, UDP connections on Linux and Windows with netstat command

Wednesday, February 6th, 2019


For me as a GNU / Linux sysadmin it is intuitive to check on a server the number of established connections / connections in time_wait state and so on .

I will not explain why this is necessery as every system administrator out there who had a performance or network issues due to server / applications connection overload or have been a target of Denial of Service (DoS)
or Distributed Denial of Service attacks (DDoS)  
is well aware that a number of connections in different states such as SYN_ACK /  TIME_WAIT or ESTABLISHED state could be very nasty thing and could cause a productive application or Infrastructure service to be downed for some time causing from thousands of Euros to even millions to some bussinesses as well as some amount of data loss …

To prevent this therefore sysadmins should always take a look periodically on the Connection states on the adminned server (and in this number I say not only sys admins but DevOps guys who are deploying micro-services for a customer in the Cloud – yes I believe Richard Stallman is right here they're clouding your minds :).

Even though cloud services could provide a very high amount of Hardware (CPU / Memory / Storage) resources, often for custom applications migrating the application in the Cloud does not solve it's design faults or even problems on a purely classical system administration level.


1. Get a statistic for FIN_WAIT1, FOREIGN, SYNC_RECV, LAST_ACK, TIME_WAIT, LISTEN and ESTABLISHED  Connections on GNU / Linux


On GNU / Linux and other Linux like UNIXes the way to do it is to grep out the TCP / UDP connection type you need via netstat a very useful cmd in that case is:


root@pcfreak:~# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
      1 established)
      1 FIN_WAIT1
      1 Foreign
      1 SYN_RECV
      3 LAST_ACK
      4 FIN_WAIT2
      8 TIME_WAIT
     45 LISTEN


2. Netstat 1 liner to Get only established and time_wait connections state 


Other ways to check only TCP ESTABLISHED connections on Linux I use frequently are:


root@pcfreak:~# netstat -etna|grep -i establi|wc -l



Or to get whole list of connections including the ones who are about to be esatablished in FIN_WAIT2, TIME_WAIT, SYN_RECV state:


root@pcfreak:~# netstat -tupen |wc -l


3. Other Linux useful one liner commands to track your connection types

netstat -n -p | grep SYN_REC | sort -u

List out the all IP addresses involved instead of just count.

netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'


List all the unique IP addresses of the node that are sending SYN_REC connection status.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n


Use netstat command to calculate and count the number of connections each IP address makes to the server.

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n


List count of number of connections the IPs are connected to the server using TCP or UDP protocol.

netstat -ntu | grep ESTAB | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr


Check on ESTABLISHED connections instead of all connections, and displays the connections count for each IP.


netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1


Show and list IP address and its connection count that connect to port 80 on the server. Port 80 is used mainly by HTTP web page request.

Examples are taken from this nice blog post


4. Check the count of esatblished connections on M$ Windows


As I'm forced to optimize a couple of Microsoft Windows DNS servers which are really slow to resolve the
The logical question for me was how the Established and TIME_WAIT state connections then could be checked on Windows OS, after a quick investigation online I've come up with this:


C:\Users\admin> netstat -nao | find /i "estab" /c




C:\Users\admin> netsatt -nao | find /i "time_wait" /c



If you're used to Linux watch command, then to do same on Windows OS (e.g. check the output of netstat) command every second
and print output use:


netstat –an 1 | find “3334”


Below commands will show stats for services listening on TCP port 3334

To find out which process on system sends packets to remote destination:


netstat –ano 1 | find “Dest_IP_Addr”


The -o parameter outputs the process ID (PID) responsible for the connection.
then if you need further you can find the respective process name with tasklist< cmd.
Another handy Windows netstat option is -b which will show EXE file running as long as
the related used DLL Libraries which use TCP / UDP .

Other useful netsatat Win example is to grep for a port and show all established connections for it with:


netstat –an 1 | find “8080” | find “ESTABLISHED”


5. Closure

Hopefully this article will give you some idea on what is eating your bandwidth connections or overloading your GNU / Linux – Windows systems. And will point you to the next in line logical thing to do optimization / tuning
settings to be made on your system for example if Linux with sysctl – see my previous relater article here

I'll be intested to hear from sysadm colleagoes for other useful ways to track connections perhaps with something like ss tool (a utility to investigate sockets).
Also any optimization hints that would cause servers less downtime and improve network / performance thouroughput is mostly welcome.


Export / Import PuTTY Tunnels SSH Sessions from one to another Windows machine howto

Thursday, January 31st, 2019


As I've started on job position – Linux Architect in last November 2018 in Itelligence AG as a contractor (External Service) – a great German company who hires the best IT specialists out there and offers a flexible time schedules for emploees doing various very cool IT advanced operations and Strategic advancement of SAP's Cloud used Technology and Services improvements for SAP SE – SAP S4HANA and HEC (HANA Enterprise Cloud) and been given for work hardware a shiny Lenovo Thinkpad 500 Laptop with Windows 10 OS (SAP pre-installed), I needed to make some SSH Tunnels to machines to (Hop Station / Jump hosts) for that purpose, after some experimenting with MobaXterm Free (Personal Edition 11.0) and the presumable limitations of tunnels of the free client as well as my laziness to add the multiple ssh tunnels to different ssh / rdp / vnc etc. servers, finally I decided to just copy all the tunnels from a colleague who runs Putty and again use the good old Putty – old school Winblows SSH Terminal Client but just for creating the SSH tunnels and for rest use MobaXterm, just like in old times while still employe in Hewlett Packard. For that reason to copy the Tunnels from my dear German Colleague Henry Beck (A good herated collegue who works in field of Storage dealing with NetApps / filer Clusters QNap etc.).

Till that moment I had no idea how copying a saved SSH Tunnels definition is possible, I did a quick research just to find out this is done not with Putty Interface itself but, insetead through dumping Windows Putty Stored Registry records into a File, then transfer to the PC where Tunnels needs to be imported and then again (either double click the registry file) to load it, into registry or use Windows registry editor command line interface reg, here is how:

1. Export


Run cmd.exe (note below command) 

requires elevated Run as Administrator prompt:

Only sessions:

regedit /e "%USERPROFILE%\Desktop\putty-sessions.reg" HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions

All settings:

regedit /e "%USERPROFILE%\Desktop\putty.reg" HKEY_CURRENT_USER\Software\SimonTatham


If you have powershell installed on machine, to dump

Only sessions:


reg export HKCU\Software\SimonTatham\PuTTY\Sessions ([Environment]::GetFolderPath("Desktop") + "\putty-sessions.reg")

All settings:

reg export HKCU\Software\SimonTatham ([Environment]::GetFolderPath("Desktop") + "\putty.reg")

2. Import

Double-click on the 


 file and accept the import.


Alternative ways:



require elevated command prompt:

regedit /i putty-sessions.reg regedit /i putty.reg


reg import putty-sessions.reg reg import putty.reg

Below are some things to consider:

Note !do not replace 


 with your username.


Note !: It will create a 


 file on the Desktop of the current user (for a different location modify path)


Note !: It will not export your related (old system stored) SSH keys.

What to expect next?


The result is in Putty you will have the Tunnel sessions loadable when you launch (Portable or installed) Putty version.
Press Load button over the required saved Tunnels list and there you go under


Connection SSH -> Tunnels 


you will see all the copied tunnels.


Putty load as default session another session – Save other Putty session configuration to default howto

Thursday, November 29th, 2018


Recently I had to use PuTTY which I haven't used for years to open a number of SSH Pernanent Tunnels necessery for my daily work as a SAP Consultant.

I've saved them under a certain new profile and saved the set SSH Tunnel configuration not in the default Session but in separate named one, therefore had to press Load button every time after clicking over my Putty shortcut icon. 

That was annoying and took few seconds out of my life every next morning for about a week, so finally I found osme time to google it and it seemed it is pretty easy to have any Putty sessoin loaded you like.

Here is how:

1. Create a new Putty Shortcut



Click over Putty icon while holding CTRL + SHIFT (Control SHIFT keys simultaneously ) and move the mouse somewhere on the desktop to create the shortcut.

2. Right click on Putty Shortcut




"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"

fill out "target" field of shortcut using above code (alter to your own properties).
click Apply button.

If you need to pass a user and password from Shortcut itself (which is a bad practice for security but sometimes useful, for not so important Tunnels – for example a tunnel to an Open Proxy), do it by typing in the target field like so:

"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"


And Hooray !!! After that when you click on PuTTy shortcut it loads your session automatically using given username and password.