Quote:
- changing Tcpip's Hostname and NV Hostname and restarting the Dhcp service is enough to "forge" DHCP option 12
- using MOVE /Y to update copies of existing files overwrites their creation and access timestamps
- marking prefetch files as +s prevents writes to them
- Acrylic DNS Proxy caches NX responses from upstream
- deleting directories from IrfanView's thumbnail browser's tree view always sends them to the Recycle Bin
- using Unlocker to close handles on files that were recently uploaded by Firefox (<input type="file"> fields) can cause Explorer.exe to crash!
- using Unlocker to close individual file handles when opened on a drive root seems very broken: not everything is unlocked, and non-selected entries are also affected!
- killing the "FileInfo" filter driver prevents the SysMain (SuperFetch) service from starting, even if the dependency is removed in the registry
- EEE (Energy Efficient Ethernet) can prevent detection of link status when connected directly to another computer
- DisplaySwitch.exe parameters: "/internal" or "1" to use the primary display only, "/clone" or "2" to mirror the primary display on a second screen, "/extend" or "3" to expand the desktop to a secondary display, "/external" or "4" to switch to the external display only
- setting Nmap's TTL so that it drops to 0 right as it hits the target (i.e. is identical to the amount of hops) may uncover currently unused ports for which router port forwarding mappings exist: those will show as "time-exceeded", while unused and unmapped ports are either "no-response", "reset" (TCP only) or possibly "port-unreachable". Using a normal TTL value can also give these away if the router returns ICMP "host-unreachable" messages. Note neither behavior is guaranteed
- Windows drops packets with destination port 4500/udp (and reportedly 500/udp?) or IP protocols 50, 51 and 250 if the IKEEXT service and/or IPsec functionality are disabled?
- Nmap: the right way to separate multiple target IPs in Nmap is spaces, not commas. To be more specific, ranges can be set for any IP address octet (e.g. 192.168.0-255.1-254 or 192.168.3-5,7.1) and "[e]ither side of a range may be omitted; the default values are 0 on the left and 255 on the right[; u]sing - by itself is the same as 0-255". And --resolve-all scans all IPs that a hostname resolves to instead of the first one
- Java: -Xdisableexplicitgc disables explicit System.gc() calls, and as of Java 11, -XX:+UnlockExperimentalVMOptions -XX:+UseEpsilonGC disables garbage collection completely by using the Epsilon no-op GC
- BiglyBT stores the IP and port of every peer it has ever connected to as "resume data", on a per-torrent basis, as controlled by the "Use Fast Resume mode", "Save peer connections for quick reconnects" and "Max peers to save" settings
- under Firefox at least, pressing Ctrl+V in the Yandex Image Search form uploads the image on the clipboard if there is one, even without the "extract canvas data" permission
- when doing TCP pings with Nping, the IP and TCP headers are always identical, therefore the source port is always the same, therefore Wireshark flags all pings after the first series as suspected retransmissions; using --data-length doesn't change this because the random payload is reused. Also, unlike with Nmap, the MSS TCP option is not set in packets
- uTorrent has significant clock drift, +385s has been observed after running for 103d, and this occurs irrespective of adjustments to the system time
- changing NTFS ACLs on files resets their "archive" (+a) attribute
- holding Ctrl while IrfanView is in slideshow mode makes it advance 5 steps instead of 1
- loading remote (HTTP, FTP) resources through the ComDlg32 file open dialog presumably goes through WinInet; it uses WebCache and writes "Temporary Internet Files" irrespective of the request's success
- if you rename a Windows executable to have a .com, .scr, .bat or .cmd extension, it will still work, and if called from a batch file, it can have any extension
- tskill can't kill processes whose name starts with a number (it gets interpreted as a PID) or is longer than 18 characters. If given a trimmed name, it will kill everything whose first 18 characters match it!
- this may seem obvious, but crazy Nmap scans (large values for --min-hostgroup --min-parallelism --min-rate, -T5, -p -, combinations thereof) can crash routers :)
- clicking on the Wireless Network icon in the Windows Mobility Center to scan for and/or connect to a network runs rundll32.exe (presumably `rundll32.exe van.dll,RunVAN')
- pressing Ctrl+MWheelUp and Ctrl+MWheelDown with the desktop focused changes icon size with greater granularity than the regular small/medium/large values
- Winamp: with the AudioCoding.com in_mp4 plugin, keeping a M4A/AAC file paused at position 0:00 is not enough to prevent Audiodg from going inactive
- canceled WLAN connection attempts (get to the "Type the network security key" box, press Cancel) are logged as "Failed to Connect"
- a "ScanCount" DWORD value in the registry is increased by one when hard disks are redetected? Very little information is available online
- to prevent devices from waking up the computer, run `for /f "usebackq delims=" %a in (`powercfg /devicequery wake_programmable`) do powercfg /devicedisablewake "%a"' and see that all instances of WaitWakeEnabled in the registry are set to 0x0
- for at least some Realtek WLAN adapters, the RFOff registry value can be DWORD (Windows "turn wireless off") or REG_SZ (possibly from the driver, untested), values are 0 or 1 in either case
- Linux: ARP entries for a network interface can be completely removed (vs. marked as incomplete with `ip neigh flush') by running `ip link set arp off dev $INTERFACE ; ip link set arp on dev $INTERFACE' or `ifconfig $INTERFACE -arp ; ifconfig $INTERFACE arp'
- closing vmware-vmx.exe file locks/handles eventually causes strange issues to start occurring, like not reacting to Ctrl+Alt+Enter when input is grabbed, ignoring requests to disconnect removable devices, freezing when settings changes are attempted...
- Nmap SYN Stealth scans fail if the default gateway isn't in the ARP cache. This is almost never a problem, but it can happen if the cache entry expires and there are no open programs generating traffic to refresh it
- Nping: assuming 20-byte IP and TCP headers and a 1500-byte MTU, we can add --data-length 1460 to "fill" a packet to its maximum size and avoid reducing WLAN throughput on ping targets, etc.
- some Nmap undocumented parameters include: --noninteractive, --nogcc, --route-dst, -I, --thc, -oH, --ff, --deprecated-xml-osclass
- Tor Browser: the firefox.exe main process starts using 100% CPU if the tor.exe process crashes and has to be restarted? Such crashes are rare, but this has been observed several times
- Windows Mobility Center never adds or removes tiles after startup, it only updates available ones. Therefore, at least one monitor with ACPI brightness control, audio output device, battery and wireless network adapter should be online before starting it
- "sparse" is a file attribute (displayed as P in Explorer) and remains even after a file is "complete"