Useful 'Netsh' Commands In Windows

Useful 'Netsh' Commands In Windows

Netsh is a powerful and indispensible command-line tool for updating Windows network configuration settings. However, the variety of options available with Netsh can make it confusing to work with. In this column, I'll show you ten ready-to-use examples of Netsh commands for some of the most widely used network functions. For more information about Netsh, you can download "Windows Server 2008 Network Shell (Netsh) Technical Reference"from the Microsoft Download Center.

 

10. Show the system's current IP configuration—You can use the following command to see if the system is using DHCP or static addressing as well as to show the system's current IP address, submask, gateway address, and DNS server:

netsh interface ip show config 

9. Configure a remote system—One of the best features of the Netsh command is its ability to work with remote systems as easily as it can local systems. The set machine command changes the computer that the Netsh command operates on to a different system on the network. For this command to work, you need to be logged on with an account that has administrative rights on the remote system:

netsh set machine win2008-2 

8. Working with IPv6—Netsh commands work with both Windows IPv4 and IPv6 network stacks. To display your system's IPv6 address, use the following Netsh command:

netsh interface ipv6 show address 

7. Enable and disable Windows Firewall—Netsh can work with the built-in Windows Firewall. With the release of Windows Server 2008, the older Netsh firewall commands have been deprecated and replaced by the advfirewall commands. The following commands show how to disable then re-enable the Windows Firewall:

netsh advfirewall set currentprofile state off
netsh advfirewall set currentprofile state on

6. Open a firewall port—You can also use Netsh to open ports in the firewall for various applications. The following example shows how to open TCP port 1434 for Microsoft SQL Server access:

netsh advfirewall firewall
  add rule name="SQL Server"
  dir=in action=allow
  protocol=TCP localport=1434

5. Display network adapters and their status—Many of the Netsh configuration commands require you to supply the name of the interface that you want to configure. The default value is usually Local Area Connection, but many administrators and users change this value. To find the name of the system's network adapters or a system's wireless network adapters, use the following commands:

netsh interface show interface
netsh wlan show interface

4. Configure a network adapter to use a static IP address—The following example shows how you use Netsh to set the IP address of the network adapter named Local Area Connection to 192.168.0.100, the subnet mask to 255.255.255.0, and the gateway address to 192.168.0.254:

netsh interface ip
  set address "Local Area Connection"
  static 192.168.0.100
  255.255.255.0 192.168.0.254 1

3. Configure a network adapter with the address of a DNS server—When you change the system's IP address type to static, you typically need to change the DNS configuration as well. This example shows how you use Netsh to configure the Local Area Connection to use a DNS server with the address 192.168.0.2:

netsh interface ip
  set dns "Local Area Connection"
  static 192.168.0.2

2. Add a second DNS server to a network adapter's configuration—Many networks use multiple DNS servers. To add a secondary DNS server with the address 192.168.0.3, use the following command:

netsh interface ip
  add dnsserver "Local Area Connection"
  192.168.0.3

1. Set a network adapter to use a DHCP-assigned IP address—You can also use Netsh to set your system's network adapter to use a DHCP server for its IP address and to dynamically obtain the address of your network's DNS servers. The following Netsh command configures your network adapter to use DHCP and DNS:

netsh interface ip
set dns "Local Area Connection" dhcp


Wireless LAN (WLAN) Commands

One new feature of Windows 7 and Windows Server 2008 R2 is Wireless Hosted Networks. It lets you create a virtual wireless access point (AP) with your wireless adapter, even when connected to a wireless network. Once you enable Internet Connection Sharing (ICS), others can connect to your virtual AP with the encryption key and access the Internet.





You can create and manage Wireless Hosted Networks with Netsh:

  • netsh wlan set hostednetwork:  Define the settings for the Wireless Hosted Network, using the following optional parameters:
    mode = { allow | disallow }
    - ssid = 
    WirelessNetworkName
    key = YourDesiredPassword
    keyUsage = { persistent | temporary }
  • netsh wlan refresh hostednetwork: Set a new WPA2-PSK encryption key. Enter the command followed by the new key.
  • netsh wlan start hostednetwork: Enable and start broadcasting the Wireless Hosted Network.
  • netsh wlan stop hostednetwork: Disable and stop broadcasting the Wireless Hosted Network.
  • netsh wlan show hostednetwork: Print the settings of the Wireless Hosted Network, including a list of connected users.
  • netsh wlan export hostednetworkprofile: Save the Wireless Hosted Network profile as an XML file, using the following parameters:
    Folder = PathandFileName
    Name = WirelessProfileName (as shown when using the netsh wlan show profiles command)

Windows Networking
Figure 1: Setting up and starting a Wireless Hosted Network.

Here are some new WLAN commands to show or print the value of other settings:

  • netsh wlan show allowexplicitcreds: Shows if the computer is allowed to use stored user credentials for 802.1X authentication when a user isn’t logged on to the computer.
  • netsh wlan show createalluserprofile: Shows if users can create wireless profiles for all users, rather than just for their own Windows account.
  • netsh wlan show onlyusegpprofilesforallowednetworks: Displays if only the wireless profiles of Group Policy are allowed when Group Policy is implemented.

Here are a couple more new miscellaneous Netsh WLAN commands:

  • netsh wlan set allowexplicitcreds: Specify if the computer is allowed to use any stored user credentials for wireless 802.1X authentication when a user isn’t logged in, using the following parameter:
    allow = { yes | no }
  • netsh wlan set profiletype: Specify whether only the current user or all users can use the given wireless network profile, using the following parameter:
    name = ProfileName
    - profiletype = { all | current }
  • netsh wlan set blockperiod: Specify the number of minutes (0 – 60) a user must wait to retry after unsuccessfully connecting to a wireless network.
  • netsh wlan reportissues: Create a report in the C:\Windows\Tracing directory for troubleshooting wireless networking issues.

Local Area Network (LAN) Commands

There are only two new Netsh LAN commands, which are the wired version of the two new Netsh WLAN commands:

  • netsh lan set allowexplicitcreds: Specify if the computer is allowed to use any stored user credentials for wired 802.1X authentication when a user isn’t logged in, using the following parameter:
    allow = { yes | no }
  • netsh lan set blockperiod: Specify the number of minutes (0 – 60) a user must wait to retry after unsuccessfully connecting to a wired network.

Windows Filtering Platform (WFP) Commands

The Windows Filtering Platform (WFP) is a new architecture that debuted in Windows Vista and Windows Server 2008. It gives software developers much more access and control over the TCP/IP stack.

Microsoft added a diagnostic tool for the WFP in Windows 7 and Windows Server 2008 R2. It can help you troubleshoot issues with Windows Firewall and IPsec. It runs diagnostic tests and creates a report in XML format. Here are the diagnostic capture commands:

  • netsh wfp capture start: Begins the capturing, and continues until you enter the stop command, with the following optional parameters:
    cab = { on | off }: Specify if the two output files should be  compressed into a .cab file. When not specified, it is set to on.
    traceonly = { on | off }: State if only event tracing data should be captured, reducing the output file size. When not specified, it is set to off.
    keywords = { none | bcast | mcast | bcast+mcast }: Set the type of network traffic to capture. Unicast network traffic is always included, even when set to nonebcast means broadcast traffic and mcast is multicast traffic.
    file = PathAndFilename: Specify the path and filename (without extension) to write the output files.
  • netsh wfp capture status: Shows if a capture session is currently active.
  • netsh wfp capture stop: Stops the capturing session.

Start Windows Capture
Figure 2: Starting and stopping the capturing.

Two persistent options for the diagnostic capturing can be set with the netsh wfp set options command, using the following parameters:

  • netevents = { on | off }: Specify if network events should be included in the diagnostics output. The default value is on.
  • keywords = { none | bcast | mcast | bcast+mcast }: Set the type of network traffic to capture. Unicast network traffic is always included, even when set to nonebcast means broadcast traffic and mcast is multicast traffic.
  • Information about the current WFP and firewall configuration, filters, and network events that’s set when Windows first starts can be displayed with netsh wfp show, using the following commands:
  • netsh wfp show appid: Show the device-based application path for a file, using the following parameter:
    file = PathAndFilename: Define the file path using the standard, i.e. C:\folder\subfolder.
  • ·         netsh wfp show boottimepolicy: Displays the WFP policy and filters that’s set when Windows first starts, before the Windows Firewall with Advanced Security service is loaded, using the following optionally parameter:
    - file = PathAndFilename: Specify where to write the output. If not specified, the filename is btpol.xml. If you enter a dash (-) for the file value, it is written only to the console.
  • netsh wfp show filters: Shows the currently active WFP filters. You can specify the output file (or print to the console) and limit results with the following parameters:
    file = PathAndFilename
    protocol = IPProtocolNumber
    localaddr = IPv4orIPv6Address
    remoteaddr = IPv4orIPv6Address
    localport = PortNumber
    remoteport = PortNumber
    appid = PathAndFileName
    userid = { SID | UserName }
    dir = { in | out }
    verbose = { on | off }
  • netsh wfp show netevents: Displays the list of network traffic events. You can specify the output file (or print to the console) and limit results with the following parameters:
    file = PathAndFilename
    protocol = IPProtocolNumber
    localaddr = IPv4orIPv6Address
    - remoteaddr = IPv4orIPv6Address
    localport = PortNumber
    remoteport = PortNumber
    appid = PathAndFileName
    userid = { SID | UserName }
    timewindow = secondsprevious
  • netsh wfp show options: Shows the value of the netevents or keywords settings, with the following parameter:
    optionsfor = { netevents | keywords }
  • netsh wfp show security: Displays the security descriptor of a selected item, using the following parameters:
    type = { callout | engine | filter | kesadb | ipsecsadb | layer | netevents | provider | providercontext | sublayer }
    guid = GUID
  • netsh wfp show state: Shows the current functioning state of the WFP and IPsec, using the following optionally parameter:
    file = PathAndFilename: Specify where to write the output. If not specified, the filename is wfpstate.xml. If you enter a dash (-) for the file value, it is written only to the console.
  • netsh wfp show sysports:  Displays the TCP and UDP ports currently used by the TCP/IP protocol stack, and the remote procedure call (RPC) subsystem, using the following optionally parameter:
    file = PathAndFilename: Specify where to write the output. If not specified, the filename is sysports.xml. If you enter a dash (-) for the file value, it is written only to the console.

Network Trace Commands

Netsh in Windows 7 and Windows Server 2008 R2 features trace commands to help you diagnose and trace network-related issues. Here are three commands you need to know to use the diagnosis tool:

  • netsh trace show scenarios: Lists the network components you can perform traces and diagnosis on.
  • netsh trace show scenario: Shows the information for the specified scenario, including the attribute(s) for the you can use to perform the diagnosis, using the required parameter:
    name = ScenarioName: Specify the name of the desired scenario.
  • netsh trace diagnose: Starts a diagnostic session that tries to detect the root cause and repair the issue, using the following parameters:
    scenario = ScenarioName (Required)
    namedAttribute = AttributeValue (Required)
    saveSessionTrace = { yes | no }
    report = { yes | no }
    capture = { yes | no }

Save Session Trace
Figure 3: Running a FileSharing diagnosis to see why the LAPTOP computer isn’t accessible.

Here are the commands to perform network traces:

  • netsh trace start: Begins a trace session, using the following optional parameters:
    scenario = Scenario1,Scenario2
    globalKeywords = keywords
    globalLevel = level
    capture = { yes | no }
    report = { yes | no }
    persistent = { yes | no }
    traceFile = Path\Filename
    maxSize = MaxFileSizeInMB
    fileMode = { single | circular | append }
    overwrite = { yes | no }
    correlation = { yes | no | disabled }
    provider = ProviderIdOrName
    keywords = KeywordMaskOrSet
    level = level
    - provider = Provider2IdOrName
    - keywords = Keyword2MaskOrSet
  • netsh trace Stop: Stops the trace session.

Stop/Start Trace
Figure 4: Starting and stopping a trace on the WLAN.

The trace convert and trace correlate commands can help you manipulate the trace files. Plus you might look into the following that can display more information related to tracing and diagnosis:

  • netsh trace show CaptureFilterHelp
  • netsh trace show globalKeywordsAndLevels
  • netsh trace show helperclass
  • netsh trace show interfaces
  • netsh trace show provider
  • netsh trace show providers
  • netsh trace show status
 
* Please use the comment form below. Comments are moderated.*



Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Wednesday, 20 November 2024