Windows (XP) Network Commands

gazecummingΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

146 εμφανίσεις


Windows (XP) Network Commands



1.

Ipconfig


The Windows IP Configuration tool (ipconfig) is the command
-
line tool. It is used to
display the TCP/IP network configuration values. To open it, enter "ipconfig" in the
c
ommand prompt. If you are connected directly to the Internet, you will obtain your IP
address.

The figure below shows the result for a broadband connection where the IP is assigned
automatically. Here the IP is your computer's temporary address on the Int
ernet.


If you are on a local area network using a router, the information is different. You do not
obtain the IP corresponding to the network's address on the Intern
et. The IP given is the
local

address on the network. This information can be helpful in diagnosing network
problems. Also listed is the "gateway" or router address on the local network. The figure
below illustrates the result.



Switches for IPConfig

There are also a variety of switches for
ipconfig

that add functions. These are invoked by
entering "
ipconfig /{
switch
}
". To obtain a list of switches, enter "
ipconfig /?
" or "
ipconfig
-
?
". These are shown in the figure below.

The switches of most interest to everyday use are "
release
" and "
renew
". Note that IP
addresses are typically assigned or "leased" for a period of time, often a day or more. It
sometimes happens tha
t IP addresses are no longer valid or are in conflict. Problems can
often be solved by first releasing the IP address and then renewing it. Sometimes cable or
DSL modems that seem to be disabled can be restored this way. If you travel and use
broadband con
nections elsewhere, you will often find this procedure of releasing and
renewing the IP address to be necessary.


ipconfig [/? | /all | /release [adapter] | /renew [adapter] | /flushdns | /registerdns |
/showclassid adapter | /setclassid adapter [classidto
set] ]




/all

Display full configuration information.

/release

Release the IP address for the specified adapter.

/renew

Renew the IP address for the specified adapter.

/flushdns

Purges the DNS Resolver cache.

/registerdns

Refreshes all DHCP leases and

re
-
registers DNS names

/displaydns

Display the contents of the DNS Resolver Cache.

/showclassid

Displays all the dhcp class IDs allowed for adapter.

/setclassid

Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and

default gateway for each
adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all
adapters bound to TCP/IP will be released or renewed.

For SetClassID, if no class id is specified, then the classi
d is removed.

Examples

To get your computers local network IP address, subnet mask, and default gateway
typing ipconfig alone will display this information as shown below. Keep in mind this is
only your local network information.

ipconfig

Ethernet adapter

Local Area Connection:


Connection
-
specific DNS Suffix . : hsd1.ut.comcast.net.

IP Address. . . . . . . . . . . . : 192.168.201.245

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.201.1

To get all local networ
k information for your computer use the /all switch as shown
below, followed by the results that would be seen when using this command.

ipconfig /all

Windows IP Configuration


Host Name . . . . . . . . . : COMPUTERH1

DNS Servers . . . . . . . . : 123.45.67
.8

111.111.111.1

111.111.111.1

Node Type . . . . . . . . . : Broadcast

NetBIOS Scope ID. . . . . . :

IP Routing Enabled. . . . . : No

WINS Proxy Enabled. . . . . : No

NetBIOS Resolution Uses DNS : No


0 Ethernet adapter :


Description . . . . . . . . : PPP

Adapter.

Physical Address. . . . . . : 44
-
44
-
44
-
54
-
00
-
00

DHCP Enabled. . . . . . . . : Yes

IP Address. . . . . . . . . : 123.45.67.802

Subnet Mask . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . : 123.45.67.801

DHCP Server . . . . . . . . : 255.
255.255.255

Primary WINS Server . . . . :

Secondary WINS Server . . . :

Lease Obtained. . . . . . . : 01 01 80 12:00:00 AM

Lease Expires . . . . . . . : 01 01 80 12:00:00 AM


1 Ethernet adapter :


Description . . . . . . . . : 3Com 3C90x Ethernet Adapter

P
hysical Address. . . . . . : 00
-
50
-
04
-
62
-
F7
-
23

DHCP Enabled. . . . . . . . : Yes

IP Address. . . . . . . . . : 111.111.111.108

Subnet Mask . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . : 111.111.111.1

DHCP Server . . . . . . . . : 111.111.111
.1

Primary WINS Server . . . . :

Secondary WINS Server . . . :

Lease Obtained. . . . . . . : 11 16 00 12:12:44 AM

Lease Expires . . . . . . . :

ipconfig /displaydns

Running the above command would display all the
DNS

information.

ipconfig /flushdns

Delete all DNS entries.

2.

Ping

Ping

is an old Unix tool that has been around for a long time but many PC users are
unfamiliar with the Windows version.
Ping

sends out a packet to a designated internet
ho
st or network computer and measures its response time. The target computer will return
(hopefully) a signal. It is a way of determining the quality of your connection to another
site. To use ping, open a command window (or DOS in Windows 9X/Me) and type:
p
ing
<hostname>.
For example, to ping Dell enter:
ping dell.com
Please note the use of a
hostname, not a complete URL. The prefix "http://" is never used. Many sites also do not
require "www" . By convention, 32 byte packets will be transmitted four times.
You will
receive a screen output that looks like:


The screen tells me that the IP for
dell.com

is 143.166.83.230 (For the moment, at least.
This can change.) It also te
lls me that the average round trip time for a packet was 69
milliseconds, which means I have a good connection to
dell.com
. Long reply times of
several hundred milliseconds are indicative of a slow connection. Note that some major
sites such as

microsoft.c
om

do not like being pinged and block pings. In that case you
will get a "Request timed out" message.


Syntax

ping

[
-
t] [
-
a] [
-
n count] [
-
l size] [
-
f] [
-
i TTL] [
-
v TOS]


[
-
r count] [
-
s count] [[
-
j host
-
list] | [
-
k host
-
list]]


[
-
w timeout] destination
-
l
ist



Options:


-
t

Pings the specified host until stopped.

To see statistics and continue
-

type
Control
-
Break;

To stop
-

type Control
-
C.

-
a

Resolve addresses to hostnames.

-
n count

Number of echo requests to send.

-
l size

Send buffer size.

-
f

Set D
on't Fragment flag in packet.

-
i TTL

Time To Live.

-
v TOS

Type Of Service.

-
r count




Record route for count hops.

-
s count

Timestamp for count hops.

-
j host
-
list

Loose source route along host
-
list.

-
k host
-
list

Strict source route along host
-
list
.

-
w timeout

Timeout in milliseconds to wait for each
reply.

Examples


ping localhost

Pings the local host, this will allow you to see if the computer is able to send
information out and receive the information back. Note that this does not send
informat
ion over a network but may allow you to see if the card is being seen.

ping
xxx
.
xxx
.
xxx
.
xxx

Allows you to ping another computer where the
x
's are located are where you would
place the IP address of the computer you are attempting to ping. If this is not ab
le to
complete, this should relay back an unsuccessful message, which could be an
indication of cable issues, network card issues, hub issue, etc.

ping google.com

PING google.com (204.228.150.3) 56(84) bytes of data.

64 bytes from www.google.com (204.228.1
50.3): icmp_seq=1 ttl=63 time=0.267 ms


---

google.com ping statistics
---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms


3.

Tracert

Tracert

(traceroute) is another old tool borrowed from Unix. T
he actual path between two
computers on the Internet is not a straight line but consists of numerous segments or
"hops" from one intermediate computer to another.
Tracert

shows each step of the path
taken. It can be interesting to see just how convoluted i
t is. The times for each hop and
the IP addresses for each intermediate computer are displayed. Tracert shows up to 30
hops. It is convenient for finding if there is one particular segment that is causing a slow
or bad connection. A typical command might b
e "tracert dell.com".

The tracert command in MS
-
DOS / Windows is another commonly used network
command to help determine network related issues or slowdowns. Using this command
you can view a listing of how a network packet travels through the network and

where it
may fail or slow down. Using this information you can determine the computer, router,
switch or other network device possibly causing your network issues.


Syntax

tracert

[
-
d] [
-
h maximum_hops] [
-
j host
-
list] [
-
w timeout] target_name

Options:

-
d

Do not resolve addresses to hostnames.

-
h maximum_hops

Maximum number of hops to search for target.

-
j host
-
list

Loose source route along host
-
list.

-
w timeout

Wait timeout milliseconds for each reply.

Examples

Below is an example when we used tracert

on
www.google.com
. As you can see in the
below example, we had a very short list and time to get to its destination because of the
location we are.

tracert google.com

1

169 ms

190 ms

160 ms

slc1
-
tc.xmission.com
[166.70.1.20]

2

159 ms

160 ms

190 ms

cisco0
-
tc.xmission.com [166.70.1.1]

3

165 ms

189 ms

159 ms

www.google.com [166.70.10.23]


4.

Pathping

This command combines functions of
Ping

and
Tracert
.
Pathping

will first list the
number of hops required to reach th
e address you are testing and then send multiple pings
to each router between you and the destination. After that, it computes results based on
the packets returned from each router. Because pathping displays the degree of packet
loss at any given router o
r link, you can determine which routers or subnets might be
having network problems. Note that the whole process may consume 5
-
10 minutes
because many pings are being sent. There are switches to modify the process and these
can be seen by entering "pathpin
g /?" in the command prompt.

Usage: pathping

[
-
g host
-
list] [
-
h maximum_hops] [
-
i address] [
-
n]


[
-
p period] [
-
q num_queries] [
-
w timeout] [
-
P] [
-
R] [
-
T]


[
-
4] [
-
6] target_name

Options:

-
g host
-
list

Loose source route along host
-
list.

-
h maximum_hops

Maximum number of hops to search for target.

-
i address

Use the specified source address.

-
n

Do not resolve addresses to hostnames.

-
p period

Wait period milliseconds between pings.

-
q num_queries

Number of queries per hop.

-
w timeout

Wait timeout mil
liseconds for each reply.

-
P

Test for RSVP PATH connectivity.

-
R

Test if each hop is RSVP aware.

-
T

Test connectivity to each hop with Layer
-
2 priority tags.

-
4

Force using IPv4.

-
6

Force using IPv6.

Examples

pathping google.com

Tracing route to goog
le.com [204.228.150.3]

over a maximum of 30 hops:

0 Hope [192.168.120.101]

1 192.168.120.254

2 ...

Computing statistics for 50 seconds...


Hop


RTT

Source to Here

Lost/Sent = Pct

This Node/Link

Lost/Sent = Pct


Address

0


1


2




0ms


---



0/ 100 = 0%


1
00/100 = 100%


0/100 = 0%

0/100 = 0%

100/100 = 100%

0/100 = 0%

0 Hope [192.168.120.101]



|

192.168.120.254



|

Hope [0.0.0.0]

Trace complete.




5.

Netstat

Netstat

displays the active TCP connections and ports on which the computer is listening,
Ethernet st
atistics, the IP routing table, statistics for the IP, ICMP, TCP, and UDP
protocols. It comes with a number of switches for displaying a variety of properties of the
network and TCP connections.
(One tricky point: the switches must be prefixed with a
minus
, not a slash.)

More detail is

at this page
. One possible use for
Netstat

is to
determine if spyware or Trojans have established connections that you do not know about.
The command "netstat
-
a" will dis
play all your connections. The command "netstat
-
b"
will show the executable files involved in creating a connection. A figure showing all the
switches and syntax is given below.


Syntax

NETSTAT [
-
a] [
-
e] [
-
n] [
-
s] [
-
p proto] [
-
r] [interval]




-
a

Displa
ys all connections and listening ports.

-
e

Displays Ethernet statistics. This may be combined with the
-
s option.

-
n

Displays addresses and port numbers in numerical form.

-
p

proto Shows connections for the protocol specified by proto; proto may be TCP
or UDP. If used with the
-
s option to display per
-
protocol statistics, proto may
be
TCP
,
UDP
, or
IP
.

-
r

Displays the routing table.

-
s

Displays per
-
protocol statistics. By default, statistics are shown for TCP, UDP
and IP; the
-
p option may be used to specify a subset of the default.

interval

Redisplays selected statistics,

pausing interval seconds between each display.
Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the
current configuration information once.

Examples

netstat

Displays all local network information. Below is an example of what m
ay be displayed.

Proto

Local Address

Foreign Address

State


TCP

hope:4409

www.google.com:telnet

ESTABLISHED


TCP

hope:3708

multicity.com:80

CLOSE_WAIT


TCP

hope:4750

www.google.com:80

CLOSE_WAIT

netstat 5

Running netstat with a number after the command

will continue to run the command
until stopped. In this case netstat would be refreshed ever five seconds. To cancel
press CTRL + C.

Notice:

Keep in mind that if you have network applications open, such as the browser
you're using to view this page, addit
ional items will be listed when you run "netstat"
and/or the "netstat
-
a" command. So you may see items from Computer Hope in your list;
if you want a true listing of what is running in the background, close all programs and run
the command.


6.

Nslookup

Thi
s command helps diagnose the Domain Name System (DNS) infrastructure and comes
with a number of sub
-
commands. These are mainly for systems administrators. The
primary interest for average PC users is its use to find the computer name corresponding
to a num
eric IP. For example, if you want to know who is "216.109.112.135" , enter
"nslookup 216.109.112.135" and you will find that it is (or was anyway) a Yahoo
computer. My firewall keeps a log of the IPs involved in the attempts to probe my
computer and I some
times look a few up to see who they are.

Syntax

Commands: (identifiers are shown in uppercase, [] means optional)

NAME

print info about the host/domain NAME using default server

NAME1
NAME2

as above, but use NAME2 as server

help or ?

print info on comm
on commands

set OPTION

set an option

all

print options, current server and host

[no]debug

print debugging information

[no]d2

print exhaustive debugging information

[no]defname

append domain name to each query

[no]recurse

ask for recursive answer to qu
ery

[no]search

use domain search list

[no]vc

always use a virtual circuit

domain=NAME

set default domain name to NAME

srchlist=N1[/N2/.../N6]

set domain to N1 and search list to N1,N2, etc.

root=NAME

set root server to NAME

retry=X

set number of ret
ries to X

timeout=X

set initial time
-
out interval to X seconds

type=X

set query type (ex.
A,ANY,CNAME,MX,NS,PTR,SOA,SRV)

querytype=X

same as type

class=X

set query class (ex. IN (Internet), ANY)

[no]msxfr

use MS fast zone transfer

ixfrver=X

current v
ersion to use in IXFR transfer request


server NAME

set default server to NAME, using current default server

lserver NAME

set default server to NAME, using initial server

finger [USER]

finger the optional NAME at the current default host

root

set curr
ent default server to the root

ls [opt]
DOMAIN [>
FILE]

list addresses in DOMAIN (optional: output to FILE)

-
a

list canonical names and aliases

-
d

list all records

-
t
TYPE

list records of the given type (e.g. A,CNAME,MX,NS,PTR
etc.)


view FILE

sort
an 'ls' output file and view it with pg

exit

exit the program

Examples

This command is often used to perform a
reverse lookup

on an IP address as shown in the
below example. The first section
specifies the server and address of that server that
provided you with the domain name and IP address displayed in the second section.

nslookup 204.228.150.3

Server: ns.google.com

Address: 1.1.1.1


Name: www.google.com

Address: 204.228.150.3


7.

ROUTE

The rou
te MS
-
DOS utility enables computers to view and modify the computer's route
table.

ROUTE [
-
f] [
-
p] [command [destination] [MASK netmask] [gateway] [METRIC metric]
[IF interface]




-
f

Clears the routing tables of all gateway entries. If this is used in co
njunction
with one of the commands, the tables are cleared prior to running the
command.

-
p

When used with the ADD command, makes a route persistent across boots
of the system. By default, routes are not preserved


when the system is
restarted. When used
with the PRINT command, displays the list of
registered persistent routes. Ignored for all other commands, which always
affect the appropriate persistent routes. This option is not supported
Windows'95. command



command

One of these:

PRINT Prints a rout
e

ADD Adds a route

DELETE Deletes a route

CHANGE Modifies an existing route destination

destination

Specifies the host.

MASK

Specifies that the next parameter is the 'netmask' value.

netmask

Specifies a subnet mask value for this route entry.


If not sp
ecified, it
defaults to 255.255.255.255.

gateway

Specifies gateway.

interface

the interface number for the specified route.

METRIC

Specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network
database file
NETWORKS. The symbolic names for gateway are looked up in the host name database
file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be om
itted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination
routes are printed. The '*' matches any string, and '?' matches any one char. Examples:
157.*.1, 157.*, 127.*, *224*.

Diagnostic Notes:

Invalid MASK generates

an error, that is when (DEST & MASK) != DEST.

Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1

The route addition failed: The specified mask parameter is invalid.

(Destination & Mask) != Destination.

Examples

Examples:

> route PRINT

>route


A
DD 157.0.0.0






















^destination

MASK 255.0.0.0














^mask





157.55.80.1








^gateway

METRIC 3
















^metric

IF 2






^Interface

If IF is not given, it tries to find the best interface for a given

gateway.

> route PRIN
T

> route PRINT 157* .... Only prints those matching 157*

> route DELETE 157.0.0.0

> route PRINT

One way to use this would be as follows: You can't ping the server that you are
connecting to, but you know the
ip address

to be 127.16.16.10

>route PRINT

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 14 a4 c3 44 20 ...... Xircom CardBus Ethernet 10/100 Adapter

0x3 ...00 b0 d0 43 55 a5 ...... 3Com EtherLink PCI

0x4 .
..00 01 b0 8f 8f 80 ...... NdisWan Adapter

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1

127.16.8.14
255.255.255.255 127.0.0.1 127.0.0.1 1

192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2

192.168.50.65 255.255.255.255 127.0.0.1 127.0.0.1 1

192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1

224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1

22
4.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1

255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1

** notice that no gateway for the current ip goes to 255.255.255.0, so it must be added.
Now do the below command.

>route ADD 127.16.0.0 MASK 255.
255.255.0 <your current ip from winntcfg or
winipcfg> METRIC 1

**Then do the below command:

>route print

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1

** 127.16.0.0 255.255.255.0 127.16.8.14 127.16.8.14 1

127.16.8.14 255.255.255.255 127.0.0.1 127.0.0.1 1

192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2

192.168.50.65 255.255.255.255 127.0.0.1 127.0
.0.1 1

192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1

224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1

224.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1

255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1

**Notice the ** ip address giv
es me the default gateway



8.

NBTSTAT

The nbtstat MS
-
DOS utility that displays protocol statistics and current TCP/IP
connections using NBT.

Syntax

NBTSTAT [ [
-
a RemoteName] [
-
A IP address] [
-
c] [
-
n] [
-
r] [
-
R] [
-
RR] [
-
s] [
-
S]
[interval] ]

-
a

(adapter status
) Lists the remote machine's name table given its name

-
A

(Adapter status) Lists the remote machine's name table given its IP
address.

-
c

(cache) Lists NBT's cache of remote [machine] names and their IP
addresses

-
n

(names) Lists local NetBIOS names.

-
r

(resolved) Lists names resolved by broadcast and via WINS

-
R

(Reload) Purges and reloads the remote cache name table

-
S

(Sessions) Lists sessions table with the destination IP addresses

-
s

(sessions) Lists sessions table converting destination IP addr
esses to
computer NETBIOS names.

-
RR

(ReleaseRefresh) Sends Name Release packets to WINs and then, starts
Refresh

RemoteName

Remote host machine name.

IP address

Dotted decimal representation of the IP address.

interval

Redisplays selected statistics,
pausing interval seconds between each
display. Press Ctrl+C to stop redisplaying statistics.

Examples

nbtstat
-
a 204.224.150.3

Local Area Connection:

Node IpAddress: [204.224.150.3] Scope Id: []


NetBIOS Remote Machine Name Table


Name Type Status

-------
--------------------------------------

HOPE4


<00> UNIQUE Registered

CHGROUP


<00> GROUP Registered

HOPE4


<20> UNIQUE Registered

HOPE4



<03> UNIQUE Registered

CHGROUP

<1E> GROUP Registered

CHGROUP

<1D> UNIQUE Registered

..__MSBROWSE__.

<01> GROUP Regi
stered

ADMINISTRATOR

<03> UNIQUE Registered


MAC Address = 00
-
00
-
00
-
00
-
00
-
00



9.

ARP

Display or manipulate the
ARP

information on a network device or computer.



Additional information about the MS
-
DOS arp command can be found
here
.


Syntax

ARP
-
s inet_addr eth_adr [if_addr]

ARP
-
d inet_addr [if_addr]

ARP
-
a [inet_addr] [
-
N if_addr]

-
a

Displays current ARP entries by interrogating the current pro
tocol data. If
inet_addr is specified, the IP and Physical addresses for only the specified
computer are displayed. If more than one network interface uses ARP, entries
for each ARP table are displayed.

-
g

Same as
-
a

inet_addr

Specifies an Internet addre
ss.

-
N if
addr

Displays the ARP entries for the network interface specified by if_addr.

-
d

Deletes the host specified by inet_addr.

-
s

Adds the host and associates the Internet address inet_addr with the Physical
address eth_addr. The Physical address i
s given as 6 hexadecimal bytes
seperated by hyphens. The entry is permanent.

eth_addr

Specifies a physical address

if_addr

If present, this specifies the Internet address of the interface whose address
translation table should be modified. If not present
, the first applicable
interface will be used.

Examples

arp
-
a

Interface 220.0.0.80




Internet Address

Physical Address

Type




220.0.0.160

00
-
50
-
04
-
62
-
F7
-
23

static

The
Physical Address or M
AC address

as shown above in the format aa
-
bb
-
cc
-
dd
-
ee
-
ff is
the unique manufacturer identification number. This number should always be a unique
address.

An example of how to change the above
IP
address

220.0.0.160 to 220.0.0.161 in this
case would be:

arp
-
s 220.0.0.161 00
-
50
-
04
-
62
-
F7
-
23

If an IP address has already been assigned to the specific network adapter it is not
possible to change that assigned IP address to a new address. In addition
, networks
italicizing
DHCP
,
BOOTP

or
RARP

will automatically assign
the card an IP address,
therefore, this command would not be utilized




10.

Netsh, the Network Services Shell


A suite of command line networking tools called Netsh that comes with its own shell
or interface is contained in a number of Windows operating syste
ms and is
discussed here.

Introduction to Netsh

As more and more home users set up networks, they are finding themselves to be
de facto

system administrators. Home networks are very nice but they require a certain amount of
care and feeding. Fortunately,
Windows XP comes with a large assortment of command
-
line tools that can help maintain your network. Although many are specialized and of
interest only to administrators of large corporate setups, some tools can be quite helpful
to the home user as well.

M
any may find that the basic tools like

ping
,
ipconfig
, and
netstat
, which are discussed
on
another page
, are all that they care to deal with but the more adventurous can take
advantage of a complete s
uite of powerful tools called

Netsh
. This suite is invoked from
the standard command
-
line but has it has own interface or shell with a large number of
sub
-
commands. I will try to focus on the features of Netsh that I think can be helpful to
the home user.
The whole suite has many applications and those who want more details
can go to this
Microsoft reference
.

The Network Services shell is op
ened by entering
netsh

into a regular command prompt.
The shell has a hierarchical structure with some sub
-
shells that Microsoft calls "contexts".
From the user's point of view, however, all that this means is that commands are entered
as a sequence of ter
ms. The following sections discuss the "contexts" of most use to the
home user.

The "netsh diag" context

The diagnostic context "diag" contains useful tools for checking out a network and
testing various components and functions. Table I shows the context
s and sub
-
commands
of most interest to this discussion. A complete list and many details are given at this
Microsoft reference.

Table

I. Some sub
-
shells (contexts) and commands for Netsh diag

Context

Sub
-
context

Commands

diag

connect
-

Establishes, verifies, and then drops a
connection

iphost, mail, news

ping
-

Verifies connectivity

adapter, iphost, mail,
news

show
-

Lists networ
k components and settings

all, client, ip, mail,
modem

gui
-

Starts the network diagnostics tool in Help
and Support Center.

Graphical user
interface

This group of commands provides ways to test some of the most common functions of
interest to home u
sers. For example, you can test if your email server is working or check
your email settings by the command
netsh diag connect mail

(Note that this may not
work for email clients like AOL.). Another example is to list important settings with
netsh
diag show

all


The graphical user interface

One way to simplify diagnostic tasks is to use the Help Center interface that can be
invoked by entering
netsh diag gui

With this interface, you can carry out a number of
diagnostic tests with one operation. Figure 1 sho
ws the available functions.

Figure 1. Settings for GUI function of Netsh diag


The "netsh interface ip" context

This context is another with functions that might

interest a home user. It provides a way
to add, delete, modify, and display various IP addresses and TCP/IP settings. Table II
lists several functions. More detail and additional functions are discussed in this

Microsoft reference.

An example of its use is to display TCP/IP settings with the
command
netsh interface ip show config
This can also be written
netsh int ip show config


Tabl
e II. Some commands for "netsh interface ip"

Context

Sub
-
context

Function

interface
ip

or

int ip

set address

Configures an IP address and a default gateway on a
specified interface

show
address

Displays address for specified interface

Reset Interne
t Protocol (TCP/IP)

Another example of using the
Netsh Internet Ip

context is resetting TCP/IP. For several
reasons, including infestation from spyware, these settings might get corrupted.
Netsh

contains a command that will reset the TCP/IP stack to the or
iginal settings that existed
when the operating system was installed. These settings may not be the most up
-
to
-
date
for your system but they will allow you to reconfigure after a spyware invasion or other
problem. The command to reset TCP/IP is
netsh int i
p reset
{logfile}

Note that you must
include the name of a file where a log of the actions will be placed. Thus, if the log file is
C:
\
tcplog.txt
, the command is
netsh int ip reset C:
\
tcplog.txt

A detailed description of
reinstalling TCP/IP is given at thi
s
Microsoft reference
. Also, see the Winsock section
below.

The "netsh winsock" context

Service pack 2 for Windows XP includes some additions to the Netsh suite. These are
discussed here

and include a new tool for repairing the Windows network socket or
"winsock". Uninstalling spyware or poorly written applications can corrupt the wi
nsock
settings and result in loss of network connectivity. There are two commands for
managing the settings. To display a list of various installed services (LSP, BSP, NSP) use
netsh winsock show catalog

This list may not be too meaningful for the average
PC user
but it can be helpful for more experienced users. To reset the winsock to the default
configuration use
netsh winsock reset catalog

Note that any installed software that uses
Internet connections may be partially disabled by this action and have to

be reinstalled.
This would include most software that updates itself and anti
-
virus programs that use
proxy servers. Therefore, this command should only be used for cases where the degree
of corruption makes it necessary. See

this reference
for some alternative methods.

Netsh Firewall Helper in Windows XP SP2

Microsoft changed the way the firewall in Windows XP works when it issued service
pack 2. It also added capability to Netsh for exten
sive configuring of the firewall with a
new context "netsh firewall" that Microsoft calls the Firewall Helper. Its use in
troubleshooting firewall problems in SP2 is extensively discussed
in this knowledge base
article
. With the Firewall Helper Microsoft says you can now

• Configure the default state of Windows Firewall. (Options include Off, On, and On with
no exceptions.)

• Configure the ports that must be open.

• Configur
e the ports to enable global access or to restrict access to the local subnet.

• Set ports to be open on all interfaces or only on a specific interface.

• Configure the logging options.

• Configure the Internet Control Message Protocol (ICMP) handling o
ptions.

• Add or remove programs from the exceptions list

The number of possible commands is quite large but two main sub
-
contexts are
netsh
firewall set

and
netsh firewall show

An extensive list of commands is
in the knowledge
base article

previously mentioned.