Examples of use of netsh.exe Windows command-line utility to manipulate local or remote machine network configuration

List IPv4 and IPv6 addresses

It gives nicer output than ipconfig

netsh interface ip show addresses
netsh interface ipv6 show addresses

Set IPv4 address

netsh interface ip set address "Ethernet" static hostipaddress 255.255.255.0 hostgatewayaddress
netsh interface ip set address "Ethernet" static 10.50.10.41 255.255.255.0 10.50.41.1

Set IPv6 address

Configure interface with ipv6 address, interface name "Local Area Connection"

netsh interface ipv6 set address "Local Area Connection" 2001:db8:acad:1::3

Import wireless profile

Export profile

Netsh wlan export profile folder= PathAndFileName [[name=] ProfileName] 	[[interface=] InterfaceName] [[key=] clear]
Netsh wlan export profile folder=%USERPROFILE%\Downloads\Wifiprofiles name=Guest_wireless interface="Wireless Network Connection"

Import profile

Netsh wlan add profile filename= PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}]
Netsh wlan add profile filename="Wireless Network Connection-Guest_wireless.xml" interface="Wireless Network Connection" user=all

Check wireless card band capability - 2.4Ghz or 5Ghz

OS: Windows 7, not recognized on W2012R2 Data Center

netsh wlan show drivers

• If the network adapter supports network modes 802.11g and 802.11n:
  • The computer has 2.4 GHz network capability ONLY & IS NOT Dual-Band Capable.
• If the network adapter supports network modes 802.11a and 802.11g and 802.11ac and 802.11n:
  • The computer has 2.4 GHz and 5GHz network capability IS Dual-Band Compable.
• The network adapter supports network modes 802.11n and 802.11g and 802.11b:
  • The computer has 2.4GHz network capability ONLY & IS NOT Dual-Band Capable.

Firewall

netsh firewall command has been deprecated in Windows Server 2012 in favour of a new command netsh advfirewall firewall.

Show all rules

netsh advfirewall firewall show rule name=all

Enable/disable firewall

netsh advfirewall set allprofiles state on

Reset a firewall to defaults

netsh advfirewall reset

Set firewall log file from default \Windows\system32\LogFiles\Firewall\pfirewall.log to eg. C:\temp directory

netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log"

Export / import FW settings

netsh advfirewall export "C:\temp\WFconfiguration.wfw"

ICMP settings

netsh firewall set icmpsetting 8 enable|disable
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow|block
netsh advfirewall firewall delete rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in 

netsh firewall set icmpsetting type=ALL mode=enable
netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow

netsh firewall set icmpsetting 13 disable all
netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block

Tracing

OS: Windows 7, Windows Server 2008 and newer

netsh trace help
netsh trace show capturefilterhelp  #details and examples
IPConfig /FlushDNS     #clear DNS name cache
NBTStat -R             #clear NetBIOS name cache
Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl
netsh trace stop

Analysing

Install Microsoft's Message Analyzer app that can read ETL format http://www.microsoft.com/en-us/download/details.aspx?id=44226

Convert ETL to PCAP using a PowerShell script (not tested) or use save as... in Message Analizer

$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl”
$s | Start-PefTraceSession

References

• Netsh tracing isc.sans.edu
• Network tracing (packet sniffing) built-in to Windows Clients (7,8,8.1,10) and Windows Server (2008 R2, 2012, 2012 R2