Difference between revisions of "Windows netsh networking"
Line 67: | Line 67: | ||
= Tracing = | = Tracing = | ||
OS: Windows 7, Windows Server 2008 and newer | |||
netsh trace help | |||
netsh trace show capturefilterhelp #details and examples | |||
IPConfig /FlushDNS #clear DNS name cache | |||
NBTStat -R #clear NetBIOS name cache | |||
Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl | |||
netsh trace stop | |||
== Analysing == | |||
Install Microsoft's Message Analyzer app that can read ETL format http://www.microsoft.com/en-us/download/details.aspx?id=44226 | |||
Convert ETL to PCAP using a PowerShell script (not tested) or use save as... in Message Analizer | |||
$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop | |||
$s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl” | |||
$s | Start-PefTraceSession | |||
= References = | = References = |
Revision as of 17:42, 13 December 2015
Examples of use of netsh.exe Windows command-line utility to manipulate local or remote machine network configuration
List IPv4 and IPv6 addresses
It gives nicer output than ipconfig
netsh interface ip show addresses netsh interface ipv6 show addresses
Set IPv4 address
netsh interface ip set address "Ethernet" static hostipaddress 255.255.255.0 hostgatewayaddress netsh interface ip set address "Ethernet" static 10.50.10.41 255.255.255.0 10.50.41.1
Set IPv6 address
Configure interface with ipv6 address, interface name "Local Area Connection"
netsh interface ipv6 set address "Local Area Connection" 2001:db8:acad:1::3
Import wireless profile
- Export profile
Netsh wlan export profile folder= PathAndFileName [[name=] ProfileName] [[interface=] InterfaceName] [[key=] clear] Netsh wlan export profile folder=%USERPROFILE%\Downloads\Wifiprofiles name=Guest_wireless interface="Wireless Network Connection"
- Import profile
Netsh wlan add profile filename= PathAndFileName [[interface=]InterfaceName] [[user=]{all|current}] Netsh wlan add profile filename="Wireless Network Connection-Guest_wireless.xml" interface="Wireless Network Connection" user=all
Check wireless card band capability - 2.4Ghz or 5Ghz
OS: Windows 7, not recognized on W2012R2 Data Center
netsh wlan show drivers
- If the network adapter supports network modes 802.11g and 802.11n:
- The computer has 2.4 GHz network capability ONLY & IS NOT Dual-Band Capable.
- If the network adapter supports network modes 802.11a and 802.11g and 802.11ac and 802.11n:
- The computer has 2.4 GHz and 5GHz network capability IS Dual-Band Compable.
- The network adapter supports network modes 802.11n and 802.11g and 802.11b:
- The computer has 2.4GHz network capability ONLY & IS NOT Dual-Band Capable.
Firewall
netsh firewall command has been deprecated in Windows Server 2012 in favour of a new command netsh advfirewall firewall.
Show all rules
netsh advfirewall firewall show rule name=all
Enable/disable firewall
netsh advfirewall set allprofiles state on
Reset a firewall to defaults
netsh advfirewall reset
Set firewall log file from default \Windows\system32\LogFiles\Firewall\pfirewall.log to eg. C:\temp directory
netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log"
Export / import FW settings
netsh advfirewall export "C:\temp\WFconfiguration.wfw"
ICMP settings
netsh firewall set icmpsetting 8 enable|disable netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow|block netsh advfirewall firewall delete rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in
netsh firewall set icmpsetting type=ALL mode=enable netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow netsh firewall set icmpsetting 13 disable all netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block
Tracing
OS: Windows 7, Windows Server 2008 and newer
netsh trace help netsh trace show capturefilterhelp #details and examples IPConfig /FlushDNS #clear DNS name cache NBTStat -R #clear NetBIOS name cache Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl netsh trace stop
Analysing
Install Microsoft's Message Analyzer app that can read ETL format http://www.microsoft.com/en-us/download/details.aspx?id=44226
Convert ETL to PCAP using a PowerShell script (not tested) or use save as... in Message Analizer
$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop $s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl” $s | Start-PefTraceSession
References
- Netsh tracing isc.sans.edu
- Network tracing (packet sniffing) built-in to Windows Clients (7,8,8.1,10) and Windows Server (2008 R2, 2012, 2012 R2