Windows XP And Vista Networking From the Command Line.

Filed in Security, Windows on Nov.09, 2008

Netsh.exe is fantastic tool from Microsoft that allows administrators and users to monitor and change networking for Windows from the command prompt.

For the full options and switches that can be used with the command, type

netsh /?

Followed by Enter to view the list.

Here are some examples that you can use.

To view your TCP/IP settings type.

netsh interface ip show config

To set your network interface named Local area connection IP address to static and supply the values

netsh interface ip set address name=”Local Area Connection” static <IP> <Subnet mask> <Gateway>

For example

netsh interface ip set address name=”Local Area Connection” static 192.168.1.15 255.255.255.0 192.168.1.1 1

Note the above should be on one line.

To configure “Local Area Connection” to obtain IP address and others through DHCP.

netsh interface ip set address “Local Area Connection” dhcp

To specify DNS server for an interface.

netsh interface ip set dns “Local Area Connection” static 192.168.1.17

To specify WINS server for an interface.

netsh interface ip set WINS “Local Area Connection” static 192.168.1.17

To export your current network settings including IP address and others, type the following.

netsh -c interface dump > <path to network settings file>

For example.

netsh -c interface dump > c:\networksettings.txt

To import settings from a file previously dumped.

netsh -f <path to network settings file>

For example.

netsh -f c:\networksettings.txt

To reset the TCP/IP stack to default,

netsh interface ip reset C:\resettcpiplog.txt

To turn the Windows firewall off

netsh firewall set opmode disable

To turn it back on

netsh firewall set opmode enable

To disable firewall on computer in a domain environment.

netsh firewall set opmode mode=DISABLE profile=DOMAIN

Gathering firewall status and configuration information

Netsh firewall show state
Netsh firewall show config

To allow a port through firewall.

netsh firewall add portopening <protocol> <port> <descriptiveName> [mode] [scope [addresses]] [profile]

The above should be on one line.

Please note that

* protocol is TCP, UDP or ALL;
* port is a port in the 1-65535 range;
* descriptiveName is a descriptive name, surrounded in quotes if it contains spaces;
* mode is ENABLE or DISABLE;
* scope is ALL, SUBNET or CUSTOM. If you use CUSTOM then you must specify the addresses;
* addresses if the scope field is set to CUSTOM, this field is a comma-separated list of allowed addresses;
* profile is CURRENT, DOMAIN, STANDARD or ALL.

To delete the firewall exception.

netsh firewall delete portopening <protocol> <port>

Here is the reference page directly from Microsoft.