Useful Windows network commands

Last Updated on

1 ping

Usually, it can be used for testing the connectivity and the network latency in millisecond (ms)

bytes: Packet size in bytes

time: Response time in ms, smaller = quicker

TTL: Time To Live

By default, Linux have TTL value of 64 or 255, WindowsNT/2000/XP have TTL value of 128, Windows 98 has TTL of 32, Unix have TTL of 255.

Windows TTL: 100 ~ 130ms

Unix/Linux TTL: 240 ~ 255ms

ping <host name>
ping <domain name>
ping <IP address>
ping google.com
ping google.com

1.1 ping 127.0.0.1: Check if the Network interface controller (NIC), TCP/IP protocol, subnet mask works.

1.2 ping the current host’s IP address: Check if local configuration/installation are correct. (If not, we can check network equipment and cables.)

1.3 ping IP within the current subnet: Check if the NIC works in local area network (LAN), if there is no reply, it means that the subnet mask may be incorrect, network cable issue, configuration issue etc.

1.4 ping default gateway: Check if the gateway works.

1.5 ping remote IP address: Check if the default gateway works, if the device can get on to internet.

1.6 ping localhost: localhost is an operating system (OS) reserved host name. It resolves to 127.0.0.1. Usually, devices should be able to resolve this to such address, otherwise there can be something wrong with the host file (/Window/host for Windows) (/etc/host for Linux)

1.7 ping www.google.com: It will be resolved to IP address first via querying DNS server, if not resolved, it can be the DNS server is not configured correctly or DNS server is not working. Sometimes it can be the domain is blocked by firewall in local area network. (ping can be blocked completely by firewall as well.) Or simply, the domain does not exist.

ping IP -t: ping the IP address continuously until Ctrl + C is pressed.

ping IP -l 1000: ping with specified length (1000 bytes) (default is 32 byte)

ping IP -f -l 1492: ping with specified length without fragmenting the packet.

ping IP -n 10: execute the ping command 10 times.

ping IP -a: Resolve the hostname and NetBIOS name via the pingable IP address.

for /L %D in (1,1,254) do ping 10.0.0.%D: ping from 10.0.0.1 to 10.0.0.254

for /L %D in (1,1,254) do ping 10.0.0.%D

Note: Ping command can be blocked by firewall deployed in the LAN, while it is a useful and helpful command for troubleshooting the network issues most of the time, but do not rely on it entirely and draw conclusion completely from ping command. Better to use it as a reference.

2 ipconfig

Used for checking TCP/IP configuration. Release, Renew DHCP leasse. Flush DNS cache etc.

2.1 ipconfig: Show IP address, Subnet Mask, Default Gateway of the interface

2.2 ipconfig /all: Show all details including DNS, WINS and extra information, MAC address, DHCP server IP address, DHCP lease obtained time, expire time etc.

2.3 ipconfig /release: Release all IP addresses obtained from DHCP server

2.4 ipconfig /renew: Renew the IP address from DHCP server, usually it will be the same IP address before “ipconfig /release”

2.5 ipconfig /flushdns: Flush DNS cache in Windows

2.6 ipconfig /displaydns: Print DNS cache from local machine on screen. (We can use ipconfig /displaydns > C:\dns-cache.txt to save output to text file for easier diagnostic)

3 tracert (traceroute)

Windows: tracert

Linux: traceroute

Used for checking routing condition/path and latency etc.

tracert <host name>
tracert <domain name>
tracert <IP address>
tracert google.com
tracert google.com

Output with 5 columns

Column 1: The number of the hop

Column 2: Round Trip Time 1 (RTT 1)

Column 3: RTT 2

Column 4: RTT 3

Column 5: IP address, name of the router

If any packet loss happen, “*” will be used instead of time in “ms”

4 arp (Address Resolution Protocol)

Used to check the corresponding Media Access Control Address (MAC address) of the IP address.

Can be used to output ARP cached information from current device or other devices. Manually set the MAC/IP pair.

arp -a
arp -a <IP>
arp -s <IP>
arp -d <IP>

4.1 arp -a: Show all data in ARP cache

4.2 arp -a IP: Only show all ARP cache from one of the NIC associated with the specified IP address

4.3 arp -s IP MAC: Manually add the IP MAC pair as static ARP cache to the system (Persistent across reboots)

4.4 arp -d IP: Manually delete a static ARP cache

5 route

Used for checking and configuring routing information.

route print
route add
route change

5.1 route print: Show current routing table

5.2 route add:

e.g. To configure a routing table for reaching 192.168.1.11, through 5 networks, via one of the route on local network which is 192.168.2.22, where the subnet is 255.255.255.224, then the following command will be used

route add 192.168.1.11 mask 255.255.255.224 192.168.2.22 metric 5

5.3 route change:

Can be used to change the path for the routing table but not the routing destination.

e.g. Change the above example from metric 5 to metric 2

route change 192.168.1.11 mask 255.255.255.224 metric 2

5.4 route delete: Delete routing table.

route delete 192.168.1.11

6 nslookup

Used to find out domain name/IP address of an host. Usually require DNS server.

6.1 nslookup: Show current configured DNS server on the host

nslookup

6.2 nslookup google.com: Use the default DNS server to check DNS records

nslookup goolge.com

6.3 nslookup google.com 8.8.8.8: Use the google DNS server (8.8.8.8) to resolve domain (google.com)

nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8

6.4 nslookup <IP address> <DNS server>: Reverse lookup

nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8

7 netstat

Get current network information from current host.

Show active TCP connections, Ports the host listening on, Ethernet information, IP routing table, IPv4 information (IP, ICMP, TCP, UDP protocol), IPv6 information (IPv6, ICMPv6, TCP, UDP over IPv6).

7.1 netstat

Show active TCP connections

netstat

7.2 netstat -a: Show all connections, including “ESTABLISHED”, “LISTENING” states. (With host name/domain)

7.3 netstat -n: List the detail in IP address rather than host name/domain name.

7.4 netstat -e: Show statistical data about Network interface. (Total Bytes transferred, Errors, Discards, Unicast packets, Unknown protocols, Non-unicast packets)

7.5 netstat -r: Similar to route print, the output is similar to rout print command as well. Output routing table information.

Network DestinationDestination network
0.0.0.0Unknown network (Added automatically when using default gateway)
127.0.0.0Local host network address
224.0.0.0Multicast address
255.255.255.255Broadcast address
NetmaskNetmask address
GatewayGateway address
InterfaceInterface address
MetricHops

8 nbtstat

Used to troubleshoot NetBIOS.

8.1 nbtstat -n: Show information about your workgroup.

8.2 nbtstat -a <IP Aaddress>: Show NetBIOS information about that device

9 net

Used for service related, network related.

9.1 net help: Get more help

9.2 net hep <command> e.g. net help accounts: To get help on that specific net command (accounts in this case)

CommandExampleDescription
NET ACCOUNTSNET ACCOUNTSShow current accounts information
NET CONFIGNET CONFIG SERVER (or WORKSTATION)Show network configuration
NET GROUPNET GROUPShow groups (Only available on Domain Controller)
NET SENDNET SEND server1 “test message”Send broadcast message to other computers
NET SHARENET SHAREShow shared files/folders from local host
NET STARTNET START FaxStart service
NET STOPNET STOP FaxStop service
NET STATISTICSNET STATISTICS WORKSTATION (or SERVER)Show network statistics
NET USENET USE x:\serverFolderMap network drive with letter
NET USERNET USERShow accounts/users on local host
NET VIEWNET VIEWShow available computers on network

Leave a Reply

Your email address will not be published. Required fields are marked *