Windows networking commands: with examples, cheat sheet

Windows networking commands: with examples, cheat sheet

It is sometimes useful to know the network commands to analyze or configure your TCP/IP networks. Here is the list of commands that can be used in the command prompt.

The fastest way to open to the command prompt in Windows is to hit Windows Key + R to access the Run dialog box. Then type "cmd" and press Enter to load the command prompt.


PING: Test the network connection with a remote IP address

ping-t [IP or host]
ping-l 1024 [IP or host]

Use the -t option to ping continuously until Ctrl-C is pressed. If you specify the -t option you can always get statistics without interrupting pings by pressing Ctrl + Break

This command is also useful to generate network load by specifying the size of the packet with the -l option and the packet size in bytes.


TRACERT: Displays all intermediate IP addresses through which a packet passes through, between the local machine and the specified IP address.

tracert [@IP or host]
tracert -d [@IP or host]

This command is useful if the ping command does return any data, to determine at what level the connection failed.


IPCONFIG: Displays or refresh the TCP/IP configuration

ipconfig /all [/release [adapter]] [/renew [adapter]] /flushdns /displaydns /registerdns [-a] [-a] [-a] 

This command, when executed with no options, displays the current IP address, the subnet mask and default gateway (network interfaces of the local machine)

  • /all: Displays all network configuration, including DNS, WINS, DHCP servers, etc ...
  • /renew [adapter]: Renews DHCP configuration for all adapters (if adapter is not specified) or a specific adapter indicated by the [adapter] parameter.
  • /release [adapter]: Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and cancel the IP address configuration for all adapters (if adapter is not specified) or a specific adapter indicated by the [adapter] parameter. This parameter disables TCP/IP for network cards configured to automatically obtain an IP address.
  • /flushdns: Empty and reset the DNS client resolver cache. This option is useful to exclude negative entries and all other entries added dynamically to the cache.
  • /displaydns: Displays the DNS client resolver cache, which includes entries preloaded from the local host file and any recently obtained records for name queries resolved by the host computer. The DNS Client service uses this information to quickly resolve frequently queried names, before querying the configured DNS servers.
  • /registerdns: Refreshes all DHCP leases and re-registers DNS names.


NETSTAT: Displays the status of the TCP/IP stack on the local machine

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
  • -a Displays all connections and listening ports (server-side connections are normally inhibited).
  • -e Displays Ethernet statistics. Can be combined with the -s option.
  • -n Displays addresses and port numbers in numerical form.
  • -p proto Shows connections for the protocol specified by proto, proto may be TCP or UDP. Used with the -s option to display per-protocol statistics, proto may be TCP, UDP or IP.
  • -r Displays the contents of the routing table.
  • -s Displays statistics by protocol. By default, statistics on TCP, UDP and IP are displayed, the -p option can be used to specify a subset.
  • interval: Re-display the selected statistics, pausing after a specific "interval" (in seconds) between each display. Press Ctrl + C to stop displaying statistics.
  • -abnov Displays processes using the internet connection (local IP address, port, remote IP adress and the PID of the process that uses the connection as well as its name).


ROUTE: Displays or modifies the routing table

ROUTE [-f] [command [destination] [MASK network mask] [gateway]
  • -f Clears the routing tables of all gateway entries. Used in conjunction with one of the below "commands", the tables are cleared before executing the command.
  • -p Makes the entry into the table, residual (after reboot).

Specify one of four commands:

  • DELETE: Deletes a route.
  • PRINT: Displays a route.
  • ADD: Adds a route.
  • CHANGE: Modifies an existing route.
  • destination: Specifies the host.
  • MASK: If the MASK keyword is present, the next parameter is interpreted as the network mask parameter.
  • netmask: Provided, it specifies the value of the subnet mask to be associated with this route entry. Unspecified, it takes the default value of
  • Gateway: Specifies the gateway.
  • METRIC: Specifies the cost metric for the destination


ARP: Resolving IP addresses to MAC addresses. Displays and modifies the translation tables of IP addresses to physical addresses used by the ARP address resolution protocol.

ARP -s adr_inet adr_eth [adr_if]
ARP -d adr_inet [adr_if]
ARP -a [adr_inet] [-N adr_if] 
  • -a Displays active ARP entries by interrogating the current data protocol. If adr_inet is specified, only the physical and IP addresses of the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
  • -g is the same as -a
  • adr_inet Specifies an internet address.
  • -N adr_if Displays ARP entries for the network interface specified by adr_if.
  • -d Deletes the host specified by adr_inet.
  • -s Adds the host and associates the adr_inet internet address with the adr_eth physical address. The physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
  • adr_eth Specifies a physical address.
  • adr_if Specifies the internet interface whose address translation table should be modified. When not specified, the first applicable interface will be used.


NBTSTAT: Update cache of the LMHOSTS file. Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).

 NBTSTAT [-a Remote Name] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval]

-a (adapter status) display the table (names) of the remote machine (known name). -A (adapter status) display the table (names) of the remote machine (IP address). -c (cache) display the remote name cache including the IP addresses. -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS. -R (Reload) Clear and reload the table cache with the remote names. -S (Sessions) Lists the sessions table with the destination IP addresses. -s (sessions) Lists the sessions table with the destination IP addresses converted to host names via the hosts file. Example : nbtstat -A @IP This command returns the NetBIOS name, system name, users connected ... to the remote machine.



telnet <IP or host>
telnet <IP or host> <port TCP>

The telnet command to access to a remote host in Terminal mode (passive screen) . It also allows you to check if any TCP service is running on a remote server by specifying the IP address after the TCP port number. Thus we can test whether the SMTP Service is running on a Microsoft Exchange server, using the IP address of the SMTP connector, and then 25 as the port number. The most common ports are:

  • ftp (21),
  • telnet (23),
  • smtp (25),
  • www (80),
  • kerberos (88),
  • pop3 (110),
  • nntp (119)
  • and nbt (137-139).


HOSTNAME: Displays the name of the system. Using this command is much easier than going into system settings to search for it. 


FTP: Client to upload files

ftp -s:<file>
  • -s This option allows you to run FTP in batch mode: Specifies a text file containing FTP commands.


Nslookup sends DNS requests to a DNS server

nslookup [domain] [dns server]

The nslookup command to send DNS requests to a server. By default, if you do not specify the DNS server, the command will use the one that is configured for your network interface (the one you use to surf the internet, for example).


Learn more: Using Netsh

Tips and Tricks

  • For full access and control, run commands as an administrator (right-click Command Prompt and choose "Run as administrator"
  • You can combine commands with various options and piping (using the "|" symbol) to refine the output or perform advanced operations.
  • To help analysis and sharing of your results, you can ssend the output of commands to a text file. To do this, follow the example formula: "ping > ping_results.txt" wich will save the ping results to a file named "ping_results.txt."
  • The commands and variants we've listed here are just the basics. To go even deeper in each command, use the /? option with a command (e.g., "ipconfig /?") to display its usage and all available options.
More network questions? Check out our forum!


Around the same subject