It is sometimes useful to know the network commands to analyze or configure your TCP/IP networks
Here is the list of commands that can be used in the command prompt:
PING: Test the network connection with a remote IP address
ping-t [IP or host]
ping-l 1024 [IP or host]
The -t option to ping continuously until Ctrl-C is pressed.
If you specify the -t option you can always get statistics without interrupting pings by pressing Ctrl + Break
This command is also useful to generate network load by specifying the size of the packet with the -l option and the packet size in bytes.
TRACERT: Displays all intermediate IP addresses through which a packet passes through, between the local machine and the specified IP address.
tracert [@IP or host]
tracert -d [@IP or host]
This command is useful if the ping command does return any data, to determine at what level the connection failed.
IPCONFIG: Displays or refresh the TCP/IP configuration
ipconfig /all [/release [adapter]] [/renew [adapter]] /flushdns /displaydns /registerdns [-a] [-a] [-a]
This command, when executed with no options, displays the current IP address, the subnet mask and default gateway (network interfaces of the local machine)
- /all: Displays all network configuration, including DNS, WINS, DHCP servers, etc ...
- /renew [adapter]: Renews DHCP configuration for all adapters (if adapter is not specified) or a specific adapter indicated by the [adapter] parameter.
- /release [adapter]: Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and cancel the IP address configuration for all adapters (if adapter is not specified) or a specific adapter indicated by the [adapter] parameter. This parameter disables TCP/IP for network cards configured to automatically obtain an IP address.
- /flushdns: Empty and reset the DNS client resolver cache. This option is useful to exclude negative entries and all other entries added dynamically to the cache.
- /displaydns: Displays the DNS client resolver cache, which includes entries preloaded from the local host file and any recently obtained records for name queries resolved by the host computer. The DNS Client service uses this information to quickly resolve frequently queried names, before querying the configured DNS servers.
- /registerdns: Refreshes all DHCP leases and re-registers DNS names.
NETSTAT: Displays the status of the TCP/IP stack on the local machine
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
- -a Displays all connections and listening ports (server-side connections are normally inhibited).
- -e Displays Ethernet statistics. Can be combined with the -s option.
- -n Displays addresses and port numbers in numerical form.
- -p proto Shows connections for the protocol specified by proto, proto may be TCP or UDP. Used with the -s option to display per-protocol statistics, proto may be TCP, UDP or IP.
- -r Displays the contents of the routing table.
- -s Displays statistics by protocol. By default, statistics on TCP, UDP and IP are displayed, the -p option can be used to specify a subset.
- interval: Re-display the selected statistics, pausing after a specific "interval" (in seconds) between each display. Press Ctrl + C to stop displaying statistics.
- -abnov Displays processes using the internet connection (local IP address, port, remote IP adress and the PID of the process that uses the connection as well as its name).
ROUTE: Displays or modifies the routing table
ROUTE [-f] [command [destination] [MASK network mask] [gateway]
- -f Clears the routing tables of all gateway entries. Used in conjunction with one of the below "commands", the tables are cleared before executing the command.
- -p Makes the entry into the table, residual (after reboot).
Specify one of four commands:
- DELETE: Deletes a route.
- PRINT: Displays a route.
- ADD: Adds a route.
- CHANGE: Modifies an existing route.
- destination: Specifies the host.
- MASK: If the MASK keyword is present, the next parameter is interpreted as the network mask parameter.
- netmask: Provided, it specifies the value of the subnet mask to be associated with this route entry. Unspecified, it takes the default value of 255.255.255.255.
- Gateway: Specifies the gateway.
- METRIC: Specifies the cost metric for the destination
ARP: Resolving IP addresses to MAC addresses. Displays and modifies the translation tables of IP addresses to physical addresses used by the ARP address resolution protocol.
ARP -s adr_inet adr_eth [adr_if]
ARP -d adr_inet [adr_if]
ARP -a [adr_inet] [-N adr_if]
- -a Displays active ARP entries by interrogating the current data protocol. If adr_inet is specified, only the physical and IP addresses of the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
- -g is the same as -a
- adr_inet Specifies an internet address.
- -N adr_if Displays ARP entries for the network interface specified by adr_if.
- -d Deletes the host specified by adr_inet.
- -s Adds the host and associates the adr_inet internet address with the adr_eth physical address. The physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent.
- adr_eth Specifies a physical address.
- adr_if Specifies the internet interface whose address translation table should be modified. When not specified, the first applicable interface will be used.
NBTSTAT: Update cache of the LMHOSTS file. Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
NBTSTAT [-a Remote Name] [-A IP address] [-c] [-n] [-r] [-R] [-s] [S] [interval]
-a (adapter status) display the table (names) of the remote machine (known name).
-A (adapter status) display the table (names) of the remote machine (IP address).
-c (cache) display the remote name cache including the IP addresses.
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS.
-R (Reload) Clear and reload the table cache with the remote names.
-S (Sessions) Lists the sessions table with the destination IP addresses.
-s (sessions) Lists the sessions table with the destination IP addresses converted to host names via the hosts file.
nbtstat -A @IP
This command returns the NetBIOS name, system name, users connected ... to the remote machine.
telnet <IP or host>
telnet <IP or host> <port TCP>
The telnet command to access to a remote host in Terminal mode (passive screen) . It also allows you to check if any TCP service is running on a remote server by specifying the IP address after the TCP port number. Thus we can test whether the SMTP Service is running on a Microsoft Exchange server, using the IP address of the SMTP connector, and then 25 as the port number. The most common ports are:
- ftp (21),
- telnet (23),
- smtp (25),
- www (80),
- kerberos (88),
- pop3 (110),
- nntp (119)
- and nbt (137-139).
HOSTNAME: Displays the name of the machine
FTP: Client to upload files
- -s This option allows you to run FTP in batch mode: Specifies a text file containing FTP commands.
Nslookup sends DNS requests to a DNS server
nslookup [domain] [dns server]
The nslookup command to send DNS requests to a server. By default, if you do not specify the DNS server, the command will use the one that is configured for your network interface (the one you use to surf the internet, for example).
Learn more: Using Netsh
This document, titled « Windows- Network commands for TCP/IP », is available under the Creative Commons
license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM