Windows (XP) Network Commands

1. Ipconfig

The Windows IP Configuration tool (ipconfig) is the command-line tool. It is used to display the TCP/IP network configuration values. To open it, enter "ipconfig" in the command prompt. If you are connected directly to the Internet, you will obtain your IP address. The figure below shows the result for a broadband connection where the IP is assigned automatically. Here the IP is your computer's temporary address on the Internet.

If you are on a local area network using a router, the information is different. You do not obtain the IP corresponding to the network's address on the Internet. The IP given is the local address on the network. This information can be helpful in diagnosing network problems. Also listed is the "gateway" or router address on the local network. The figure below illustrates the result.

Switches for IPConfig

There are also a variety of switches for ipconfig that add functions. These are invoked by entering "ipconfig /{switch}". To obtain a list of switches, enter "ipconfig /?" or "ipconfig -?". These are shown in the figure below.

The switches of most interest to everyday use are "release" and "renew". Note that IP addresses are typically assigned or "leased" for a period of time, often a day or more. It sometimes happens that IP addresses are no longer valid or are in conflict. Problems can often be solved by first releasing the IP address and then renewing it. Sometimes cable or DSL modems that seem to be disabled can be restored this way. If you travel and use broadband connections elsewhere, you will often find this procedure of releasing and renewing the IP address to be necessary.

ipconfig [/? | /all | /release [adapter] | /renew [adapter] | /flushdns | /registerdns | /showclassid adapter | /setclassid adapter [classidtoset] ]

 

/all Display full configuration information.

/release Release the IP address for the specified adapter.

/renew Renew the IP address for the specified adapter.

/flushdns Purges the DNS Resolver cache.

/registerdns Refreshes all DHCP leases and re-registers DNS names

/displaydns Display the contents of the DNS Resolver Cache.

/showclassid Displays all the dhcp class IDs allowed for adapter.

/setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed.

For SetClassID, if no class id is specified, then the classid is removed.

Examples

To get your computers local network IP address, subnet mask, and default gateway typing ipconfig alone will display this information as shown below. Keep in mind this is only your local network information.

ipconfig

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ut.comcast.net.IP Address. . . . . . . . . . . . : 192.168.201.245Subnet Mask . . . . . . . . . . . : 255.255.255.0Default Gateway . . . . . . . . . : 192.168.201.1

To get all local network information for your computer use the /all switch as shown below, followed by the results that would be seen when using this command.

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . : COMPUTERH1DNS Servers . . . . . . . . : 123.45.67.8111.111.111.1111.111.111.1Node Type . . . . . . . . . : BroadcastNetBIOS Scope ID. . . . . . :IP Routing Enabled. . . . . : NoWINS Proxy Enabled. . . . . : NoNetBIOS Resolution Uses DNS : No

0 Ethernet adapter :

Description . . . . . . . . : PPP Adapter.Physical Address. . . . . . : 44-44-44-54-00-00DHCP Enabled. . . . . . . . : YesIP Address. . . . . . . . . : 123.45.67.802Subnet Mask . . . . . . . . : 255.255.0.0Default Gateway . . . . . . : 123.45.67.801DHCP Server . . . . . . . . : 255.255.255.255Primary WINS Server . . . . :Secondary WINS Server . . . :Lease Obtained. . . . . . . : 01 01 80 12:00:00 AMLease Expires . . . . . . . : 01 01 80 12:00:00 AM

1 Ethernet adapter :

Description . . . . . . . . : 3Com 3C90x Ethernet AdapterPhysical Address. . . . . . : 00-50-04-62-F7-23DHCP Enabled. . . . . . . . : YesIP Address. . . . . . . . . : 111.111.111.108

Subnet Mask . . . . . . . . : 255.255.255.0Default Gateway . . . . . . : 111.111.111.1DHCP Server . . . . . . . . : 111.111.111.1Primary WINS Server . . . . :Secondary WINS Server . . . :Lease Obtained. . . . . . . : 11 16 00 12:12:44 AMLease Expires . . . . . . . :

ipconfig /displaydns

Running the above command would display all the DNS information.

ipconfig /flushdns

Delete all DNS entries.

2. Ping

Ping is an old Unix tool that has been around for a long time but many PC users are unfamiliar with the Windows version. Ping sends out a packet to a designated internet host or network computer and measures its response time. The target computer will return (hopefully) a signal. It is a way of determining the quality of your connection to another site. To use ping, open a command window (or DOS in Windows 9X/Me) and type: ping <hostname>. For example, to ping Dell enter: ping dell.com Please note the use of a hostname, not a complete URL. The prefix "http://" is never used. Many sites also do not require "www" . By convention, 32 byte packets will be transmitted four times. You will receive a screen output that looks like:

The screen tells me that the IP for dell.com is 143.166.83.230 (For the moment, at least. This can change.) It also tells me that the average round trip time for a packet was 69 milliseconds, which means I have a good connection to dell.com. Long reply times of several hundred milliseconds are indicative of a slow connection. Note that some major

sites such as microsoft.com do not like being pinged and block pings. In that case you will get a "Request timed out" message.

Syntax

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]

[-w timeout] destination-list

 

Options:

-t Pings the specified host until stopped.To see statistics and continue - type Control-Break;To stop - type Control-C.

-a Resolve addresses to hostnames.

-n count Number of echo requests to send.

-l size Send buffer size.

-f Set Don't Fragment flag in packet.

-i TTL Time To Live.

-v TOS Type Of Service.

-r count   Record route for count hops.

-s count Timestamp for count hops.

-j host-list Loose source route along host-list.

-k host-list Strict source route along host-list.

-w timeout Timeout in milliseconds to wait for each reply.

Examples

ping localhost

Pings the local host, this will allow you to see if the computer is able to send information out and receive the information back. Note that this does not send information over a network but may allow you to see if the card is being seen.

ping xxx.xxx.xxx.xxx

Allows you to ping another computer where the x's are located are where you would place the IP address of the computer you are attempting to ping. If this is not able to complete, this should relay back an unsuccessful message, which could be an indication of cable issues, network card issues, hub issue, etc.

ping google.com

PING google.com (204.228.150.3) 56(84) bytes of data.64 bytes from www.google.com (204.228.150.3): icmp_seq=1 ttl=63 time=0.267 ms

--- google.com ping statistics ---1 packets transmitted, 1 received, 0% packet loss, time 0msrtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms

3. Tracert

Tracert (traceroute) is another old tool borrowed from Unix. The actual path between two computers on the Internet is not a straight line but consists of numerous segments or "hops" from one intermediate computer to another. Tracert shows each step of the path taken. It can be interesting to see just how convoluted it is. The times for each hop and the IP addresses for each intermediate computer are displayed. Tracert shows up to 30 hops. It is convenient for finding if there is one particular segment that is causing a slow or bad connection. A typical command might be "tracert dell.com".

The tracert command in MS-DOS / Windows is another commonly used network command to help determine network related issues or slowdowns. Using this command you can view a listing of how a network packet travels through the network and where it may fail or slow down. Using this information you can determine the computer, router, switch or other network device possibly causing your network issues.

Syntax

tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name

Options:

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.

Examples

Below is an example when we used tracert on www.google.com. As you can see in the below example, we had a very short list and time to get to its destination because of the location we are.

tracert google.com

1169 ms190 ms160 msslc1-tc.xmission.com [166.70.1.20]2159 ms160 ms190 mscisco0-tc.xmission.com [166.70.1.1]3165 ms189 ms159 mswww.google.com [166.70.10.23]

4. Pathping

This command combines functions of Ping and Tracert. Pathping will first list the number of hops required to reach the address you are testing and then send multiple pings to each router between you and the destination. After that, it computes results based on the packets returned from each router. Because pathping displays the degree of packet loss at any given router or link, you can determine which routers or subnets might be having network problems. Note that the whole process may consume 5-10 minutes because many pings are being sent. There are switches to modify the process and these can be seen by entering "pathping /?" in the command prompt.

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n]

[-p period] [-q num_queries] [-w timeout] [-P] [-R] [-T]

[-4] [-6] target_name

Options:

-g host-list Loose source route along host-list.

-h maximum_hops Maximum number of hops to search for target.

-i address Use the specified source address.

-n Do not resolve addresses to hostnames.

-p period Wait period milliseconds between pings.

-q num_queries Number of queries per hop.

-w timeout Wait timeout milliseconds for each reply.

-P Test for RSVP PATH connectivity.

-R Test if each hop is RSVP aware.

-T Test connectivity to each hop with Layer-2 priority tags.

-4 Force using IPv4.

-6 Force using IPv6.

Examples

pathping google.com

Tracing route to google.com [204.228.150.3]over a maximum of 30 hops:0 Hope [192.168.120.101]1 192.168.120.2542 ...Computing statistics for 50 seconds...

HopRTTSource to HereLost/Sent = Pct

This Node/LinkLost/Sent = Pct Address

0

1

2

 0ms

---

0/ 100 = 0%

100/100 = 100%

0/100 = 0%0/100 = 0%100/100 = 100%0/100 = 0%

0 Hope [192.168.120.101]  |192.168.120.254  |Hope [0.0.0.0]

Trace complete.

5. Netstat

Netstat displays the active TCP connections and ports on which the computer is listening, Ethernet statistics, the IP routing table, statistics for the IP, ICMP, TCP, and UDP protocols. It comes with a number of switches for displaying a variety of properties of the

network and TCP connections. (One tricky point: the switches must be prefixed with a minus, not a slash.) More detail is at this page. One possible use for Netstat is to determine if spyware or Trojans have established connections that you do not know about. The command "netstat -a" will display all your connections. The command "netstat -b" will show the executable files involved in creating a connection. A figure showing all the switches and syntax is given below.

Syntax

NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]

 

-a Displays all connections and listening ports.

-e Displays Ethernet statistics. This may be combined with the -s option.

-n Displays addresses and port numbers in numerical form.

-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.

-r Displays the routing table.

-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default.

interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

Examples

netstat

Displays all local network information. Below is an example of what may be displayed.

Proto Local Address Foreign Address State TCP hope:4409 www.google.com:telnet ESTABLISHED TCP hope:3708 multicity.com:80 CLOSE_WAIT TCP hope:4750 www.google.com:80 CLOSE_WAIT

netstat 5

Running netstat with a number after the command will continue to run the command until stopped. In this case netstat would be refreshed ever five seconds. To cancel press CTRL + C.

Notice: Keep in mind that if you have network applications open, such as the browser you're using to view this page, additional items will be listed when you run "netstat" and/or the "netstat -a" command. So you may see items from Computer Hope in your list; if you want a true listing of what is running in the background, close all programs and run the command.

6. Nslookup

This command helps diagnose the Domain Name System (DNS) infrastructure and comes with a number of sub-commands. These are mainly for systems administrators. The primary interest for average PC users is its use to find the computer name corresponding to a numeric IP. For example, if you want to know who is "216.109.112.135" , enter "nslookup 216.109.112.135" and you will find that it is (or was anyway) a Yahoo computer. My firewall keeps a log of the IPs involved in the attempts to probe my computer and I sometimes look a few up to see who they are.

Syntax

Commands: (identifiers are shown in uppercase, [] means optional)

NAME print info about the host/domain NAME using default server

NAME1 NAME2

as above, but use NAME2 as server

help or ? print info on common commands

set OPTION set an option

all print options, current server and host[no]debug print debugging information[no]d2 print exhaustive debugging information[no]defname append domain name to each query[no]recurse ask for recursive answer to query[no]search use domain search list[no]vc always use a virtual circuitdomain=NAME set default domain name to NAMEsrchlist=N1[/N2/.../N6] set domain to N1 and search list to N1,N2, etc.root=NAME set root server to NAMEretry=X set number of retries to Xtimeout=X set initial time-out interval to X seconds

type=Xset query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)

querytype=X same as typeclass=X set query class (ex. IN (Internet), ANY)[no]msxfr use MS fast zone transferixfrver=X current version to use in IXFR transfer request

server NAME set default server to NAME, using current default server

lserver NAME set default server to NAME, using initial server

finger [USER] finger the optional NAME at the current default host

root set current default server to the root

ls [opt] DOMAIN [> FILE]

list addresses in DOMAIN (optional: output to FILE)

-a list canonical names and aliases-d list all records-t TYPE

list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)

view FILE sort an 'ls' output file and view it with pg

exit exit the program

Examples

This command is often used to perform a reverse lookup on an IP address as shown in the below example. The first section specifies the server and address of that server that provided you with the domain name and IP address displayed in the second section.

nslookup 204.228.150.3

Server: ns.google.comAddress: 1.1.1.1

Name: www.google.comAddress: 204.228.150.3

7. ROUTE

The route MS-DOS utility enables computers to view and modify the computer's route table.

ROUTE [-f] [-p] [command [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface]

 

-f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command.

-p When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved  when the system is restarted. When used with the PRINT command, displays the list of registered persistent routes. Ignored for all other commands, which always affect the appropriate persistent routes. This option is not supported Windows'95. command 

command One of these:

PRINT Prints a routeADD Adds a routeDELETE Deletes a routeCHANGE Modifies an existing route destination

destination Specifies the host.

MASK Specifies that the next parameter is the 'netmask' value.

netmask Specifies a subnet mask value for this route entry.  If not specified, it defaults to 255.255.255.255.

gateway Specifies gateway.

interface the interface number for the specified route.

METRIC Specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Diagnostic Notes:Invalid MASK generates an error, that is when (DEST & MASK) != DEST.Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1The route addition failed: The specified mask parameter is invalid.(Destination & Mask) != Destination.

Examples

Examples:

> route PRINT

>route  ADD 157.0.0.0                     ^destination

MASK 255.0.0.0             ^mask

    157.55.80.1  

    ^gateway

METRIC 3               ^metric

IF 2     ^Interface

If IF is not given, it tries to find the best interface for a givengateway.

> route PRINT> route PRINT 157* .... Only prints those matching 157*> route DELETE 157.0.0.0> route PRINT

One way to use this would be as follows: You can't ping the server that you are connecting to, but you know the ip address to be 127.16.16.10

>route PRINT

Interface List0x1 ........................... MS TCP Loopback interface0x2 ...00 14 a4 c3 44 20 ...... Xircom CardBus Ethernet 10/100 Adapter0x3 ...00 b0 d0 43 55 a5 ...... 3Com EtherLink PCI0x4 ...00 01 b0 8f 8f 80 ...... NdisWan Adapter

Active Routes:Network Destination Netmask Gateway Interface Metric0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1127.16.8.14 255.255.255.255 127.0.0.1 127.0.0.1 1192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2192.168.50.65 255.255.255.255 127.0.0.1 127.0.0.1 1192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1224.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1

** notice that no gateway for the current ip goes to 255.255.255.0, so it must be added. Now do the below command.

>route ADD 127.16.0.0 MASK 255.255.255.0 <your current ip from winntcfg or winipcfg> METRIC 1

**Then do the below command:

>route print

Active Routes:Network Destination Netmask Gateway Interface Metric0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1** 127.16.0.0 255.255.255.0 127.16.8.14 127.16.8.14 1127.16.8.14 255.255.255.255 127.0.0.1 127.0.0.1 1192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2192.168.50.65 255.255.255.255 127.0.0.1 127.0.0.1 1192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1224.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1

**Notice the ** ip address gives me the default gateway

8. NBTSTAT

The nbtstat MS-DOS utility that displays protocol statistics and current TCP/IP connections using NBT.

Syntax

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ]

-a (adapter status) Lists the remote machine's name table given its name

-A (Adapter status) Lists the remote machine's name table given its IP address.

-c (cache) Lists NBT's cache of remote [machine] names and their IP addresses

-n (names) Lists local NetBIOS names.

-r (resolved) Lists names resolved by broadcast and via WINS

-R (Reload) Purges and reloads the remote cache name table

-S (Sessions) Lists sessions table with the destination IP addresses

-s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names.

-RR (ReleaseRefresh) Sends Name Release packets to WINs and then, starts Refresh

RemoteName Remote host machine name.

IP address Dotted decimal representation of the IP address.

interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.

Examples

nbtstat -a 204.224.150.3

Local Area Connection:Node IpAddress: [204.224.150.3] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status---------------------------------------------HOPE4 <00> UNIQUE RegisteredCHGROUP <00> GROUP RegisteredHOPE4 <20> UNIQUE RegisteredHOPE4 <03> UNIQUE RegisteredCHGROUP <1E> GROUP RegisteredCHGROUP <1D> UNIQUE Registered..__MSBROWSE__. <01> GROUP RegisteredADMINISTRATOR <03> UNIQUE Registered

MAC Address = 00-00-00-00-00-00

9. ARP

Display or manipulate the ARP information on a network device or computer.

Additional information about the MS-DOS arp command can be found here.

Syntax

ARP -s inet_addr eth_adr [if_addr]ARP -d inet_addr [if_addr]ARP -a [inet_addr] [-N if_addr]

-a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.

-g Same as -a

inet_addr Specifies an Internet address.

-N if addr

Displays the ARP entries for the network interface specified by if_addr.

-d Deletes the host specified by inet_addr.

-s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes seperated by hyphens. The entry is permanent.

eth_addr Specifies a physical address

if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used.

Examples

arp -a

Interface 220.0.0.80

   Internet Address Physical Address Type   220.0.0.160 00-50-04-62-F7-23 static

The Physical Address or MAC address as shown above in the format aa-bb-cc-dd-ee-ff is the unique manufacturer identification number. This number should always be a unique address.

An example of how to change the above IP address 220.0.0.160 to 220.0.0.161 in this case would be:

arp -s 220.0.0.161 00-50-04-62-F7-23

If an IP address has already been assigned to the specific network adapter it is not possible to change that assigned IP address to a new address. In addition, networks italicizing DHCP, BOOTP or RARP will automatically assign the card an IP address, therefore, this command would not be utilized

10. Netsh, the Network Services Shell

A suite of command line networking tools called Netsh that comes with its own shell or interface is contained in a number of Windows operating systems and is discussed here.

Introduction to Netsh

As more and more home users set up networks, they are finding themselves to be de facto system administrators. Home networks are very nice but they require a certain amount of care and feeding. Fortunately, Windows XP comes with a large assortment of command-line tools that can help maintain your network. Although many are specialized and of interest only to administrators of large corporate setups, some tools can be quite helpful to the home user as well.

Many may find that the basic tools like ping, ipconfig, and netstat, which are discussed on another page, are all that they care to deal with but the more adventurous can take advantage of a complete suite of powerful tools called Netsh. This suite is invoked from the standard command-line but has it has own interface or shell with a large number of sub-commands. I will try to focus on the features of Netsh that I think can be helpful to the home user. The whole suite has many applications and those who want more details can go to this Microsoft reference.

The Network Services shell is opened by entering netsh into a regular command prompt. The shell has a hierarchical structure with some sub-shells that Microsoft calls "contexts". From the user's point of view, however, all that this means is that commands are entered as a sequence of terms. The following sections discuss the "contexts" of most use to the home user.

The "netsh diag" context

The diagnostic context "diag" contains useful tools for checking out a network and testing various components and functions. Table I shows the contexts and sub-commands of most interest to this discussion. A complete list and many details are given at this Microsoft reference.

Table I. Some sub-shells (contexts) and commands for Netsh diag

Context Sub-context Commands

diag

connect- Establishes, verifies, and then drops a connection

iphost, mail, news

ping- Verifies connectivity adapter, iphost, mail, news

show- Lists network components and settings all, client, ip, mail, modem

gui- Starts the network diagnostics tool in Help and Support Center.

Graphical user interface

This group of commands provides ways to test some of the most common functions of interest to home users. For example, you can test if your email server is working or check your email settings by the command netsh diag connect mail (Note that this may not work for email clients like AOL.). Another example is to list important settings withnetsh diag show all

The graphical user interface

One way to simplify diagnostic tasks is to use the Help Center interface that can be invoked by entering netsh diag gui With this interface, you can carry out a number of diagnostic tests with one operation. Figure 1 shows the available functions.

Figure 1. Settings for GUI function of Netsh diag

The "netsh interface ip" context

This context is another with functions that might interest a home user. It provides a way to add, delete, modify, and display various IP addresses and TCP/IP settings. Table II lists several functions. More detail and additional functions are discussed in this Microsoft reference. An example of its use is to display TCP/IP settings with the command netsh interface ip show configThis can also be written netsh int ip show config

Table II. Some commands for "netsh interface ip"

ContextSub-

contextFunction

interface iporint ip

set addressConfigures an IP address and a default gateway on a specified interface

show address

Displays address for specified interface

Reset Internet Protocol (TCP/IP)

Another example of using the Netsh Internet Ip context is resetting TCP/IP. For several reasons, including infestation from spyware, these settings might get corrupted. Netsh contains a command that will reset the TCP/IP stack to the original settings that existed when the operating system was installed. These settings may not be the most up-to-date for your system but they will allow you to reconfigure after a spyware invasion or other problem. The command to reset TCP/IP is netsh int ip reset {logfile} Note that you must include the name of a file where a log of the actions will be placed. Thus, if the log file is C:\tcplog.txt, the command is netsh int ip reset C:\tcplog.txt A detailed description of reinstalling TCP/IP is given at this Microsoft reference. Also, see the Winsock section below.

The "netsh winsock" context

Service pack 2 for Windows XP includes some additions to the Netsh suite. These are discussed here and include a new tool for repairing the Windows network socket or "winsock". Uninstalling spyware or poorly written applications can corrupt the winsock settings and result in loss of network connectivity. There are two commands for managing the settings. To display a list of various installed services (LSP, BSP, NSP) use netsh winsock show catalog This list may not be too meaningful for the average PC user but it can be helpful for more experienced users. To reset the winsock to the default configuration use netsh winsock reset catalog Note that any installed software that uses Internet connections may be partially disabled by this action and have to be reinstalled. This would include most software that updates itself and anti-virus programs that use proxy servers. Therefore, this command should only be used for cases where the degree of corruption makes it necessary. See this reference for some alternative methods.

Netsh Firewall Helper in Windows XP SP2

Microsoft changed the way the firewall in Windows XP works when it issued service pack 2. It also added capability to Netsh for extensive configuring of the firewall with a new context "netsh firewall" that Microsoft calls the Firewall Helper. Its use in troubleshooting firewall problems in SP2 is extensively discussed in this knowledge base article. With the Firewall Helper Microsoft says you can now

• Configure the default state of Windows Firewall. (Options include Off, On, and On with no exceptions.) • Configure the ports that must be open. • Configure the ports to enable global access or to restrict access to the local subnet. • Set ports to be open on all interfaces or only on a specific interface. • Configure the logging options. • Configure the Internet Control Message Protocol (ICMP) handling options. • Add or remove programs from the exceptions list

The number of possible commands is quite large but two main sub-contexts are netsh firewall set and netsh firewall show An extensive list of commands is in the knowledge base article previously mentioned.