The joy of netsh

Published 02 June 05 06:24 PM

Ever notice there are REALLY useful tools that you totally overlook? Well I do. All the time! One such mega-useful tool in Windows is netsh, a tool for getting and setting network settings on a box.

I found it a "Godsend" just recently when I had to troubleshoot a Windows XP SP 2 firewall problem. If you run these commands in a batch file:

netsh firewall show state > fw
netsh firewall show allowedprogram >> fw
netsh firewall show logging >> fw

You'll see something like this:

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
3389   TCP       Any      (null)
4500   UDP       Any      C:\WINDOWS\system32\lsass.exe
500    UDP       Any      C:\WINDOWS\system32\lsass.exe


Allowed programs configuration for Domain profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   MSN Messenger 7.0 / C:\Program Files\MSN Messenger\msnmsgr.exe

Allowed programs configuration for Standard profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   AcceptConnection / C:\Junk\AcceptConnection\Debug\AcceptConnection.exe
Enable   MSN Messenger 7.0 / C:\Program Files\MSN Messenger\msnmsgr.exe


Log configuration:
-------------------------------------------------------------------
File location   = C:\WINDOWS\pfirewall.log
Max file size   = 24096 KB
Dropped packets = Enable
Connections     = Disable

Note, you can use the tool to set and get settings, it's not just a query tool. There's a good rundown of using netsh to diagnose firewall issues here http://support.microsoft.com/default.aspx?scid=kb;en-us;875357

Other useful things to spelunk include the IPv6 support:

The command installs IPv6 support:

netsh interface ipv6 install

And this command dumps all the IPv6 interface data, it's more detailed than ipconfig.

netsh interface ipv6 show address

 

by michael_HOWARD
Filed under:

Comments

# Al said on June 3, 2005 2:03 PM:
I use netsh for setting up IPSec on Windows Server 2003 all the time. I knew the firewall info was there with sp1 - just never looked at it.

netsh firewall show portopening verbose=enable could come in handy in the future.

Thanks!
# Michael said on June 4, 2005 12:33 PM:
Here's a question for you Michael. Since you mention installing ipv6 support, is that something the average user would benefit from (either from a security perspective or otherwise)?
# michael_HOWARD said on June 7, 2005 1:33 PM:
I think for the average user, there is little to be gained right now - this may change over the years.
# Steve Lamb's Blog said on June 15, 2005 6:56 AM:
If you're struggling to get the balance right between the enhanced security gained by enabling the firewall...
# Steve Lamb's Blog said on June 15, 2005 6:58 AM:
If you're struggling to get the balance right between the enhanced security gained by enabling the firewall...
# M said on June 23, 2005 2:11 PM:
Netsh is absolutely one of those infinitely useful little known tools. I recently scripted changing DNS settings on some 6,000 machines using ipconfig, netsh, and a little awk. It's a bit buggy in certain instances, but it works wonders. I've often wondered though: the verbosity of netsh, much like ntdsutil doesn't really seem to jive with other MS command line tools... Anyone know why the disjoin? Different developers? Purchased technologies?
# Geek Noise said on July 19, 2005 12:18 AM:
# Geek Noise said on July 19, 2005 12:18 AM:
# The joy of netsh | Ugh!!'s Greymatter Honeypot said on May 12, 2008 8:52 AM:

PingBack from http://www.u-g-h.com/index.php/2005/07/19/the-joy-of-netsh/

New Comments to this post are disabled
Page view tracker