NETSH (Network Shell)

Configure Network Interfaces, Windows Firewall, Routing & remote access.

Syntax
      NETSH [Context] [sub-Context] command

Key
The contexts and commands available vary by platform, the list below is for Windows 2008.
Use interactive mode/help (described below) to check the commands available on your machine.
	   
= add             - Add a configuration entry to a list of entries.
netsh add helper  - Install the specified helper DLL

= advfirewall    - Change the 'netsh advfirewall' context.

netsh advfirewall consec ?              - Display a list of commands.
netsh advfirewall consec add            - Add a new connection security rule.
netsh advfirewall consec delete         - Delete all matching connection security rules.
netsh advfirewall consec dump           - Display a configuration script.
netsh advfirewall consec set            - Set new values for properties of an existing rule.
netsh advfirewall consec show           - Display a specified connection security rule.

netsh advfirewall dump    Create a script that contains the current configuration.
                          If saved to a file, this can be used to restore the configuration settings.

netsh advfirewall export path\filename  - Export the current policy to the specified file.
netsh advfirewall import path\filename  - Import policy from the specified file.

netsh advfirewall firewall add          - Add a new inbound or outbound firewall rule.
netsh advfirewall firewall delete       - Delete all matching inbound rules.
netsh advfirewall firewall dump         - Display a configuration script.
netsh advfirewall firewall set          - Set new values for properties of a existing rule.
netsh advfirewall firewall show         - Display a specified firewall rule.

netsh advfirewall monitor delete        - Delete all matching security associations.
netsh advfirewall monitor dump          - Display a configuration script.
netsh advfirewall monitor show          - Show all matching security associations.

netsh advfirewall reset   - Reset to factory settings (Firewall=ON)

netsh advfirewall set allprofiles    - Set properties in all profiles.
netsh advfirewall set currentprofile - Set properties in the active profile.
netsh advfirewall set domainprofile  - Set properties in the domain profile.
netsh advfirewall set global         - Set the global properties.
netsh advfirewall set privateprofile - Set properties in the private profile.
netsh advfirewall set publicprofile  - Set properties in the public profile.

netsh advfirewall show allprofiles    - Display properties for all profiles.
netsh advfirewall show currentprofile - Display properties for the active profile.
netsh advfirewall show domainprofile  - Display properties for the domain properties.
netsh advfirewall show global         - Display the global properties.
netsh advfirewall show privateprofile - Display properties for the private profile.
netsh advfirewall show publicprofile  - Display properties for the public profile.
netsh advfirewall show store          - Display the policy store for the current interactive session.

=bridge         - Change to the 'netsh bridge' context.
netsh bridge dump           - Display a configuration script.
netsh bridge install        - Install the component corresponding to the current context.
netsh bridge set            - Set configuration information.
netsh bridge show           - Display information.
netsh bridge uninstall      - Remove the component corresponding to the current context.

=delete         - Delete a configuration entry from a list of entries.
netsh delete helper   Remove the specified helper DLL from netsh.
Note that after a helper is removed, it is no longer supported by netsh.

=dhcpclient     - Change to the 'netsh dhcpclient' context.
netsh dhcpclient list            - List all the commands available.
netsh dhcpclient trace enable    - Enable tracing for DHCP client and DHCP QEC.
netsh dhcpclient trace disable   - Disable tracing for DHCP client and DHCP QEC.

=dump           - Display a configuration script.
netsh dump   - Create a script that contains the current configuration.
               If saved to a file, this can be used to restore the configuration settings.

=exec           - Run a script file.
exec   - Load a script file and run it.

=firewall       - Change to the 'netsh firewall' context.
netsh firewall add                - Add firewall configuration.
netsh firewall delete             - Delete firewall configuration.
netsh firewall dump               - Display a configuration script.
netsh firewall reset              - Reset firewall configuration to default.
netsh firewall set allowedprogram - Set firewall allowed program configuration.
netsh firewall set icmpsetting    - Set firewall ICMP configuration.
netsh firewall set logging        - Set firewall logging configuration.
netsh firewall set multicastbroadcastresponse - Set firewall multicast/broadcast response configuration.
netsh firewall set notifications  - Set firewall notification configuration.
netsh firewall set opmode         - Set firewall operational configuration.
netsh firewall set portopening    - Set firewall port configuration.
netsh firewall set service        - Set firewall service configuration.
netsh firewall show allowedprogram - Show firewall allowed program configuration.
netsh firewall show config         - Show firewall configuration.
netsh firewall show currentprofile - Show current firewall profile.
netsh firewall show icmpsetting    - Show firewall ICMP configuration.
netsh firewall show logging        - Show firewall logging configuration.
netsh firewall show multicastbroadcastresponse - Show firewall multicast/broadcast response configuration.
netsh firewall show notifications  - Show firewall notification configuration.
netsh firewall show opmode         - Show firewall operational configuration.
netsh firewall show portopening    - Show firewall port configuration.
netsh firewall show service        - Show firewall service configuration.
netsh firewall show state          - Show current firewall state.

=help           - Display a list of netsh commands.
netsh help

=http           - Change to the 'netsh http' context.
netsh http add            - Add a configuration entry to a table.
netsh http delete         - Delete a configuration entry from a table.
netsh http dump           - Display a configuration script.
netsh http flush          - Flushe internal data.
netsh http show           - Display information.

=interface      - Change to the 'netsh interface' context.
netsh interface 6to4           + Change to the 'netsh interface 6to4' context.
netsh interface add            - Add a configuration entry to a table.
netsh interface delete         - Delete a configuration entry from a table.
netsh interface dump           - Display a configuration script.
netsh interface ipv4           + Change to the 'netsh interface ipv4' context.
netsh interface ipv6           + Change to the 'netsh interface ipv6' context.
netsh interface isatap         + Change to the 'netsh interface isatap' context.
netsh interface portproxy      + Change to the 'netsh interface portproxy' context.
netsh interface reset          - Reset information.
netsh interface set            - Set configuration information.
netsh interface show           - Display information.
netsh interface tcp            + Change to the 'netsh interface tcp' context.
netsh interface teredo         + Change to the 'netsh interface teredo' context.

The following sub-contexts are available:
      6to4 ipv4 ipv6 isatap portproxy tcp teredo

=ipsec          - Change to the 'netsh ipsec' context.
netsh ipsec dump           - Display a configuration script.
netsh ipsec dynamic add            - Add policy, filter, and actions to SPD.
netsh ipsec dynamic delete         - Delete policy, filter, and actions from SPD.
netsh ipsec dynamic dump           - Display a configuration script.
netsh ipsec dynamic set            - Modifiy policy, filter, and actions in SPD.
netsh ipsec dynamic show           - Display policy, filter, and actions from SPD.
netsh ipsec static add            - Create new policies and related information.
netsh ipsec static delete         - Delete policies and related information.
netsh ipsec static dump           - Display a configuration script.
netsh ipsec static exportpolicy   - Export all the policies from the policy store.
netsh ipsec static importpolicy   - Import the policies from a file to the policy store.
netsh ipsec static set            - Modify existing policies and related information.
netsh ipsec static show           - Display details of policies and related information.

=lan            - Change to the 'netsh lan' context.
netsh lan add            - Add a configuration entry to a table.
netsh lan delete         - Delete a configuration entry from a table.
netsh lan dump           - Display a configuration script.
netsh lan export         - Save LAN profiles to XML files.
netsh lan reconnect      - Reconnect on an interface.
netsh lan set            - Configure settings on interfaces.
netsh lan show           - Display information.

=nap            - Change to the 'netsh nap' context.
netsh nap client         + Change to the 'netsh nap client' context.
netsh nap dump           - Display a configuration script.
netsh nap hra            + Change to the 'netsh nap hra' context.
netsh nap reset          - Reset configuration.
netsh nap show           - Show configuration and state information.

=netio          - Change to the 'netsh netio' context.
netsh netio add            - Add a configuration entry to a table.
netsh netio delete         - Delete a configuration entry from a table.
netsh netio dump           - Display a configuration script.
netsh netio show           - Display information.

=ras            - Change to the 'netsh ras' context. (Remote Access Server)
netsh ras aaaa           - Change to the 'netsh ras aaaa' context.
netsh ras add            - Add items to a table.
netsh ras delete         - Remove items from a table.
netsh ras diagnostics    - Change to the 'netsh ras diagnostics' context.
netsh ras dump           - Display a configuration script.
netsh ras ip             - Change to the 'netsh ras ip' context.
netsh ras ipv6           - Change to the 'netsh ras ipv6' context.
netsh ras set            - Set configuration information.
netsh ras show           - Display information.

=rpc            - Change to the 'netsh rpc' context. (RPC firewall filter)
netsh rpc add            - Create an Add list of subnets.
netsh rpc delete         - Create a Delete list of subnets.
netsh rpc dump           - Display a configuration script.
netsh rpc filter         - Change to the 'netsh rpc filter' context.
netsh rpc reset          - Reset the selective binding settings to 'none' (listen on all interfaces).
netsh rpc show           - Display the selective binding state for each subnet on the system.

=set            - Update configuration settings on a remote machine.
netsh set machine [name=] [user=][[DomainName\]UserName] [pwd=][Password | *]

If a machine name is not specified, the local machine is used.
A username and password cannot be used to connect to the local machine.

=show           - Display information.
netsh show alias   - List all defined aliases.
netsh show helper  - List all the top-level helpers.

=winhttp        - Change to the 'netsh winhttp' context.
netsh winhttp dump           - Display a configuration script.
netsh winhttp import         - Import WinHTTP proxy settings.
netsh winhttp reset          - Reset WinHTTP settings.
netsh winhttp set            - Configure WinHTTP settings.
netsh winhttp show           - Display currents settings.

=winsock        - Change to the 'netsh winsock' context.
netsh winsock audit          - Display a list of Winsock LSPs that have been installed and removed.
netsh winsock dump           - Display a configuration script.
netsh winsock remove         - Remove a Winsock LSP from the system.
netsh winsock reset          - Reset the Winsock Catalog to a clean state.
netsh winsock show           - Display information.

netsh                        - Interactive mode

In interactive mode, switch context by typing any context name: advfirewall, bridge, firewall, http, interface, ipsec.. etc
list commands with ? exit interactive mode with Quit or Exit.
To view help for any command, type the command, followed by a space and ?

The syntax on this page is based on Windows 2008, for backwards compatibility with XP dns is an alias for dnsserver, ip is an alias for ipv4

Examples:

Install ipmontr.dll:
C:\> netsh advfirewall net add helper ipmontr.dll

Export the fiewall policy:
C:\> netsh advfirewall export "c:\advfirewallpolicy.wfw"

Show TCP/IP settings
C:\> netsh interface ip show config

Set a static IP address (e.g. for a laptop)
C:\> Netsh interface ip set address name="Local Area Connection" source=static addr=192.168.0.10 mask=255.255.255.0 gateway=192.168.0.1 gwmetric=1

Set a dynamic IP address with DHCP
C:\> Netsh interface ip set address name="Local Area Connection" source=dhcp

Add multiple DNS servers:
C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.1
C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.3 index=2

index=2 adds the IP as a secondary dns server.

Set a static DNS server address:
C:\> Netsh interface ip set dns name="Local Area Connection" source=static addr=192.168.0.2 register=none

Set a dynamic DNS server address with DHCP:
C:\> netsh interface ip set dns name="Local Area Connection" source=dhcp

Set a static address for the WINS server:
C:\> Netsh interface ip set wins name="Local Area Connection" source=static addr=192.168.100.3

To configure WINS from DHCP:
C:\> Netsh interface ip set wins name="Local Area Connection" source=dhcp

Backup the local DHCP server configuration to a file:
C:\> netsh dump dhcp > C:\backupDHCPconfig.dat
You can use this backup file to recreate the DHCP server with Netsh .

Work against a remote machine:
C:\> netsh set machine server64

Backup the current network interface configuration to a file:
C:\> netsh dump interface > c:\backupInterfaceConfig.dat

Restore network interface configuration from a file:
C:\> netsh exec c:\backupInterfaceConfig.dat

Run Netsh from Powershell (returns a Text object you can manipulate)
PS C:\> $myFWstate=netsh firewall show state
PS C:\> $myFWstate -match "disable"

Disable Network auto-tuning (certain routers and networking devices perform better with this off.)
PS C:\> netsh interface tcp set global autotuning=disabled

Enable Network auto-tuning (certain routers and networking devices perform better with this on.)
PS C:\> netsh interface tcp set global autotuning=normal

"Once you eliminate your #1 problem, #2 gets a promotion" ~ Gerald Weinberg, "The Secrets of Consulting"

Related:

Netsh 2008 Technical Reference - Microsoft.com
Netsh command reference - Microsoft.com
Q242468 - How to Use the Netsh.exe Tool
NVSPBIND - A tool for modifying network bindings from the command line (Unsupported tool).
Q257748 - Change from Static IP Address to DHCP with NETSH
Q140859 - Win NT TCP/IP Routing Basics
ROUTE - Manipulate network routing tables
Equivalent bash command (Linux):


© Copyright SS64.com 1999-2014
Some rights reserved