The joy of netsh
Ever notice there are REALLY useful tools that you totally overlook? Well I do. All the time! One such mega-useful tool in Windows is netsh, a tool for getting and setting network settings on a box.
I found it a "Godsend" just recently when I had to troubleshoot a Windows XP SP 2 firewall problem. If you run these commands in a batch file:
netsh firewall show state > fw
netsh firewall show allowedprogram >> fw
netsh firewall show logging >> fw
You'll see something like this:
Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
3389 TCP Any (null)
4500 UDP Any C:\WINDOWS\system32\lsass.exe
500 UDP Any C:\WINDOWS\system32\lsass.exe
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable MSN Messenger 7.0 / C:\Program Files\MSN Messenger\msnmsgr.exe
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable AcceptConnection / C:\Junk\AcceptConnection\Debug\AcceptConnection.exe
Enable MSN Messenger 7.0 / C:\Program Files\MSN Messenger\msnmsgr.exe
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 24096 KB
Dropped packets = Enable
Connections = Disable
Note, you can use the tool to set and get settings, it's not just a query tool. There's a good rundown of using netsh to diagnose firewall issues here https://support.microsoft.com/default.aspx?scid=kb;en-us;875357
Other useful things to spelunk include the IPv6 support:
The command installs IPv6 support:
netsh interface ipv6 install
And this command dumps all the IPv6 interface data, it's more detailed than ipconfig.
netsh interface ipv6 show address
Comments
Anonymous
June 03, 2005
I use netsh for setting up IPSec on Windows Server 2003 all the time. I knew the firewall info was there with sp1 - just never looked at it.
netsh firewall show portopening verbose=enable could come in handy in the future.
Thanks!Anonymous
June 04, 2005
Here's a question for you Michael. Since you mention installing ipv6 support, is that something the average user would benefit from (either from a security perspective or otherwise)?Anonymous
June 07, 2005
I think for the average user, there is little to be gained right now - this may change over the years.Anonymous
June 14, 2005
If you're struggling to get the balance right between the enhanced security gained by enabling the firewall...Anonymous
June 14, 2005
If you're struggling to get the balance right between the enhanced security gained by enabling the firewall...Anonymous
June 23, 2005
The comment has been removedAnonymous
May 12, 2008
PingBack from http://www.u-g-h.com/index.php/2005/07/19/the-joy-of-netsh/Anonymous
May 29, 2009
PingBack from http://paidsurveyshub.info/story.php?title=michael-howard-s-web-log-the-joy-of-netshAnonymous
June 07, 2009
PingBack from http://greenteafatburner.info/story.php?id=3431