Windows Network Engineer Command Cheat Sheet

Windows provides a set of utilities to achieve simple network configuration and management functions, usually in the form of DOS commands. Using keyboard commands to display and change network configurations feels like directly operating the hardware, which not only makes the operation simple and convenient but also shows immediate results. It allows for detailed understanding of network configuration parameters and improves network management efficiency. Therefore, mastering these common network management commands is a basic skill for network administrators. Windows network management commands are typically stored as exe files in the system32 directory. You can access the DOS command window by going to the Start menu, selecting Run (or pressing Win+R simultaneously), and then entering cmd and pressing Enter to execute these network management commands.

✅ ipconfig

ipconfig is the most commonly used Windows utility that displays TCP/IP configuration parameters for all network adapters. It can refresh the Dynamic Host Configuration Protocol (DHCP) and Domain Name System settings.

Examples:

• (1) To display basic TCP/IP configuration parameters for all network adapters, enter: ipconfig
• (2) To display complete TCP/IP configuration parameters for all network adapters, enter: ipconfig /all
• (3) To manually release the IP address for DHCP clients, enter: ipconfig /release
• (4) To manually request renewal from the server for DHCP clients, enter: ipconfig /renew
• (5) To clear the local DNS resolver cache, enter: ipconfig /flushdns
• (6) To display local DNS contents, enter: ipconfig /displaydns

✅ Ping

The ping command tests the connection to another computer by sending ICMP echo request packets. It is a test command used to troubleshoot connectivity issues. If no parameters are provided, it displays help information.

Common parameters:

• -t: Continuously sends echo requests until interrupted by Ctrl+Break or Ctrl+C. Ctrl+Break displays statistics, while Ctrl+C does not display statistics.
• -n [count]: Specifies the number of echo requests to send, with the default being 4.
• -l [size]: Specifies the size of the echo request packet in bytes, with the default being 32 and the maximum being 65527.
• -f: Sets the “do not fragment” flag in the IP header, used to test the maximum packet length that can be transmitted along the route.
• -w [timeout]: Specifies the timeout period in milliseconds for waiting for an echo response. If the response times out, it displays an error message “Request timed out,” with the default timeout interval being 4 seconds.

✅ arp

The arp command is used to display and modify the contents of the Address Resolution Protocol (ARP) cache table, which contains mappings of IP addresses to MAC addresses. Each installed network adapter on a computer has its own cache table. If the arp command is used without parameters, it displays help information.

• (1) To display the contents of all ARP cache tables, enter: arp -a
• (2) To delete the contents of all ARP cache tables, enter: arp -d
• (3) To display the ARP cache table for the interface with IP address 10.0.0.99, enter: arp -a -N 10.0.0.99
• (4) To add a static table entry, resolving IP address 10.0.0.80 to physical address 00-AA-OO-4F-2A-9C, enter: arp -s 10.0.0.80 00-AA-OO-4F-2A-9C. The ARP table entry added with the -s parameter is static and will not be deleted due to timeout.

✅ netstat

The netstat command is used to display TCP connections, ports that the computer is listening on, Ethernet statistics, IP routing table, IPv4 statistics (including IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (including IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols), among other things. If used without parameters, it displays active TCP connections.

Common parameters:

• -a: Displays all active TCP connections, as well as TCP and UDP ports that are listening.
• -e: Displays Ethernet statistics, such as the number of bytes sent and received, and the number of errors.
• -n: Displays active TCP connections, addresses, and port numbers in numerical form.
• -r: Displays the contents of the IP routing table, equivalent to the route print command.
• -s: Displays statistics for each protocol. By default, it shows data packets sent and received, error packets, and the number of successful or failed connections for TCP, UDP, ICMP, and IP protocols.
• -p [Protocol]: Specifies the protocol to display with the identifier Protocol, which can be TCP, UDP, TCPv6, or UDPv6.

The statistics displayed by netstat are divided into the following sections:

1. Proto: Indicates the name of the protocol (e.g., TCP or UDP).
2. Local Address: The address and port of the local computer.
3. Foreign Address: The address and port of the remote computer.
4. State: Indicates the state of the TCP connection, represented by the following state names.

• LISTEN: Listening for connection requests from a remote TCP port.
• SYN-SENT: Waiting for a matching connection request after sending a connection request.
• SYN-RECEIVED: Waiting for the remote TCP to acknowledge a connection request after both sending and receiving one.
• ESTABLISHED: Connection is established between the local host and the remote host.
• FIN-WAIT-1: Waiting for a remote TCP to acknowledge a connection termination request, or acknowledgment of a previous connection termination request.
• FIN-WAIT-2: Waiting for a connection termination request from the remote TCP.
• CLOSE-WAIT: Waiting for a connection termination request from the local user.
• CLOSING: Waiting for acknowledgment of a connection termination request from the remote TCP.
• LAST-ACK: Waiting for acknowledgment of a previous connection termination request sent to the remote TCP.
• TIME-WAIT: Waiting for a sufficient amount of time to ensure that the remote TCP receives acknowledgment of the connection termination request.
• CLOSED: No active connection state.

✅ tracert

The function of the tracert command is to determine the path to a destination and display the IP addresses of each intermediate router along the route. By sending ICMP echo request packets to the target multiple times and incrementing the Time-To-Live (TTL) field in the IP header each time, it can determine the time it takes to reach each router along the path. The displayed addresses are the port addresses on the side of the router closest to the source.

Examples:

• (1) To trace the path to the host 8.8.8.8, enter: tracert 8.8.8.8
• (2) To trace the path to the host 8.8.8.8 without resolving IP addresses to host names (which is the default behavior and can slow down tracing), enter: tracert -d www.xxx.com

✅ route

The function of the route command is to display and modify the local IP routing table. If used without parameters, it provides help information.

Examples:

• (1) To display the entire routing table of the host, enter: route print
• (2) To display routing table entries that start with 10., enter: route print 10.*
• (3) To add a default route to the gateway address 192.168.12.1, enter: route add 0.0.0.0 mask 0.0.0.0 192.168.12.1
• (4) To add a route to the destination 10.41.0.0 (with subnet mask 255.255.0.0) with the next hop address 10.27.0.1, enter: route add 10.41.0.0 mask 255.255.0.0 10.27.0.1
• (5) To add a permanent route to the destination 10.41.0.0 (with subnet mask 255.255.0.0) with the next hop address 10.27.0.1, use the -p parameter, enter: route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1
• (6) To delete the route to the destination 10.41.0.0 with a subnet mask of 255.255.0.0, enter: route delete 10.41.0.0 mask 255.255.0.0
• (7) To delete all routing table entries that start with 10., enter: route delete 10.*
• (8) To change the next hop address for the destination 10.41.0.0 with a subnet mask of 255.255.0.0 from 10.27.0.1 to 10.27.0.25, enter: route change 10.41.0.0 mask 255.255.0.0 10.27.0.25

✅ nslookup

The nslookup command is used for DNS query information, diagnosing, and troubleshooting DNS issues. It has two modes: interactive and non-interactive. To enter interactive mode, type nslookup at the command line and press Enter. For non-interactive mode, type nslookup followed by the domain name or IP address you want to query and press Enter. Generally, non-interactive mode is suitable for simple, single queries, while interactive mode is more appropriate for multiple queries.

✅ net

The net command includes most of the important management functions for managing the network environment, services, users, and logins. It allows you to easily manage the network environment of local or remote computers, as well as the operation and configuration of various service programs, or to perform user and login management.

Examples:

• (1) To display a list of all users, enter: net user
• (2) To display shared resources, enter: net share
• (3) To display a list of started services, enter: net start
• (4) To start the telnet service, enter: net start telnet
• (5) To stop the telnet service, enter: net stop telnet

Related:

1. Key HTTP Error Codes You Should Know: Common Overview
2. GPU Rasterization: How Graphics Cards Process Images

Disclaimer: This article is created by the original author. The content of the article represents their personal opinions. Our reposting is for sharing and discussion purposes only and does not imply our endorsement or agreement. If you have any objections, please contact us through the provided channels.