Netsh – Managing Windows Networking and Firewall Using the Netsh Command
netsh command is a Windows command that enables you to display and modify the network configuration of Windows computers.
We can run the
netsh command in both CMD and PowerShell. To get a list of the available contexts, run the following command:
Netsh has multiple command contexts (subcommands). Each command context has multiple subcommands you can use. For example, to get a list of the available commands under the
advfirewall context, run the help command as follows:
netsh advfirewall help
You can run the help command for each context to see the different sets of available subcommands.
Configuring Network Interfaces
In the following section, we will be learning how to use the
netsh command to configure Windows networking.
To list all network interfaces on your computer, run the following command:
netsh interface show interface
Use the name parameter to show the status of a specific interface:
netsh interface show interface name="Ethernet"
To check IP Addresses, use
ipv6 contexts as follows:
netsh interface ipv4 show addresses netsh interface ipv6 show addresses
To find the IP Address of a specific interface, use the name parameter:
netsh interface ipv4 show addresses name="Wi-Fi"
The show addresses command shows the IP Address, Subnet Mask, Default Gateway, and DHCP status.
Configuring IP Addresses
The following example shows how to assign a static IP Address to a network interface named Ethernet:
netsh interface ipv4 set address "Ethernet" static 192.168.1.10 255.255.255.0 192.168.1.1
In the above example,
192.168.1.1 is the default gateway. The following is the long format of the same command:
netsh interface ipv4 set address name="Ethernet" source=static address=192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1
The following example shows how to configure a network interface to receive its IP configuration from the DHCP server:
netsh interface ipv4 set address name="Ethernet" source=dhcp
Configuring Name Servers
You can check DNS server addresses with the following two commands for IPV4 and IPv6, respectively:
netsh interface ipv4 show dnsservers netsh interface ipv6 show dnsservers
Configure the NIC to receive DNS server address assignment from the DHCP server:
netsh interface ipv4 set dnsservers "Ethernet" source=dhcp
The following example shows how to set the primary DNS server address on the NIC named Ethernet:
netsh interface ipv4 set dnsservers name="Ethernet" static 192.168.1.1 primary
It will remove any existing DNS server IP addresses. To add a name server without removing existing IP addresses, use the add dnsservers command:
netsh interface ipv4 add dnsservers "Ethernet" 192.168.1.1 index=1
The above command sets the primary DNS server. If other IP addresses exist, they will move down on the list.
The following command sets the secondary DNS server:
netsh interface ipv4 add dnsservers "Ethernet" 192.168.1.2 index=2
Configuring Windows Firewall
In the following section, we will be learning how to use netsh to configure Windows Defender Firewall.
First of all, you can check Windows Firewall status with the following command:
netsh advfirewall show allprofiles
The command will show the status for all Firewall profiles. To check a specific Firewall profile (public, for example), run the
netsh command as follows:
netsh advfirewall show publicprofile
netsh advfirewall show help command will show you the list of all Firewall profiles.
The following two commands turn on and off Windows Firewall, respectively:
netsh advfirewall set allprofile state off netsh advfirewall set allprofile state on
The following examples show how to open ports, block ports, and allow programs through Windows Firewall.
Add an inbound Firewall rule to open port
netsh advfirewall firewall add rule name="allow80" dir=in protocol=tcp localport=80 action="allow"
Disable the above rule:
netsh advfirewall firewall set rule name="allow80" new enable=no
80 to IP Address
netsh advfirewall firewall add rule name="allow80" dir=in protocol=tcp localport=80 remoteip="192.168.1.10" action=allow
80 from IP Address
netsh advfirewall firewall add rule name="block80" dir=in protocol=tcp localport=80 remoteip="192.168.1.10" action=block
Allow a program through the Firewall:
netsh advfirewall firewall add rule name="netcat" dir=in program="C:\program files (x86)\nmap\ncat.exe" action=allow
List all Firewall rules:
netsh advfirewall firewall show rule all
List all inbound rules:
netsh advfirewall firewall show rule all dir=in
Display all the settings for inbound rules called netcat:
netsh advfirewall firewall show rule name="netcat" verbose
When using the netsh command, always use the help option to see the list of subcommands you can use. The help page also includes examples showing you how to use netsh to manage Windows networking and Firewall.