The Network Command Shell (NetSH)
utility extends this idea by providing an extensible command processor.
You access the functionality that this utility provides by loading a
helper Dynamic Link Library (DLL). Each helper DLL places the NetSH
utility into a different context. The use of helper DLLs theoretically
makes it possible for third-party vendors to add NetSH functionality as
part of their network product installation. One of the essential
commands to know for NetSH, since it's so flexible, is NetSH Show Helper. This command displays a list of helper DLLs installed on your machine, which may differ from the list shown in Figure 6.2 based on the operating system features you have installed.
Notice the hierarchy of contexts displayed in Figure 1. To access the IP context at the command line, you must type NetSH Interface IP and then the command you wish to use. Likewise, if you want to access the 6To4 context, you must type NetSH Interface IPv6 6To4
at the command line. Typing any context by itself (or followed by a
question mark (?) or Help) displays the list of commands for that
context.
Type a command to
see the list of subcommands or the instructions for using that command.
Type a subcommand to see the instructions for using that subcommand. For
example, to discover how to add a new IP address, type NetSH Interface IP Add Address at the command prompt and press Enter. You'll see a help display explaining the command, as shown in Figure 2. Figure 2
shows the Server Core view of the help for this command. If you're
familiar with previous versions of Windows, you'll notice that the
Server Core help is an improvement.
The NetSH utility provides
access to a broad range of networking functionality using contexts. Each
context represents a different functional network area such as
configuring the firewall or modifying security. You can interact with
NetSH at the command line, in an interactive environment, and using
scripts. In this case, a script file is simply a list of commands that
you want NetSH to perform. You place these commands in a text file and
pass them to NetSH to execute. This utility uses the following syntax:
netsh [-a AliasFile] [-c Context] [-r RemoteMachine]
[-u [DomainName\]UserName] [Command | -f ScriptFile]
The following list describes each of the command line arguments.
-a
AliasFileSpecifies the alias
file to use. An alias file contains a set of strings and their
associated NetSH equivalents. You can use the alias in place of the
corresponding NetSH command. This feature also allows you to map older commands to the appropriate NetSH command.
-c
ContextDefines the context of the command that you want to run. A context refers to a specific helper DLL.
Command
Specifies the NetSH command to execute. The command is helper DLL specific.
-f
ScriptFileSpecifies the name of a
file that contains NetSH commands. A script file is simply a text file
that contains NetSH commands one after another. You can use the pound
(#) symbol followed by text to create script file comments. Use the
NetSH Dump command to display a
sample script. Because the script is long, you might want to use
redirection to send the output to a file .
-r
RemoteMachineDefines the name
or IP address of a remote machine to use to execute NetSH commands. This
feature helps you manage remote systems.
-u
[DomainName\]UserNameSpecifies the credentials to use to log into a system. Server Core prompts you for a password when logging into another system.
The various helper DLLs
provide contexts that you can use to perform specific tasks. You can
access some of these contexts directly from the command line using a
command. Table 1 describes each of the top-level contexts.
Table 1. Standard NetSH Contexts
Context Name | Windows Version | Description |
---|
Bridge | Windows XP and above | Shows
configuration information for network adapters that are part of a
network bridge. You can also use this context to enable or disable Level
3 compatibility mode. |
Diag | Windows XP and above | Performs
network diagnostic commands. For example, you can use this context to
display network service status information or perform diagnostics
similar to the Ping utility .
A special NetSH Diag GUI command displays a Web page in the Help and
Support Center that provides access to the network diagnostics. |
Firewall | Windows XP and above | Provides
complete access to the Windows firewall. You can use this context to
add and remove configuration information, as well as display the current
firewall state. |
Interface | Windows 2000 and above | Provides
access to the network interfaces installed on your machine, which
normally include IP, IPV6 (Windows XP and above), and standard port
proxies. You can use this context to configure the TCP/IP protocol
including addresses, default gateways, DNS servers, and WINS servers. |
RAS | Windows 2000 and above | Provides
access to the Remote Access Server (RAS) and all of its configuration
information. For example, this context provides access to the
Authentication, Authorization, Accounting, and Auditing (AAAA)
subcontext where you perform security setups. |
Routing | Windows 2000 and above | Helps
you configure the routing features of the system using a command line
interface, rather than rely on the Routing and Remote Access console.
The biggest advantage of the command line interface, in this case, is
speed. You can access and manage remote servers over a large network,
especially wide area networks (WANs) much faster using NetSH than you
can the graphical equivalents. In addition, since these configuration
tasks can become quite complex, you gain the advantage of scripting them
once, rather than going through every required step each time you
perform the task. |
WinSock | Windows XP and above | Shows
Windows Socket (WinSock) information for the current system. You can
also use this context to dump the WinSock configuration script. |
The default context is the
root context, the NetSH utility itself. You can use specific commands
from this context to perform configuration tasks or access other
contexts. The following list describes the command line arguments, which
differ according to the version of Windows that you use and the
networking features you have installed.
add
Adds a configuration entry to the list of entries. When working at the root context, you can add new helper DLLs to the list.
delete
Deletes a
configuration entry from the list of entries. When working at the root
context, you can remove a helper DLL from the list.
dump
Displays a configuration script. The script is quite long, so you'll want to use redirection to store the script to a file.
exec
Executes the specified script file.
interface
Sets NetSH to use the interface context.
ras
Sets NetSH to use the RAS context.
routing
Sets NetSH to use the routing context.
set
Updates the
configuration settings. Most versions of NetSH only allow you to set the
machine name when working at the root context.
show
Displays NetSH
configuration information. Most versions of NetSH provide commands to
display both the list of aliases and the list of helpers installed on
the system.
Windows XP and above provide additional functionality to support items such as the firewall. Here are the Windows XP additions.
bridge
Sets NetSH to use the bridge context.
diag
Sets NetSH to use the diag context.
firewall
Sets NetSH to use the firewall context.
winsock
Sets NetSH to use the WinSock context.
Windows 2003 and above supports still more commands. The following list describes the Windows 2003 additions.
cmd
Creates a command window where you can enter NetSH commands manually.
comment
Executes any commands accumulated in offline mode.
flush
Discards the commands accumulated in offline mode.
online
Sets the current
mode to online. In online mode, which is the default for all previous
versions of NetSH, the utility executes immediately any command you
issue. Use the show mode command to display the current mode.
offline
Sets the current mode
to offline. In offline mode, which was new for Windows 2003, the
utility accumulates any commands you issue and executes them as a batch.
Using this second approach on remote servers can greatly enhance
performance without any loss of functionality. Use the show mode command to display the current mode.
pushd
Pushes a
context onto the NetSH stack.
popd
Removes
a context from the NetSH stack.