cmd commands for network analysis

 

With simple commands a quick overview of the current network settings can be read out and thus possible connection errors can be found, or an overview of other devices in the network can be obtained. The commands described here are cmd commands for Windows. They are entered via the command prompt: cmd.

Aim of this article

Describe the most important network commands
in the command prompt

Effort

Reading time: approx. 7 Minutes

Prerequisite

a little basic network knowledge
and a Windows computer

How can the IP address be determined?

The IP address or network address can be read out with the ipconfig command:

Relevant is usually the IPv4 address, which has the following format ???.???.???.???, where ??? are each 3 numbers from 0-255. (In the screenshot 192.168.1.114)

IPv4 should be replaced by IPv6 in the long run, but it stubbornly persists and is typically in use. In the rarest cases, IPv6 is used for a home network.

The standard gateway is also interesting at this point. The standard gateway connects other networks, it forwards requests that cannot be answered by the local network. Mostly the standard gateway leads to the internet.

The default gateway is the address of the router.
The router can be managed by calling the address in a browser.

How can the MAC address be determined?

The MAC address is a unique address of the network adapter. The MAC address can be displayed using the getmac command or with ipconfig /all.

Usually a laptop has several network cards, e.g. the WLAN adapter (wireless LAN adapter) and an RJ45 network card: Ethernet adapter.

The respective MAC address can be found under "Physical address".

How to test the network connection?

To test the connection to another network device, a ping can be sent: Ping requests a response from the network device and measures the time until it comes back (RTT: Round trip; latency). 
ping ???.???.???.???
???.???.???.??? is the IP address

E.g. ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:  
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128 
Reply from 192.168.0.1: bytes=32 time<1ms TTL=128  
Ping statistics for 192.168.0.1: 
Packets: Sent = 4, Received =4, Lost = 0 (0% loss), ...

The answer in this case is: the device with 192.168.0.1 is reachable and is in the immediate vicinity, because time<1ms 

How to display a list of all network connections?

The command: netstat -ano prints a list of all network connections.

Legend:

Lokale Adresse Connection from the address
Foreign Address Connection to the address with the indicated port (The port is after the ":" )
State For example, listening means that the computer is listening at this address, i.e. it is waiting for a connection; established means that there is an active connection here.
PID To identify the programs behind it, the PID (Process Identification) is on the right.

The program for the PID can be displayed either in the Task Manager or by means of the parameter /b.

To do this, open the Task Manager with [Ctrl-Alt-Del]. In Windows 10 you can find the PID under Details and possibly under Services.

The PID may have to be displayed using Select columns.

see also: show active network connections and processes | Windows

How can the MAC address be determined from the IP address?

To display the MAC address, the network device must be contacted first, for example by pinging the IP address(ping ???.???.???.???). When contacting a client, the ARP cache is filled, which represents a list of IP addresses and the associated MAC addresses.
The arp -a command outputs a list of IP addresses and the associated MAC addresses.

Interface: ???.???.???.??? --- ??????

Internetadresse Physikal. Adresse Typ
???.???.???.??? xx-xx-xx-xx-xx-xx dynamic
???.???.???.??? xx-xx-xx-xx-xx-xx dynamic

also here with "physical address" the MAC address is meant.

How to display the routing table?

The route print command lists all active routes of the routing table.

Routing is used to assign networks to the various network adapters.

By interface is meant, for example, a network adapter and its associated IP address.

The route add command can be used to assign specific networks to specific interfaces.

The default gateway, for example, is used if no entry exists for a certain network, i.e. all networks. The default gateway always appears with the network destination 0.0.0.0 and with a network mask of 0.0.0.0.

How to find out the IP address of a hostname or domain?

The nslookup command can be used to query a DNS server for a domain for its IP address.

How to start a route tracing ?

The tracert command traces routes to the domain (which servers, routers, ... are traversed to the domain). E.g. tracert www.libe.net traces all routes to this web server.

How to display all connected network drives ?

By means of the netuse command, connected network drives can be displayed

How to display open sessions on the server?

The command: net session (in the command prompt) can be used to display open network sessions, for example drive connections, on the server.

further topics

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments


Table of Contents
  1. How can the IP address be determined?
  2. How can the MAC address be determined?
  3. How to test the network connection?
  4. How to display a list of all network connections?
  5. How can the MAC address be determined from the IP address?
  6. How to display the routing table?
  7. How to find out the IP address of a hostname or domain?
  8. How to start a route tracing ?
  9. How to display all connected network drives ?
  10. How to display open sessions on the server?
  11. further topics
[Deutsch]
Network cmd Portscan - Test devices on the network for their services.
By continuing to browse the site, you agree to our use of cookies. More Details