Netsh WHAT??!!!

WHAT??  SERIOUSLY???  HOW COOL!!!!

I am a little embarrassed to admit the fact that I have been in the IT world for 14 years and have never realized how much cool stuff is available with the simple netsh command utility in Windows.  Sure I’ve used it over the years to do specific things, usually following some set of instructions I found trying to solve a specific issue, but I never explored the options to see what else was in there.  Not until I was studying for the CWNA exam from CWNP that is.  In the CWNA study guide (found here) it listed some of the different netsh commands and what information they can give you.  I started looking at them and then instantly wondered HOW HAVE I NOT KNOWN ABOUT THIS????

So I write this post in hopes that I don’t forget about the cool stuff you can see, and in an effort to share the knowledge with others the things I wish I had known for so long…

Netsh

There so many different commands in this utility.  Network traces, Ethernet and wireless tools and information menus, and firewall configuration, and on and on.  I’ll discuss the few I have played with.

dhcpclient trace

One of the first neat options I used was the dhcpclient trace option.  This allows you to basically enable a debug of the dhcp process and then dump it to a log file.

First you enable the trace (using a command prompt with admin privileges):  netsh dhcpclient trace enable

Then you perform the DHCP function you are troubleshooting.

And then stop the trace:  netsh dhcpclient trace disable

Then dump the file:  netsh dhcpclient trace dump

When you dump the file it is placed here: C:\Windows\System32

\LogFiles\WMI and is called “dhcpv4trace.log”

I opened the trace log in notepad and you could see very detailed information regarding the process.  I performed a DHCP release and renew during my trace and you can see the relevant information here:

 3-14-2018 21:38:56:482 Id:5323 Desc: OBTAIN LEASE: [{4702f80a-1110-46fc-8987-f786383f454f}] [19985273102270464] ==> 
 3-14-2018 21:38:56:482 Id:5201 Desc: Sending Discover on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0
 3-14-2018 21:38:56:482 Id:5202 Desc: Waiting for Offer on {4702f80a-1110-46fc-8987-f786383f454f}. Wait time is 3
 3-14-2018 21:38:57:500 Id:5203 Desc: Recieving a DHCP message on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0
 3-14-2018 21:38:57:500 Id:5206 Desc: Offer of 10.20.20.70 from 10.20.20.1 is accepted on {4702f80a-1110-46fc-8987-f786383f454f} .
 3-14-2018 21:38:57:500 Id:5209 Desc: Sending Request on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0.
 3-14-2018 21:38:57:500 Id:5210 Desc: Waiting for ACK on {4702f80a-1110-46fc-8987-f786383f454f}.
 3-14-2018 21:38:57:506 Id:5203 Desc: Recieving a DHCP message on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0
 3-14-2018 21:38:57:506 Id:5212 Desc: ACK of 10.20.20.70 from 10.20.20.1 is accepted on {4702f80a-1110-46fc-8987-f786383f454f}.
 3-14-2018 21:38:59:488 Id:5325 Desc: DhcpSetIpRoute: ADD: Dest=0.0.0.0, DestMask=0.0.0.0, NextHop=10.20.20.1, Metric=0, Address= 10.20.20.70
 3-14-2018 21:38:59:488 Id:5325 Desc: DhcpSetGatewaysAndStaticRoutes for the adapter: {4702f80a-1110-46fc-8987-f786383f454f}, Error: 0
 3-14-2018 21:38:59:489 Id:5319 Desc: Successfully Deleted the address: 169.254.114.199
 3-14-2018 21:38:59:509 Id:5318 Desc: Successfully Plumbed the address: 10.20.20.70
 3-14-2018 21:38:59:509 Id:5309 Desc: Adding the address of 10.20.20.70 on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0.
 3-14-2018 21:38:59:556 Id:5312 Desc: Registering AdapterName: {4702f80a-1110-46fc-8987-f786383f454f} Address: 1175720970 Flags : [] Error : 0
 3-14-2018 21:39: 0:675 Id:5301 Desc: Updating Stack abt address 10.20.20.70 on {4702f80a-1110-46fc-8987-f786383f454f}. Error code is 0.

You can see very easily the steps performed and where one may fail (all of mine were successful).

netsh wlan

The netsh wlan commands are very helpful in all things wireless.  I know I will end up using these frequently, and again wonder how I didn’t know about them.  Here are some of my favorite commands:  (Hint, some of these may be tested on in the CWNA exam!)

netsh wlan show drivers

This command will list the specific driver information which can be helpful when checking version numbers.  But it also tells you things like radio types (802.11a/b/g/n/ac), MFP support (802.11w), and authentication/encryption support (WEP, WPA Personal, WPA-Enterprise, TKIP, CCMP, etc..)  This can be huge when trying to determine what the client can do, especially if you don’t know much about that specific device.

netsh wlan show networks mode=bssid

This option lets you view from the client’s point of view what networks it can see and how well it can see them.  Great info including what radio type, encryption, channel, etc.  It also gives details like data rates enabled, RSSI (in percentage) the client sees the AP, and multiple APs from a single SSID, listed as separate BSSIDs.

netsh wlan show interfaces

This one gives you quick details about the SSID it is currently connected to.  Pretty much everything you see in the previous command, but only for the one SSID, and it also includes the current negotiated data rates in use, which may change every time you run it.

netsh wlan show profile profilename

This command will tell you specific details about the actual setup for the wireless profile used.  Things like if it will auto-reconnect if the SSID is in range, what security settings are in use, what EAP types, etc.   (SSID censored for privacy)

netsh show wirelesscapabilities

This one is awesome!  Mostly because it is an easy way to determine specific features you may want to know if the client supports.  Does the client support 802.11k,v, or r?  Or how many spatial streams does the client have?  Can the client can participate in MU-MIMO?  All can be answered with this one.

(Screen shot was too long to include in one image.  You’ll have to look this one up yourself!)

netsh wlan show all  > netsh_output.txt

Last but not least, here is a quick way to run all of them (the wireless ones anyway) and output it to a text file.  Than you can open the text doc and just search for the specific things you are looking for.

Hope that helps someone troubleshoot something a little easier.  I know it will help me, if I remember to use them…

–Scott