Managing networks with CMD: advanced commands netsh, ipconfig, ping and tracert

  • CMD offers commands such as ipconfig, ping, tracert, or netstat to diagnose and understand the state of the network in much more detail than graphical tools.
  • Advanced tools such as netsh, pathping, nslookup or arp allow you to delve deeper into IP configuration, DNS, routing and link performance.
  • Commands geared towards remote administration such as net use, taskkill, shutdown, telnet, ssh or ftp make it easier to manage equipment and services remotely.
  • Mastering this set of commands makes CMD an essential tool for system administrators, cybersecurity professionals, and advanced users who need fine-grained control over the network.
Joaquin Romero

17 minutes

How to manage CMD network commands in Windows

In Windows, most users manage with the graphical interface to connect to WiFi, change some settings, or check if there's an internet connection, but when you want to go a step further and to truly diagnose what's happening on the networkThe command prompt (CMD) becomes your best ally. From there you can view routes, ports, DNS, packet loss, configure IPs, adjust the firewall, and much more, almost always faster than navigating through menus. You can also use tools like GlassWire to detect unusual events and monitor your network.

If you work in systems administration, cybersecurity, or are simply a curious user who wants to understand what happens when something "doesn't work on the internet," mastering the Advanced network commands in CMD (netsh, ipconfig, ping, tracert and others) It makes a huge difference. They're not just for fixing problems, but for preventing them, documenting infrastructure, and automating repetitive tasks with batch scripts, and it's useful to be aware of measures like ASR (Attack Surface Reduction) in a defense-in-depth approach.

What is CMD and why is it still key in networking?

Although it may sound like something from the past, CMD is the classic Windows command interpreterIt is a successor to the old MS-DOS. It is a text-mode application that acts as a translator between what you type and the operating system, allowing you to run programs, native utilities, and .bat scripts with a level of control that the graphical interface often does not offer.

To open it, simply search "cmd" or "Command Prompt" in the Start menu, or press Win + R, to write cmd and accept. If you're going to use commands that affect network settings, firewalls, or services, it's best to open it as administrator (right-click > Run as administrator) to avoid permission errors.

From CMD you can run both legacy MS-DOS utilities and modern networking tools. Furthermore, supports batch scriptsThis allows you to automate repetitive tasks such as changing IPs, clearing caches, creating backups, running daily diagnostics, and adjusting network priorities such as vary network connection prioritywhich is very powerful in corporate environments.

Essential basic commands for managing networks

There is a small group of commands that any administrator or advanced user should have familiarized for get a quick overview of the network configuration and make an initial diagnosis when something goes wrong.

ipconfig: a snapshot of your IP configuration

The command ipconfig shows at a glance the TCP/IP configuration of all adapters The device's information: IP address, subnet mask, gateway, DNS, DHCP status, etc. This is the starting point for knowing which network you are on and where the packets are going.

What is GlassWire?
Related article:
GlassWire tutorial to detect rare events and monitor your network

If you simply write ipconfigYou will see the basic IP address of each interface (Ethernet, WiFi, virtual adapters, etc.). ipconfig / all You get a complete breakdown: physical (MAC) addresses, DHCP leases, DNS servers, a description of each adapter, etc., very useful for document the equipment or send information to support.

ipconfig also allows you to manage the relationship with the DHCP server and the DNS cache with several variants commonly used in troubleshooting network issues:

  • ipconfig / release: releases the current IP address obtained by DHCP.
  • ipconfig / renew: requests a new IP address from the DHCP server.
  • ipconfig / flushdns: clears the system's DNS cache.
  • ipconfig / displaydns: displays the contents of the DNS cache.

Combinations ipconfig / release followed by ipconfig / renew and the classic ipconfig / flushdns They usually resolve IP conflicts, network changes, or problems with domains that have changed servers but the computer is still pointing to old IPs, and it's a good idea to also check the Best DNS for Windows when the resolution fails.

Windows CMD commands how to manage networks

ping: the network's proof of life

The command ping It is the simplest and at the same time the most used test for Check if a host is responding on the networkIt sends ICMP echo packets to an IP or domain and shows if there is a response, how long it takes to go and return (latency), and how many packets are lost.

You can ping both IP addresses (for example, your router or an internal server) such as Domains from the internet. If the test is successful, you will see lines like this. "Reply from XXXX" along with the time in milliseconds and the TTL. If it fails, messages like "Destination host inaccessible" o "This request has timed out" They give you clues as to what's going on.

Some ping parameters which should be handled:

  • ping 192.168.1.1 -n 1000: sends 1000 packets instead of the default 4, useful for checking stability and losses.
  • ping 192.168.1.1 -w 3000: increases the waiting time to 3000 ms per packet.
  • ping 192.168.1.1 -t: keeps the ping indefinitely until you stop it with Ctrl+C.

Although it's tempting to leave a permanent ping, Abusing ICMP can cause congestion or losses on highly sensitive networks, so it's best to use it judiciously, especially in production environments; if you detect problems in real-time applications, the guide on [the topic] can help you. slow or interrupted video conferences.

hostname and getmac: identifying the computer on the network

The command hostname returns the team name on the networkIt may seem trivial, but it's very practical when you need to connect to a host by name and not by IP, or to quickly check which machine you're working on if you manage many.

For its part, getmac shows the MAC (physical) addresses of all adapters of the system, whether connected or not. The MAC address is a unique identifier (48 bits) defined by the manufacturer and the IEEE 802 standard, and is used, for example, to filter access on the router or for inventory management, or even for block suspicious connections from CMD.

getmac accepts parameters such as /fo to choose the output format (table, list, CSV) or /nh to hide column headers, which is very useful if you want to process the result in scripts or send it to another system.

arp: who's really on your local network

The command arp works with the ARP table that associates IPs with MAC addresses on your local network. With arp -a You can see which devices have recently communicated with your computer, including the router, neighboring computers, and broadcast addresses.

If you first perform a ping sweep over the entire range (for example for /l %i in (1,1,254) do ping -w 50 -n 1 192.168.1.%i) and then you execute arp -aYou'll have a fairly complete picture of which IP address is each MAC using? in your subnet, useful for detecting intruders or address conflicts.

Route and performance diagnostics: tracert and pathping

When you know something is wrong "somewhere" in the network but not where, commands that show the route that the packages follow and how the different jumps behave, and in environments with multiple adapters it is also useful to understand concepts such as NIC teaming and its configuration.

tracert: following each hop to the destination

The command tracert (traceroute in other systems) sends ICMP requests with increasing TTL (Time To Live) values to discover which routers a packet traverses to reach its destination. Each hop responds with a timeout message until finally the final host sends an echo back.

The tracert output shows, line by line, the hop number, three response times in ms, and the IP address or hop nameThe first hop is usually your router, and from there appear the different nodes of your operator, intermediate carriers and the hosting provider of the server you connect to.

If at a specific point the times spike, asterisks accumulate, or there is no response, you can locate where communication breaks down or where there is a bottleneckA useful detail is to use tracert /d destination to avoid reverse IP to name resolution, greatly speeding up the command.

How tracert and TTL actually work

To understand why tracert is so powerful, it's helpful to briefly examine its internal mechanics: each packet comes out with an initial TTL that is reduced by 1 for each router that it traverses. When the TTL reaches 0, the router discards the packet and sends an ICMP time exceeded message to the source, giving clues as to its location.

tracert starts by sending a packet with TTL 1The first router reduces the TTL to 0, discards it, and responds. Then it sends another message with a TTL of 2, which passes through the first router, reaches the second, where the TTL expires and the message is sent back, and so on until the destination responds with a successful echo or the message is received. Maximum number of jumps (30 by default, adjustable with /h)With all that information, the route is reconstructed.

Pathping: Detailed analysis of losses and latency

While tracert focuses on the route, PathPing It combines ping and traceroute logic to offer Packet loss statistics and RTT per hopIt sends multiple pings to each node on the route for a period (by default about 75 seconds) and then calculates loss percentages from the source and on each link.

When running pathping domain_or_IP First you'll see a list of jumps very similar to the one in tracert, and after a while a table with columns of RTT, packets lost/sent, and percentage of loss per hopThat part is invaluable for locating problematic routers or subnets.

Recommendations when using pathping:

  • Use it sparingly On sensitive networks: it generates a lot of ICMP traffic.
  • Keep in mind that case sensitive in some parameters.
  • Remember that it only works if the TCP / IP protocol on the adapter.

Name resolution and DNS: nslookup and flushdns

Many connectivity problems are not actually network-related, but rather... DNS name resolutionThe domain is pointing to a different server, there are old cached records, or the provider's DNS is failing. CMD offers several tools to investigate.

nslookup: an X-ray of the DNS infrastructure

The command nslookup It is used to query DNS servers and see What IP address is associated with a domain, or what name is behind an IP address?It is a basic tool to check if the DNS is returning what it should.

It can be used in non-interactive mode, for example nslookup openwebinars.net 8.8.8.8 to query Google's DNS for a specific domain, or in interactive mode, by simply typing nslookup and then launching different queries from the nslookup prompt itself.

In addition to A (IPv4) or AAAA (IPv6) records, nslookup allows you to see MX, NS, CNAME recordsetc., which is very useful for audit complex DNS configurations or check for propagation of changes.

ipconfig /flushdns: clearing the system's DNS cache

Windows maintains a local DNS resolution cache To speed up connections. When a domain changes IP or there are incorrect redirects, this cache can work against you. That's where the classic [method/method] comes in. ipconfig / flushdns, which deletes all local entries.

After executing it, the team will be forced to query the DNS server again per domain, which usually fixes "whimsical" access to some websites or internal resources that have changed servers.

Learn how to measure Windows 11 boot time
Related article:
Complete guide to controlling processes and services with CMD

Monitoring and statistics: netstat, nbtstat, and systeminfo

When you want to see what's happening in real time on your network, it's time to use commands that display connections, open ports, and protocol statistics.

netstat: active connections and listening ports

The command netstat It's a true Swiss Army knife for audit local network trafficAmong other things, it allows you to view active TCP connections, ports where listening is taking place, protocol statistics (TCP, UDP, IP, ICMP), IP routing table, and interface data.

Useful combinations:

  • netstat -an: lists all connections and ports in numeric format, with their status.
  • netstat -o 5: displays active TCP connections and PIDs of processes, refreshing every 5 seconds.
  • netstat -e -s: presents statistics for Ethernet and all protocols.
  • netstat -s -p tcp udp: filters statistics only for TCP and UDP.

With netstat it's easy to detect suspicious connections, services listening on unusual ports or applications that are maintaining a session they shouldn't be, which is very useful for security tasks.

nbtstat: Focus on NetBIOS over TCP/IP

The command nbtstat focuses on NetBIOS over TCP/IP (NetBT) and allows you to view local, remote and cache NetBIOS name tables, as well as session statistics.

Use cases:

  • nbtstat /n: displays the NetBIOS naming table of the local machine.
  • nbtstat /c: displays the NetBIOS name cache.
  • nbtstat /S 5NetBIOS session statistics by IP, updated every 5 seconds.
  • nbtstat /R y /RRThey purge the cache and re-register names with the WINS server.

It is only available if the TCP/IP protocol is installed in the adapter properties, but when working with older environments or classic Windows installations, it remains very useful for resolving name conflicts.

systeminfo: a complete overview of the system

Although it is not strictly a network command, systeminfo provides Overview of hardware, software and configuration of the equipment, including network details such as domain, card configuration, updates, BIOS, memory, processors, etc.

It is a command highly valued by technicians and administrators because it allows copy all that information to a file and analyze it calmly, or attach it to a support ticket so that the technical team has full context without having to connect to the computer.

Advanced configuration and automation with netsh

If there's one command that stands out when we talk about advanced network management in Windows, it's this one. netsh (Network Shell)It is a command-line utility that allows view and modify almost any network parameter locally or remotely: interfaces, IP, DNS, firewall, WiFi, servers, etc.

netsh works because contexts (int, wlan, firewall, interface ip, etc.), each with its own subcommands. This makes it incredibly versatile, but requires familiarizing yourself with its structure. You can use it interactively (by entering a context and issuing commands) or non-interactively, by executing direct commands or .txt scripts with long sequences.

Practical examples of netsh

A very common use is Reset the TCP/IP stack When there are connectivity problems that are difficult to explain (protocol errors, strange behavior with DHCP, etc.), the basic command is:

Command: netsh int ip reset

If you also want to keep a record of the changes:

netsh int ip reset C:\tcpipreset.txt

After executing it, it is necessary Restart your computer so that the battery reset takes full effect.

Another very interesting application is the management of WiFi networks. For example, for View all the details of a wireless profile, including the password stored in the system:

Profile view: netsh wlan show profile name="NombreDeLaRed" key=clear

In addition, netsh allows modification Primary and secondary DNS from an interface, export/import configurations, tweak firewall rules, and even prepare complex scripts that run with one click to configure machines automatically in an organization.

Remote management, sharing, and services: net use, winrm, ssh, ftp, and more

CMD commands for managing networks in Windows

Beyond diagnosis, CMD also allows manage remote resources and equipment without needing to connect via a graphical desktop. This is vital when managing servers or computers without a graphical interface available.

net use and net view: shared network resources

The command net use is used for connect, disconnect and configure drives and shared resources (folders, printers) on other computers. For example, to map a shared folder on a server to the first available drive letter:

Unit mapping: net use * "\\SERVIDOR\mi_unidad" /persistent:no

This is how you connect the folder my_unit from a remote computer and prevent it from being automatically remapped upon login if you don't want it to be. To audit what you share from your own computer, you can use net share (list of local shared resources) or net view to see what another team on the network offers:

View resources: net view 192.168.1.50

These commands are very useful in security reviews, to locate exposed resources that shouldn't be exposed, and to diagnose when file transfer is slow.

WinRM: Remote administration via WS-Management

WinRM (Windows Remote Management) is Microsoft's implementation of the WS-Management protocol and is controlled from CMD with the command winrm. allow Configure remote access, obtain WMI information, modify parameters and manage services without opening desktop sessions.

Frequent WinRM Commands:

  • winrm get winrm/config -format:pretty: displays the current configuration in readable XML.
  • winrm get wmicimv2/Win32_Service?Name=spooler: retrieves information from the print queue service.
  • winrm set winrm/config @{MaxEnvelopeSizekb="100"}: modifies a configuration parameter.
  • winrm set winrm/config/Listener?Address=*+Transport=HTTPS @{Enabled="false"}: disables an HTTPS listener.

Properly configured, WinRM allows you to manage fleets of machines centrally with scripts, something basic in professional environments.

SSH and SCP: secure access and encrypted copies

Since Windows 10, the client SSH It comes integrated into the system. With it you can Log in via console to remote servers and execute commands as if you were standing right in front of them, all through an encrypted channel.

Typical uses:

  • ssh usuario@servidor_o_IP
  • ssh -l usuario servidor_o_IP

Example of a secure backup: scp ubuntu@mi_servidor.com:/etc/servicio/definitions.json /c/Users/TuUsuario/Downloads/new-definitions.jsonor alternatives such as SMB over QUIC for secure file sharing.

These types of commands are key when working with VPNs, Linux servers, or cloud infrastructures and you need to move files securely.

FTP and wget: file transfers without a graphical interface

The command ftp allows you to connect to FTP servers and upload or download files interactively or in batchesAfter executing ftp servidor You enter a sub-environment with its own commands (get, put, ls, cd, etc.) and, if you want to automate tasks, you can use ftp -s:file.txt server so that it executes actions defined in that file.

On the other hand, wget (if you install it on Windows) it's a very flexible tool for Download files from HTTP/HTTPSwith options to rename, resume downloads, save to specific directories, or even download recursively by following HTML links. If you need a guide to deploy it securely on a server, see Configuring FTP on Windows: Server, Permissions, and Basic Security.

Process control, remote shutdown, and other useful commands

Network management also sometimes involves kill problematic processesYou can restart services or even shut down/restart remote computers in a controlled manner. CMD offers several useful utilities for this.

taskkill: terminating local and remote processes

With taskkill can terminate processes by name, PID, user, or even on remote computersAn advanced example:

advanced use: taskkill /s remote_host /u dominio\usuario /p contraseña /fi "IMAGENAME eq nota*" /im *

This command forces the closure of all processes on the remote computer. remote_host whose image name begins with "note", using specific credentials. It is very useful when an application hangs on a server to which you do not have easy graphical access.

shutdown: local or remote shutdown and restart

The command shutdown allow turn off or restart equipment Local and remote with different parameters: force application closure, delay shutdown, include a comment, record the reason, etc.

Common examples:

  • shutdown /s /t 0: Turn off the local equipment immediately.
  • shutdown /r /t 60 /c "Reconfiguración miapp.exe" /f /d p:4:1: Restarts the local computer in 60 seconds, forcing apps to close.
  • shutdown /r /m \\mi_servidor_remoto /t 60 /c "Reinicio programado" /f /d p:4:1: Restarts a remote computer with the same parameters.

Combined with scripts and scheduled tasks, shutdown becomes a very powerful tool for manage maintenance windows without having to go machine by machine.

telnet: classic remote access (with notification)

telnet It is a veteran protocol for open remote sessions in plain textIn Windows you can use the command telnet To connect to services that still support it, provided you first install the Telnet client in the system's optional features.

Telnet connection test: telnet telnet.microsoft.com

or by specifying the port and log file:

Telnet with log: telnet /f telnetlog.txt telnet.microsoft.com 44

Today, for reasons of to maximise security and your enjoyment.It is much more advisable to use SSH, but telnet is still useful for test services on specific ports or work with older devices.

General commands that help maintain a healthy system

Although they are not strictly network commands, there are several CMD utilities that indirectly influence the proper functioning of connectivity and the system in general.

chkdsk: checking the disk to avoid surprises

The command chkdsk (Check Disk) scans a drive for file system errors and bad sectorsIf there are read/write problems, the network may be affected when working with roaming profiles, shared resources, or local databases.

The basic syntax is chkdsk C:But normally you would use modifiers like:

  • /f to correct errors automatically.
  • /r to locate damaged sectors and recover information.
  • /x to disassemble the unit before testing.

Scheduling chkdsk during maintenance times can help you avoid more serious failures that also affect the network.

sfc /scannow: verifying system files

The command sfc / scannow run the System File CheckerSFC analyzes all protected Windows files and repairs any that are damaged or missing. Many network problems stem from corrupted libraries or affected system components, and SFC is a good first step before taking more drastic measures.

Format a hard drive from the command prompt
Related article:
Complete guide to formatting a hard drive from the command prompt (CMD)

Run checker: sfc /scannow

The process will take a while, but if it detects and corrects errors, you can win in overall stability, including the network component.

Mastering this set of CMD commands for managing networks in Windows — from the most basic like ipconfig y pingeven heavyweights like netsh, netstat, tracert o PathPingincluding remote administration tools such as net use, winrm, ssh o shutdown— It gives you a level of control that the graphical interface simply doesn't offer: you can accurately diagnose, fine-tune parameters, automate tasks, and keep your networks—home or corporate—in a much more predictable and secure state, without relying on wizards or windows that hide what's really happening underneath. Share the information and more users will learn about CMD network commands.