Command-line utilities

TCP/IP
Get MAC
Netsh
Recover
Regsvr32
Set
Taskkill
Tasklist
Parameters

Some of the more useful command line utilities are listed below, the full list is available at Microsoft Command Line Reference from A - Z. The /? switch can be used after any command to view more detailed information.

These utilities must be run with the Cmd.exe command interpreter. To open a Command Prompt window click start > Run…, Open: cmd.

Note that some of these utilities require Administrative group membership on the computer that the command affects to execute.

TCP/IP Utilities

The TCP/IP network protocol must be installed to use these utilities. For information about starting TCP/IP services from the command prompt see Net start. For information about stopping TCP/IP services from the command prompt see Net stop.

ARP

Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which contains one or more tables that are used to store IP addresses and their resolved Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet or Token Ring network adapter installed on your computer. Used without parameters, arp displays help. ARP reference page on Microsoft TechNet.

Syntax:

arp [-a [InetAddr] [-N 
			IfaceAddr]] [-g [InetAddr] [-N IfaceAddr]] 
			[-d InetAddr [IfaceAddr]] [-s InetAddr 
			EtherAddr [IfaceAddr]]

IPCONFIG

Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. Ipconfig reference page on Microsoft TechNet.

Syntax:

ipconfig [/all] [/renew 
			[Adapter]] [/release [Adapter]] [/flushdns] 
			[/displaydns] [/registerdns] [/showclassid 
			Adapter] [/setclassid Adapter [ClassID]]

NBTSTAT

Displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the names registered with Windows Internet Name Service (WINS). Used without parameters, nbtstat displays help. Nbtstat reference page on Microsoft TechNet.

Syntax:

nbtstat [-a RemoteName] [-A 
			IPAddress] [-c] [-n] [-r] 
			[-R] [-RR] [-s] [-S] 
			[Interval]

NETSTAT (xp)

Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, and IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols). Used without parameters, netstat displays active TCP connections. Netstat reference page on Microsoft TechNet.

Syntax:

netstat [-a] [-e] 
			[-n] [-o] [-p Protocol] 
			[-r] [-s] [Interval]

PING

Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, ping displays help. Ping reference page on Microsoft TechNet.

Syntax:

ping [-t] [-a] 
			[-n Count] [-l Size] [-f] 
			[-i TTL] [-v TOS] [-r 
			Count] [-s Count] [{-j HostList | -k 
			HostList}] [-w Timeout] [TargetName]

TRACERT

Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help. Tracert reference page on Microsoft TechNet.

Syntax:

tracert [-d] [-h 
			MaximumHops] [-j HostList] [-w Timeout] 
			[TargetName]

GETMAC

Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer, either locally or across a network. Getmac reference page on Microsoft TechNet.

Syntax:

getmac[.exe] [/s Computer [/u 
			Domain\User [/p Password]]] [/fo {TABLE|LIST|CSV}] 
			[/nh] [/v]

NETSH

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Used without parameters, netsh opens the Netsh.exe command prompt, i.e. netsh>.

Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.

To run a netsh command, you must start netsh from the Cmd.exe prompt and change to the context that contains the command you want to use. The contexts that are available to you depend on which networking components you have installed. Netsh reference page on Microsoft TechNet.

Syntax:

netsh [-a AliasFile] [-c 
			Context] [-r RemoteComputer] [{NetshCommand|-f 
			ScriptFile}]

RECOVER

Recovers readable information from a bad or defective disk. Recover reference page on Microsoft TechNet.

Syntax:

recover [Drive:][Path] FileName

Regsvr32

This command-line tool registers .dll files as command components in the registry. Recover reference page on Microsoft TechNet.

Syntax:

regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname

SET

Displays, sets, or removes cmd.exe environment variables. Type SET without parameters to display the current environment variables.Set reference page on Microsoft TechNet.

Syntax:

Set [variable=[string]]

variable - specifies the environment-variable name.
string - specifies a series of characters to assign to the variable.

TASKKILL (xp pro)

Ends one or more tasks or processes. Processes can be killed by process ID or image name. Taskkill reference page on Microsoft TechNet.

Syntax:

Taskkill [/s Computer] [/u 
			Domain\User [/p Password]]] [/fi FilterName] 
			[/pid ProcessID]|[/im ImageName] [/f][/t]

TASKLIST (xp pro)

Displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Tasklist reference page on Microsoft TechNet.

Syntax:

Tasklist[.exe] [/s computer] [/u 
			domain\user [/p password]] [/fo {TABLE|LIST|CSV}] 
			[/nh] [/fi FilterName [/fi 
			FilterName2 [ ... ]]] [/m [ModuleName] | /svc 
			| /v]

Parameters

/f: Specifies that process(es) be forcefully terminated. This parameter is ignored for remote processes; all remote processes are forcefully terminated.
/fo {TABLE|LIST|CSV}: Specifies the format to use for the query output. Valid values are TABLE, LIST, and CSV. The default format for output is TABLE.
/im ImageName: Specifies the image name of the process to be terminated. Use the wildcard (*) to specify all image names.
/nh: Suppresses column header in output. Valid when the /fo parameter is set to TABLE or CSV.
/p Password: Specifies the password of the user account that is specified in the /u parameter.
/pid ProcessID: Specifies the process ID of the process to be terminated.
/s Computer: Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/t: Specifies to terminate all child processes along with the parent process, commonly known as a tree kill.
/u Domain\User: Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command.
/v: Specifies that the output display verbose information.
/?: Displays help at the command prompt.