Wednesday, May 7, 2014

Using Netsh Commands Instead of Telnet to Test Firewall Connections

Every once in a while I need to validate that a firewall is either working or not working.  Prior to Win7 and Windows 2008 I would just use telnet to the name and port of the service I wanted to test.  Now I either need to create a change request to install on a server or give up.



I may have found a cool built-in tool to Windows 2008 that can accomplish the same result: netsh



I knew this was a very powerful tool that allows for network trace dumps without installing any 3rd party tools on a server.  I started looking for a way that netsh could be used to open a connection and report whether or not the connection was successful.



Next time try running this command:

netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com
You can also add report=yes to have the tool automatically generate some configuration details into an ETL and CAB file for use with Microsoft Message Analyzer but the information didn't seem especially helpful other than it does some network dump (capture=yes)





Successful response:

c:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com
Diagnosing 'internetclient' ... done
Root causes found: 0


Failure response on a pingable device with http access blocked:

c:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com
Diagnosing 'internetclient' ... done
Root causes found: 1


Root cause #1
--------------
 website (www.google.com) is online but isn't responding to connection attempts.

The remote computer isn't responding to connections on port 80, possibly due to
firewall or security policy settings, or because it might be temporarily unavail
able. Windows couldn't find any problems with the firewall on your computer.
Repairs available: 1


    Repair #1
    ----------
    Contact the service provider or owner of the remote system for further assis
tance, or try again later


I did find one locked down server that failed with this error:

C:\>netsh trace diagnose scenario=internetclient namedAttribute url=http://www.google.com
Diagnosing 'internetclient' ... done
 Network Diagnostics failed (error=0x80070511).


Netsh Commands for Network Trace in Windows Server 2008 R2 and Windows 7:


P.S. Possibly much easier:
try this powershell command it work for me.
(new-object Net.Sockets.TcpClient).Connect("google.com", 80)