Microsoft Windows [Version 10.0.22621.2428]
(c) Microsoft Corporation. C:\Windows>netsh wfp ? The following commands are available: Commands in this context: ? - Displays a list of commands. capture - Captures real-time diagnostic information. dump - Displays a configuration script. help - Displays a list of commands. set - Sets WFP diagnostic options. show - Shows WFP configuration and state. To view help for a command, type the command, followed by a space, and then type ?.
Captures real-time diagnostic information.
»netsh »wfp »capture
C:\Windows>netsh wfp capture ? The following commands are available: Commands in this context: capture start - Starts an interactive capture session. capture status - Tells whether an interactive capture session is in progress. capture stop - Stops an interactive capture session.
Starts an interactive capture session.
»netsh »wfp »capture »start
C:\Windows>netsh wfp capture start ? Usage: capture start [ [ cab = ] (ON | OFF) ] [ [ traceonly = ] (ON | OFF) ] [ [ keywords = ] (NONE | BCAST | MCAST | BCAST+MCAST) ] [ [ file = ] <path> ] Parameters: Tag Value cab - Can be ON or OFF. The default is ON. ON compiles the files in a single .cab file. OFF leaves the output files uncompressed. This is useful if doing your own troubleshooting, rather than collecting data for others. traceonly - Can be ON or OFF. The default is OFF. ON collects only event tracing data, which reduces the output file size. keywords - Can be NONE, BCAST, MCAST, or BCAST+MCAST. The default is BCAST+MCAST. Sets the net event keywords used for the session. BCAST includes broadcast events and MCAST includes multicast events. To reduce the file size for long- running captures, set to NONE. file - Output file name. The default is 'wfpdiag.cab'. If the cab option is ON, the file name should not include the extension since the .cab is automatically added to the output file. Remarks: Starts an interactive capture session. To stop capture, run 'capture stop'.
Tells whether an interactive capture session is in progress.
»netsh »wfp »capture »status
C:\Windows>netsh wfp capture status ? Usage: capture status Remarks: Tells whether an interactive capture session is in progress.
Stops an interactive capture session.
»netsh »wfp »capture »stop
C:\Windows>netsh wfp capture stop ? Usage: capture stop Remarks: Stops an interactive capture session. Takes effect if previous command executed was 'capture start'.
Displays a configuration script.
»netsh »wfp »dump
C:\Windows>netsh wfp dump ? Usage: dump Remarks: Creates a script that contains the current configuration. If saved to a file, this script can be used to restore altered configuration settings.
Displays a list of commands.
»netsh »wfp »help
C:\Windows>netsh wfp help ? Usage: help Remarks: Displays a list of commands.
Sets WFP diagnostic options.
»netsh »wfp »set
C:\Windows>netsh wfp set ? The following commands are available: Commands in this context: set options - Sets the global WFP options.
Sets the global WFP options.
»netsh »wfp »set »options
C:\Windows>netsh wfp set options ? Usage: set options [ netevents = ON | OFF ] [ [ keywords = ] NONE | BCAST | MCAST| BCAST+MCAST ] [ [ txnwatchdog = ] <time in msec> ] Parameters: Tag Value netevents - Can be either ON or OFF. Sets the netevents option. keywords - Can be NONE, BCAST, MCAST, or BCAST+MCAST. Sets the keywords option. The default is NONE. txnwatchdog - Sets the timeout in milliseconds for the transaction watchdog event. This must be an integer. If no value is specified, the timeout is set to zero, and an event will be triggered for every transaction. Remarks: Sets the global WFP options. Only one option parameter can be set per execution.
Shows WFP configuration and state.
»netsh »wfp »show
C:\Windows>netsh wfp show ? The following commands are available: Commands in this context: show appid - Displays the application ID for the specified file. show boottimepolicy - Displays the boot-time policy and filters. show filters - Displays filters matching the specified traffic parameters. show ikeevents - Displays recent IKE epoch events matching the specified parameters. show netevents - Displays recent network events matching the traffic parameters. show options - Displays the global WFP options. show security - Displays the specified security descriptor. show state - Displays the current state of WFP and IPsec. show sysports - Displays system ports used by the TCP/IP Stack and the RPC sub-system.
Displays the application ID for the specified file.
»netsh »wfp »show »appid
C:\Windows>netsh wfp show appid ? Usage: show appid [ file = ] <path> Parameters: Tag Value file - Specifies the DOS path for the application. Remarks: Displays the application NT path for the specified file. The supplied path must exist.
Displays the boot-time policy and filters.
»netsh »wfp »show »boottimepolicy
C:\Windows>netsh wfp show boottimepolicy ? Usage: show boottimepolicy [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'btpol.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays the boot-time policy and filters.
Displays filters matching the specified traffic parameters.
»netsh »wfp »show »filters
C:\Windows>netsh wfp show filters ? Usage: show filters [ [ file = ] <path> | - ] [ [ protocol = ] <ipproto> ] [ [ localaddr = ] <ipaddr> ] [ [ remoteaddr = ] <ipaddr> ] [ [ localport = ] <port> ] [ [ remoteport = ] <port> ] [ [ appid = ] <path> ] [ [ userid = ] <user> ] [ [ dir = ] IN | OUT ] [ [ verbose = ] ON | OFF ] Parameters: Tag Value file - Output file name. The default is 'filters.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. protocol - The IP protocol. This must be an integer. localaddr - The IP addresses. 'localaddr' is the local IP address, remoteaddr and the 'remoteaddr' is the remote IP address. The addresses are either IPv4 or IPv6. If both local and remote addressses are specified, they both must belong to the same address family. localport - The ports. 'localport' is the local port remoteport and 'remoteport' is the remote port. They must be integers. appid - The application sending or receiving the traffic on the local host. This either an NT path such as '\device\harddiskvolume1\windows\system32\ftp.exe' or a DOS path such as 'c:\Windows\System32\ftp.exe' The supplied path must exist. userid - The user sending or receiving the traffic on the local host. The userid may be a SID (such as 'S-1-5-18') or a user name (such as 'nt authority\system'). dir - The direction of the connection. By default, filters for both inbound and outbound traffic are displayed. Use IN to display only filters for inbound traffic or OUT to display only filters for outbound traffic. verbose - Determines whether to display all filters. Can be ON or OFF. The default is OFF, which attempts to suppress matching filters that are unlikely to affect connectivity. ON does not suppress any filters. Remarks: Displays filters matching the specified traffic parameters.
Displays recent IKE epoch events matching the specified parameters.
»netsh »wfp »show »ikeevents
C:\Windows>netsh wfp show ikeevents ? Usage: show ikeevents [ [ file = ] <path> | - ] [ [ remoteaddr = ] <ipaddr> ] Parameters: Tag Value file - Output file name. The default is 'netevents.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. remoteaddr The remote IP address. The remote address is either IPv4 or IPv6. Remarks: Displays recent IKE epoch events matching the specified parameters.
Displays recent network events matching the traffic parameters.
»netsh »wfp »show »netevents
C:\Windows>netsh wfp show netevents ? Usage: show netevents [ [ file = ] <path> | - ] [ [ protocol = ] <ipproto> ] [ [ localaddr = ] <ipaddr> ] [ [ remoteaddr = ] <ipaddr> ] [ [ localport = ] <port> ] [ [ remoteport = ] <port> ] [ [ appid = ] <path> ] [ [ userid = ] <user> ] [ [ timewindow = ] <seconds> ] Parameters: Tag Value file - Output file name. The default is 'netevents.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. protocol - The IP protocol. This must be an integer. localaddr - The IP addresses. 'localaddr' is the local IP address, remoteaddr and 'remoteaddr' is the remote IP address. The addresses are either IPv4 or IPv6. If both local and remote addresses are specified, they both must belong to the same address family. localport - The ports. 'localport' is the local port, and 'remoteport' is the remote port. remoteport They must be integers. appid - The application sending or receiving the traffic on the local host. This either an NT path such as '\device\harddiskvolume1\windows\system32\ftp.exe' or a DOS path such as 'c:\Windows\System32\ftp.exe' The supplied path must exist. userid - The user sending or receiving the traffic on the local host. The userid may be a SID (such as 'S-1-5-18') or a user name (such as 'nt authority\system'). timewindow - Limits the output to network events that occurred within a specified number of seconds. This must be an integer. Remarks: Displays recent network events matching the specified traffic parameters.
Displays the global WFP options.
»netsh »wfp »show »options
C:\Windows>netsh wfp show options ? Usage: show options [optionsfor = ] NETEVENTS | KEYWORDS | TXNWATCHDOG Parameters: Tag Value optionsfor - Can be either NETEVENTS, KEYWORDS, or TXNWATCHDOG. NETEVENTS shows whether network events are buffered for diagnostics. KEYWORDS shows which network events are buffered for diagnostics. TXNWATCHDOG shows the timeout in milliseconds for the transaction watchdog event. Remarks: Displays the current value set for the specified option.
Displays the specified security descriptor.
»netsh »wfp »show »security
C:\Windows>netsh wfp show security ? Usage: show security [ type = ] CALLOUT|ENGINE|FILTER|IKESADB|IPSECSADB|LAYER|NETEVENTS |PROVIDER|PROVIDERCONTEXT|SUBLAYER [ [ guid = ] <guid> Parameters: Tag Value type - Specifies the object type to be retrieved. Can be CALLOUT, ENGINE, FILTER, IKESADB, IPSECSADB, LAYER, NETEVENTS, PROVIDER, PROVIDERCONTEXT, or SUBLAYER. guid - For object types that support per-object security descriptors, this is the GUID of the object. If not specified, it defaults to IID_NULL, which retrieves the security descriptor of the type container. The following types support per-object security descriptors: callout filter layer provider providercontext sublayer Remarks: Displays the specified security descriptor.
Displays the current state of WFP and IPsec.
»netsh »wfp »show »state
C:\Windows>netsh wfp show state ? Usage: show state [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'wfpstate.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays the current state of WFP and IPsec.
Displays system ports used by the TCP/IP Stack and the RPC sub-system.
»netsh »wfp »show »sysports
C:\Windows>netsh wfp show sysports ? Usage: show sysports [ [ file = ] <path> | - ] Parameters: Tag Value file - Output file name. The default is 'sysports.xml'. If this parameter is set to the dash character, 'file = -', the output is written only to the console. Remarks: Displays system ports used by the TCP/IP stack and the RPC sub-system.
- de -/- en -