The netstat.exe command is a simple yet powerful command line tool that can help you with basic networking issues, such as what ports are active on your personal computer, all the way up to assisting with complex tasks like troubleshooting network connectivity problems within a distributed computing environment.

As many of us move away from command line tools in favor of GUI-based network monitoring tools, it is always nice to review the features of a ‘back to basics’ command.

Netstat has approximately 10 switches associated with it, and typing netstat ? provides a brief summary of each. 

Running netstat without any switches displays all ports open on the machine at the time the command is run.

If you need more information, like a list of all ports that are listening on a machine, simply add the -a switch. The output of a netstat -acommand is displayed in the the following screen-shot:

If you prefer to see the Local Addresses in numerical IP address form, you can add the -n switch to the command, which changes the output to this:

In Windows 2003, netstat has gained the -oswitch. This switch is extremely helpful because it identifies which process identifier (PID), or program, is listening on a given port. So netstat -ano will provide the following information:

As you can see from the above examples, netstat.exe is a basic command that can provide some very useful information.

What is MSDTC?

MSDTC is the Microsoft Distributed Transaction Coordinator, which is a transaction manager program that permits client applications to include several different sources of data into one transaction. MSDTC then coordinates committing the transaction across all of the servers that are listed in the transaction. MSDTC runs on all Windows operating systems, and is also installed by a variety of Microsoft applications, including Personal Web Server and SQL Server.

What Network Ports are Used?

MSDTC uses a number of TCP network ports for sending and receiving messages. This fact must be considered when MSDTC is running in a network environment where the servers involved in the transactions. Say you are running a multi-tier application, and each tier is separated by a router or firewall for security purposes. An example would be an application server in one tier communicating with a SQL Server database You will need to know what port numbers need to be opened for MSDTC transaction information to be able to pass through successfully.

For sending out transaction messages, MSDTC always uses the same TCP port - 135. Dealing with the response message is a little more tricky. MSDTC response messages return on a dynamically assigned port anywhere in a range from 1024 - 5000.

Configuring the MSDTC Respone Port Range

As most of you can probably guess, network administrators are not very fond of opening a wide range of ports all at once. So in order for MSDTC communications to still work and keep the network administrator happy at the same time, you will need to reduce the port range used by the response messages. This change is configured in the registry of the servers involved in the MSDTC communications. You will need to add a couple of keys to the registry.

Note: Please make sure to always take a backup of the registry prior to making any changes!

The location of the change is:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet

The following entries need to be added:

Ports : REG_MULTI-SZ : 1024-1054

PortsInternetAvailable : REG_SZ : Y

UseInternetPorts : REG_SZ : Y

(There is a space both before and after each colon)

In this particular example we are limiting the responses to a port range of only 1024-1054. The exact range of ports to use is basically up to each individual organization.

Testing MSDTC Communications

So how do you know your changes were successful? Microsoft provides a handy little tool called DTCPing.exe that you can use to test MSDTC communications between servers. DTCPing can be downloaded from:

http://www.microsoft.com/downloads/details.aspx?FamilyID=5e325025-4dcd-4658-a549-1d549ac17644&displaylang=en

This file is a self-extracting zip file.  Confusingly, the zip file and actual executable file are both named “DTCPing.exe”, so you need to make sure to extract to a separate directory, otherwise you will receive a ‘Cannot create output file’ error message.

Once extracted, simply launch DTCPing.exe. The tool must be up and running on both the sending and receving servers, otherwise the test will fail. The initial screen of the tool will look like this:

From here just type in either the NetBIOS name or IP Address of the remote node and click Ping. Test messages will appear in the DTCPing windows of both the sending and responding servers, and a summary of the test will be presented at the end. The test scenario will also be written to a log file that can be found in the same directory as the DTCPing.exe file.

What is Netdiag.exe?

Netdiag.exe is a Windows 2000 and 2003 Server command line tool that can be used to effectively test the network connectivity of a computer, and provides valuable insight to the overall health of your network.  Netdiag can help you solve any number of network issues including:

• Checking Virtual Private Networks (VPN) network tunnels
• Domain Name Service (DNS) or Windows Internet Naming Service (WINS) name resolution problems
• Active directory replication
• Verifying the binding of a server’s network cards
• Problems with Internet Protocol Security (IPSEC)
• Winsock corruption
• Verifying the ability of domain controllers to use Lightweight Directory Access Protocol (LDAP)

Installing Netdiag.exe

Netdiag is included as part of the Support Tools on the Windows Server CD. Once the Support Tools have been installed you can simply run ‘netdiag.exe’ from a command line. 

Using Netdiage.exe

Properly using netdiag involves a number of command line switches that need to be entered in a certain order. Not all of the switches are required, but the correct full syntax if you were to use them all is as follows:

netdiag [/q] [/v] [/l] [/debug] [/d:domain_name] [/fix] [/dcaccountenum] [/test:test_name] [/skip:test_name]

Below are the definitions of the various parameters:

- /q: Specifies quite output and only displays errors

- /v:Runs Netdiag in verbose mode, which dispays each action as it is being performed

- /l:Sends the output of the Netdiag results to a Netdiag.log file

- /debug:Runs Netdiag in debug mode

- /d:domain_name: Used to locate domain controllers in a specified domain

- /fix:This parameter detects and correct issues with DNS. It verifies that all DNS entries contained on a server are correct, and updates any invalid entries.

- /dcaccountenum: Enumerates the computer accounts of the domain controller

- /test:test_name:This parameter can be used to specify form a long list of netdiag tests that you can run. test_name can be any of the following values:

                  Autonet: Automatic Private IP Addressing (APIPA) address test
                  Bindings: Bindings test
                  Browser: Redir and Browser test
                  DcList: Domain controller list test
                  DefGw: Default gateway test
                  DNS: Domain Name Service (DNS) test
                  DsGetDc: Domain controller discovery test
                  IpConfig: IP address configuration test
                  IpLoopBk: IP address loopback ping test
                  IPSec: Internet Protocol security (IPSec) security test
                  IPX: Internetwork Packet Exchange (IPX) test
                  Kerberos: Kerberos Test
                  Ldap: Lightweight Directory Access Protocol (LDAP) test
                  Member: Domain membership test
                  Modem: Modem diagnostics test
                  NbtNm: NetBIOS over TCP/IP (NetBT) name test
                  Ndis: Netcard queries test
                  NetBTTransports: NetBT transports test
                  Netstat: Netstat information test
                  NetWare: NetWare test
                  Route: Routing table test
                  Trust: Trust relationship test
                  WAN: Wide Area Network (WAN) configuration test
                  WINS: Windows Internet Naming Services (WINS) service test
                  Winsock: Winsock test

You can specifiy multiple tests  by using multiple instances of the /test:test_namecommand, each separated with a space. So, for example, if you wanted to run three tests: DNS, IPSec, and WINS, a typical Netdiag command line would look like this:

netdiag /v /dcaccountenum /test:DNS /test:IPSec /test:WINS

 - /skip:test_name:Allows you specify one or more of the above tests that you want to skip during a particular Netdiag session. As with /test:test_name, you can specify multiple tests to skip by using multiple instances of the /skip:test_name command, each separated with a space.

Even in today’s point-and-click world, there are still a huge number of effective and powerful command line tools available for troubleshooting and monitoring. Netdiag is just one of many, but it is most certainly useful when examining your Windows Server infrastructure.