In this guide, I will demonstrate five essential PowerShell commands that I use daily to diagnose and troubleshoot network issues. While many Command Prompt (CMD) commands work in PowerShell, we will focus on syntax specific to the modern PowerShell environment.
This is a modern replacement for several older tools. It can perform a standard ping (ICMP) or test specific TCP ports to verify if a service is listening.
To check basic connectivity and latency (in milliseconds) to a host:
Test-NetConnection google.com
This is incredibly useful for verifying if a specific service (like a web server or SSH) is reachable. You can use the alias TNC for brevity.
TNC google.com -Port 443
If the TcpTestSucceeded result is True, the remote server is accepting connections on that port. If it fails, the command will fall back to a standard ping to verify if the host is up at all.
While a classic command, it has powerful applications in PowerShell for viewing adapter details, managing DHCP leases, and inspecting the DNS cache.
To view detailed information (DNS servers, MAC addresses, DHCP lease times) and copy it directly to your clipboard for documentation:
ipconfig /all | clip
You can use a pipe to find specific strings, such as checking your DHCP lease expiration:
ipconfig /all | findstr "lease"
In PowerShell, you must use a semicolon to chain commands. This is useful for refreshing your IP address without completely dropping your remote connection for too long:
ipconfig /release; ipconfig /renew
This command displays active network connections, routing tables, and interface statistics.
To see if a local service is up and listening on a port, use the -a flag. To speed up the process by disabling DNS lookups, add the -n flag.
netstat -an
To see exactly which program or Process ID (PID) is using a specific port (e.g., Firefox or TeamViewer), use the -b flag:
netstat -anb
Use this to diagnose DNS resolution issues.
Enter the interactive mode by typing nslookup, or check a record directly:
nslookup disney.com
You can verify how a specific DNS server resolves a domain. For example, to query Google's DNS (8.8.8.8) directly:
server 8.8.8.8
disney.com
You can also search for specific record types, such as Mail Exchange (MX) records, to identify email providers:
set type=mx
reddit.com
Beyond the basic connectivity test, Ping is vital for troubleshooting VPN and MTU (Maximum Transmission Unit) issues.
To run a ping indefinitely (until you press Ctrl+C), use the -t flag.
If packets are being dropped over a VPN due to encapsulation size, you can test packet sizes using the "Don't Fragment" flag (-f) and setting a specific length (-l).
ping google.com -f -l 1472
If this fails, lower the value (e.g., 1372) to find the maximum packet size your network can handle without fragmentation.
Here are two extra commands for specific scenarios:
To see exactly which Access Point (BSSID) your laptop is connected to, helping you diagnose roaming issues:
netsh wlan show int
To list known MAC addresses and neighbors on your local interface:
arp -a