Windows Network Diagnosis Tools Guide

Overview

This article provides a structured approach for identifying communication issues in Windows Server environments using built-in commands and PowerShell tools. It covers ICMP connectivity testing, TCP port checks, DNS resolution, and log analysis.

Variable Notation

The following placeholders represent environment-dependent values. Replace them with your actual settings.

Variable	Example	Description
`<<TARGET_HOST>>`	`192.168.10.1`	Hostname or IP address to test connectivity
`<<PORT_NUMBER>>`	`443`	TCP port number used by the application
`<<LOG_PATH>>`	`C:\Logs\netdiag.txt`	Path to store output logs

Step 1: ICMP Connectivity Check (ping)

Verify reachability at the network layer.

ping <<TARGET_HOST>>

If there is no reply, check the following:

Whether ICMP is blocked by Windows Defender Firewall
Whether the target host is powered on
Whether routing settings are correct (route print)

Note: If ICMP responses are disabled in your environment, perform a TCP connectivity test instead.

Step 2: Route Verification (tracert)

Determine at which hop the communication fails.

tracert <<TARGET_HOST>>

Step 3: TCP Port Connectivity (Test-NetConnection)

Test whether communication at the application layer can be established.

Test-NetConnection -ComputerName <<TARGET_HOST>> -Port <<PORT_NUMBER>>

Key output fields:

Field	Description
`TcpTestSucceeded`	Indicates whether the TCP connection succeeded
`PingSucceeded`	Indicates if ICMP succeeded
`RemoteAddress`	Resolved destination IP address
`SourceAddress`	Source IP address used for the connection

Tip: If DNS is unstable, use the IP address directly for testing.

Step 4: Checking TCP Session Status (netstat / Get-NetTCPConnection)

View current TCP connections and listening ports.

Using netstat

netstat -ano | findstr "<<PORT_NUMBER>>"

Option explanations:

-a: Show all connections and listening ports
-n: Display addresses and ports numerically
-o: Show process IDs

Identify the corresponding process:

tasklist /FI "PID eq <<PID_NUMBER>>"

Using PowerShell

Get-NetTCPConnection -State Established |
  Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess

Get-NetTCPConnection | Where-Object { $_.LocalPort -eq <<PORT_NUMBER>> }

A large number of SYN_SENT or TIME_WAIT states may indicate interrupted or excessively repeated connections.

Step 5: DNS Resolution Verification (nslookup / Resolve-DnsName)

Confirm that name resolution is functioning correctly.

nslookup <<TARGET_HOST>>

Detailed check with PowerShell:

Resolve-DnsName <<TARGET_HOST>> -Type A

Query a specific DNS server:

Resolve-DnsName <<TARGET_HOST>> -Type A -Server 8.8.8.8

Note: For IPv6 environments, use -Type AAAA.

Step 6: Advanced Troubleshooting

Enable Firewall Logging

If communication is blocked, enable firewall logging for analysis.

Set-NetFirewallProfile -Profile Domain,Public,Private `
  -LogAllowed True -LogBlocked True `
  -LogFileName "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" `
  -LogMaxSizeKilobytes 32767

The default log size is 1MB; increasing it simplifies analysis.

Check the ARP Table (Layer 2 Troubles)

arp -a

If MAC address inconsistencies or duplicates are found, suspect switch or virtual NIC cache issues.

Summary

Most network issues can be systematically isolated in five steps:
ICMP connectivity → Route check → TCP connection → DNS resolution → Log analysis

By combining built-in tools such as ping, tracert, and netstat with PowerShell cmdlets like Get-NetTCPConnection, Resolve-DnsName, and Test-NetConnection, you can perform efficient and reproducible troubleshooting in Windows Server environments.