- Overview
- Variable Notation
- Step 1: ICMP Connectivity Check (ping)
- Step 2: Route Verification (tracert)
- Step 3: TCP Port Connectivity (Test-NetConnection)
- Step 4: Checking TCP Session Status (netstat / Get-NetTCPConnection)
- Step 5: DNS Resolution Verification (nslookup / Resolve-DnsName)
- Step 6: Advanced Troubleshooting
- Summary
Overview
This article provides a structured approach for identifying communication issues in Windows Server environments using built-in commands and PowerShell tools. It covers ICMP connectivity testing, TCP port checks, DNS resolution, and log analysis.
Variable Notation
The following placeholders represent environment-dependent values. Replace them with your actual settings.
| Variable | Example | Description |
|---|---|---|
<<TARGET_HOST>> |
192.168.10.1 |
Hostname or IP address to test connectivity |
<<PORT_NUMBER>> |
443 |
TCP port number used by the application |
<<LOG_PATH>> |
C:\Logs\netdiag.txt |
Path to store output logs |
Step 1: ICMP Connectivity Check (ping)
Verify reachability at the network layer.
ping <<TARGET_HOST>>
If there is no reply, check the following:
- Whether ICMP is blocked by Windows Defender Firewall
- Whether the target host is powered on
- Whether routing settings are correct (
route print)
Note: If ICMP responses are disabled in your environment, perform a TCP connectivity test instead.
Step 2: Route Verification (tracert)
Determine at which hop the communication fails.
tracert <<TARGET_HOST>>
Step 3: TCP Port Connectivity (Test-NetConnection)
Test whether communication at the application layer can be established.
Test-NetConnection -ComputerName <<TARGET_HOST>> -Port <<PORT_NUMBER>>
Key output fields:
| Field | Description |
|---|---|
TcpTestSucceeded |
Indicates whether the TCP connection succeeded |
PingSucceeded |
Indicates if ICMP succeeded |
RemoteAddress |
Resolved destination IP address |
SourceAddress |
Source IP address used for the connection |
Tip: If DNS is unstable, use the IP address directly for testing.
Step 4: Checking TCP Session Status (netstat / Get-NetTCPConnection)
View current TCP connections and listening ports.
Using netstat
netstat -ano | findstr "<<PORT_NUMBER>>"
Option explanations:
-a: Show all connections and listening ports-n: Display addresses and ports numerically-o: Show process IDs
Identify the corresponding process:
tasklist /FI "PID eq <<PID_NUMBER>>"
Using PowerShell
Get-NetTCPConnection -State Established |
Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess
Get-NetTCPConnection | Where-Object { $_.LocalPort -eq <<PORT_NUMBER>> }
A large number of
SYN_SENTorTIME_WAITstates may indicate interrupted or excessively repeated connections.
Step 5: DNS Resolution Verification (nslookup / Resolve-DnsName)
Confirm that name resolution is functioning correctly.
nslookup <<TARGET_HOST>>
Detailed check with PowerShell:
Resolve-DnsName <<TARGET_HOST>> -Type A
Query a specific DNS server:
Resolve-DnsName <<TARGET_HOST>> -Type A -Server 8.8.8.8
Note: For IPv6 environments, use
-Type AAAA.
Step 6: Advanced Troubleshooting
Enable Firewall Logging
If communication is blocked, enable firewall logging for analysis.
Set-NetFirewallProfile -Profile Domain,Public,Private `
-LogAllowed True -LogBlocked True `
-LogFileName "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" `
-LogMaxSizeKilobytes 32767
The default log size is 1MB; increasing it simplifies analysis.
Check the ARP Table (Layer 2 Troubles)
arp -a
If MAC address inconsistencies or duplicates are found, suspect switch or virtual NIC cache issues.
Summary
Most network issues can be systematically isolated in five steps:
ICMP connectivity → Route check → TCP connection → DNS resolution → Log analysis
By combining built-in tools such as ping, tracert, and netstat with PowerShell cmdlets like Get-NetTCPConnection, Resolve-DnsName, and Test-NetConnection, you can perform efficient and reproducible troubleshooting in Windows Server environments.
