Helping Out the Server Teams - Windows Edition

Team,
     I'm happy to help, but I'm going to need some more information to assist. Please replace the red text below with the requested information.

Source/Destination Information

Source IP: <Source_IP>

Destination IP: <Destination_IP>

Destination Port: <Port_Number> 

Ticket Number: <If ports we're requested previously, provide the ticket Number referencing the approved change>

Date this was last known to be working:  <Date> 

Application Name:  <Name> 

Additionally, I'll need the following command outputs from the affected server. Please run these commands save attach them in a text file as the output can sometimes be lengthy.

• ipconfig /all
• getmac
• netstat -abn (or netstat -an if they don’t have elevated permissions)
• netstat -an
• arp -a
• route print
• traceroute 1.1.1.1
• net start
• Get-netfirewallrule -all | Export-csv NoBlameNetwork.csv

• Interface Output

• Displays the MAC of every interface in a quick and readable format

• Lists all ports being used inbound or out, along with related application

• In case they don’t have elevated permissions
• This will only provide the ports used, not the related application

• Local arp table. Proves Layer 2 and 3 from the network side

• Provides the local routing table.
• Looking for things like default route, preferred interface, etc

• Provides the network path used to get to the internet.

 System Services information

net start

Software Firewall Commands 
(Commands for the the windows firewall, there is just too many possible software firewalls to try to list them here.)

Get-netfirewallrule -all | Export-csv NoBlameNetwork.csv