Netsh AdvFirewall Monitor Commands
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
Typing the command monitor at the netsh advfirewall context changes to the Netsh AdvFirewall Monitor context, where you can view the IPsec security associations (SAs) that exist on your computer. This context is the command-line equivalent to the Monitoring section of the Windows Firewall with Advanced Security MMC snap-in.
The following commands are available at the netsh advfirewall monitor> prompt.
To view the command syntax, click a command:
delete

  show

delete
Deletes the specified Main Mode or Quick Mode security associations.
Syntax
delete
{ mmsa | qmsa }
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
mmsa | qmsa
Required
mmsa specifies that main mode SAs matching the specified addresses are deleted.

qmsa specifies that quick mode SAs matching the specified addresses are deleted.

IPv4AddressPair | IPv6AddressPair | all
IPv4:    0.0.0.0

IPv6:    ::0

all
Examples
The following command deletes all Main Mode SAs active on the local computer:

delete mmsa all

The following command deletes any existing Quick Mode SA between two specific IP addresses:

delete qmsa 192.168.1.1 192.168.2.2

show
Displays state information about the firewall and IPsec configuration of the computer.
The show command supports the following options:
show consec

  show currentprofile

  show firewall

  show mainmode

  show mmsa

  show qmsa

Note
note
show mmsa
show qmsa
consec
currentprofile
firewall
mainmode
show consec
Displays the currently configured connection security (IPsec) settings. By default, the output is in summary form.
Note
note
show consec
Syntax
show consec
[ rule name = { all | RuleName }
     [ profile = { public | private | domain | active | any } [ ,… ] ] ]
     [ verbose ]
Parameters
name = { all | RuleName }
all
[ profile = { public | private | domain | active | any } [ ,… ] ]
[ verbose ]
Examples
The following command displays the basic connection security configuration for the local computer:

show consec

The following command displays detailed information about rules in that are assigned to currently active network profiles:

show consec rule name=all profile=active verbose

show currentprofile
Displays the current active network profiles and the network connections that are associated with each.
Note
note
show currentprofile
Syntax
show currentprofile
show firewall
Displays the currently configured firewall settings. By default, the output is in summary form.
Note
note
show firewall
Syntax
show firewall
[ rule name = { all | RuleName }
     [ dir = { in | out } ]
     [ profile = { public | private | domain | active | any } [ ,… ] ] ]
Parameters
name = { all | RuleName }
all
[ dir = { in | out } ]
[ profile = { public | private | domain | active | any } [ ,… ] ]
[ verbose ]
Examples
The following command displays the basic firewall configuration for the local computer:

show firewall

The following command displays detailed information about inbound rules in that are assigned to currently active network profiles:

show consec rule name=all dir=in profile=active verbose

show mainmode
Displays the current main mode IPsec configuration. By default, the output is in summary form.
Note
note
show mainmode
Syntax
show mainmode
[ rule name = { all | RuleName }
     [ profile = { public | private | domain | active | any } [ ,… ] ] ]
[ verbose ]
Parameters
name = { all | RuleName }
all
[ profile = { public | private | domain | active | any } [ ,… ] ]
[ verbose ]
Examples
The following command displays the basic main mode configuration for the local computer:

show mainmode

The following command displays detailed information about main mode rules in that are assigned to currently active network profiles:

show consec rule name=all profile=active verbose

show mmsa
Displays a list of the currently active main mode security associations.
Syntax
show mmsa
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
IPv4AddressPair | IPv6AddressPair | all
Wildcard for IPv4:    0.0.0.0

Wildcard for IPv6:    ::0

all
Examples
The following command displays all main mode SAs active on the local computer:

show mmsa all

The following command displays any existing main mode SA between two specified IP addresses:

show mmsa 192.168.1.1 192.168.2.2

The following command displays any existing main mode SAs that exist between a specified IP address and any other:

show mmsa 192.168.1.1 0.0.0.0

show qmsa
Displays a list of the currently active quick mode security associations.
Syntax
show
{ IPv4AddressPair | IPv6AddressPair | all }
Parameters
IPv4AddressPair | IPv6AddressPair | all
Wildcard for IPv4:    0.0.0.0

Wildcard for IPv6:    ::0

all
Examples
The following command displays all quick mode SAs active on the local computer:

show qmsa all

The following command displays any existing quick mode SA between two specified IP addresses:

show qmsa 192.168.1.1 192.168.2.2

The following command displays any existing quick mode SAs that exist between a specified IP address and any other:

show qmsa 192.168.1.1 0.0.0.0

Master Technician Technology Services
Netsh Technical Reference
Netsh Commands for Wireless Local Area Network (WLAN)
NetshCmdForWlan2
NetshCmdForWlan1
NetshCmdForWinsock0
NetshCmdForInternetNameService
NetshCmdForWinhttp
NetshCmdForFirewall
NetshCmdForAllContexts
Netsh Command Reference
NetshAdvfirewallMonitorCmds
netsh advfirewall mainmode commands
netsh advfirewall firewall commands
netsh advfirewall consec commands
NetshCmdForFirewallAdvancedSecurity