How to Reset the TCP/IP Stack in Batch Script

Network connectivity issues, being unable to reach the internet despite a valid Wi-Fi connection, getting "limited connectivity" errors, DNS failures on a machine with correct DNS settings, are often caused by a corrupted TCP/IP stack. The TCP/IP stack is the software layer that handles all network communication. Resetting it clears corrupted configuration data and returns the networking subsystem to its factory-installed state. Automating this with a Batch script ensures all necessary commands execute in the correct order with proper verification.

This guide explains how to build a comprehensive network reset utility.

Understanding What Gets Reset

Network Stack Layers (bottom to top):
  ┌──────────────────────────────────────┐
  │  Applications (Browser, Email, etc.) │  ← Not affected
  ├──────────────────────────────────────┤
  │  DNS Resolver Cache                  │  ← ipconfig /flushdns
  ├──────────────────────────────────────┤
  │  Winsock Catalog                     │  ← netsh winsock reset
  │  (socket layer, apps use this)       │
  ├──────────────────────────────────────┤
  │  TCP/IP Stack                        │  ← netsh int ip reset
  │  (IP addressing, routing, protocols) │
  ├──────────────────────────────────────┤
  │  Network Adapter / Driver            │  ← Not affected (hardware)
  └──────────────────────────────────────┘

Command	What It Resets	When It Helps
`netsh winsock reset`	Winsock Catalog (socket layer)	After removing malware/firewalls that hooked into Winsock
`netsh int ip reset`	TCP/IP registry keys (IP stack)	IP configuration errors, routing issues, "limited connectivity"
`ipconfig /flushdns`	DNS resolver cache	Stale or incorrect DNS mappings
`ipconfig /release` + `/renew`	Current DHCP lease	Wrong IP address, DHCP conflicts
`ipconfig /registerdns`	DNS registration with the DNS server	Name resolution failures on domain networks
`netsh winhttp reset proxy`	WinHTTP proxy settings	System-level proxy misconfiguration

Administrative Privileges Required

Resetting the TCP/IP stack modifies protected system registry keys and requires full administrative access. Without elevation, netsh commands fail with "Requested operation requires elevation" or produce no effect.

Method 1: Complete Network Reset

This method performs a thorough network stack reset, Winsock, TCP/IP, DNS, DHCP, and proxy, with pre-reset network status capture and post-reset verification.

Implementation

@echo off
setlocal

echo ============================================================
echo   TCP/IP Stack and Network Reset Utility
echo ============================================================
echo.

:: =============================================
:: Step 1: Check admin privileges
:: =============================================
net session >nul 2>&1
if errorlevel 1 (
    echo [ERROR] This script must be run as Administrator. >&2
    echo Right-click and select "Run as administrator." >&2
    endlocal
    exit /b 1
)

echo [OK] Running with administrator privileges.
echo.

:: =============================================
:: Step 2: Capture current network state
:: =============================================
echo [INFO] Current network configuration (before reset^):
echo.

:: Show current IP configuration summary
for /f "tokens=2 delims=:" %%a in ('ipconfig ^| findstr /i "IPv4"') do echo   IP Address: %%a
for /f "tokens=2 delims=:" %%a in ('ipconfig ^| findstr /i "Default Gateway" ^| findstr /v "^$"') do echo   Gateway:    %%a
for /f "tokens=2 delims=:" %%a in ('ipconfig ^| findstr /i "DNS Servers" ^| findstr /v "^$"') do echo   DNS:        %%a

echo.

set /p "Confirm=Proceed with network reset? (YES/no): "
if /i not "%Confirm%"=="YES" (
    echo [INFO] Cancelled. No changes made.
    endlocal
    exit /b 0
)

echo.

:: =============================================
:: Step 3: Reset Winsock Catalog
:: =============================================
echo [1/6] Resetting Winsock Catalog...
netsh winsock reset >nul 2>&1
if not errorlevel 1 (
    echo   [OK] Winsock Catalog reset.
) else (
    echo   [WARNING] Winsock reset returned an error. >&2
)

:: =============================================
:: Step 4: Reset TCP/IP Stack
:: =============================================
echo [2/6] Resetting TCP/IP Stack...

set "ResetLog=%TEMP%\tcpip_reset_%RANDOM%.log"
netsh int ip reset "%ResetLog%" >nul 2>&1
if not errorlevel 1 (
    echo   [OK] TCP/IP Stack reset. Log: %ResetLog%
) else (
    echo   [WARNING] TCP/IP reset returned an error. Check the log: %ResetLog% >&2
)

:: =============================================
:: Step 5: Reset WinHTTP proxy
:: =============================================
echo [3/6] Resetting WinHTTP proxy settings...
netsh winhttp reset proxy >nul 2>&1
echo   [OK] Proxy settings reset to direct access.

:: =============================================
:: Step 6: Flush DNS cache
:: =============================================
echo [4/6] Flushing DNS resolver cache...
ipconfig /flushdns >nul 2>&1
echo   [OK] DNS cache flushed.

:: =============================================
:: Step 7: Re-register DNS
:: =============================================
echo [5/6] Re-registering DNS...
ipconfig /registerdns >nul 2>&1
echo   [OK] DNS registration refreshed.

:: =============================================
:: Step 8: Release and renew DHCP lease
:: =============================================
echo [6/6] Releasing and renewing IP address...
ipconfig /release >nul 2>&1
timeout /t 2 /nobreak >nul
ipconfig /renew >nul 2>&1
echo   [OK] IP address renewed.

echo.
echo ============================================================
echo   Network reset complete.
echo ============================================================
echo.
echo   *** A REBOOT IS REQUIRED ***
echo.
echo   The TCP/IP stack and Winsock changes take full effect
echo   only after restarting the computer. Network connectivity
echo   may be limited or absent until you reboot.
echo.
echo ============================================================

:: Log the operation
for /f "delims=" %%t in (
    'powershell -NoProfile -Command "Get-Date -Format ''yyyy-MM-dd HH:mm:ss''"'
) do echo [%%t] NETWORK RESET on %COMPUTERNAME% by %USERNAME% >> "%~dp0network_reset.log"

:: Offer reboot
echo.
set /p "Reboot=Reboot now? (YES/no): "
if /i "%Reboot%"=="YES" (
    echo [ACTION] Rebooting in 10 seconds...
    shutdown /r /t 10 /c "Network reset, restarting to apply changes."
)

endlocal
exit /b 0

Static IP Warning

If this computer uses a static IP address (not DHCP), the reset will revert it to automatic (DHCP). The ipconfig /release and /renew commands will replace the static configuration with a DHCP lease. Note the current IP settings above before proceeding, so they can be reconfigured after the reset if needed.

Why a reboot is mandatory:

The TCP/IP stack is loaded during Windows startup and cached in kernel memory. netsh int ip reset modifies the registry keys that define the stack's configuration, but the running kernel doesn't re-read these keys until the next boot. Without rebooting:

The old (corrupted) stack remains active in memory
New connections may partially work with mixed old/new settings
The reset appears to have failed when it actually succeeded but isn't loaded yet

Why `ipconfig /release` before `/renew`:

Releasing the current IP address clears the adapter's DHCP lease. The subsequent /renew requests a completely fresh lease from the DHCP server. This resolves IP conflicts, stale leases, and situations where the adapter received incorrect DHCP options (wrong gateway, wrong DNS).

What the reset log contains:

netsh int ip reset "%ResetLog%" writes a detailed log of which registry keys were reset. Common entries include:

Resetting , OK!
Resetting Interface, OK!
Resetting Compartment, OK!
Resetting Global, OK!

If any line shows a failure, the log identifies which specific component could not be reset.

Method 2: Quick Network Fix (DNS + DHCP Only)

For situations where the TCP/IP stack itself is likely fine but DNS resolution or IP addressing is the problem. This is faster, less disruptive, and doesn't require a reboot.

@echo off
setlocal

echo [ACTION] Quick network fix (DNS + DHCP refresh^)...
echo.

net session >nul 2>&1
if errorlevel 1 (
    echo [ERROR] Administrator privileges required. >&2
    endlocal
    exit /b 1
)

:: Flush DNS cache
echo [1/3] Flushing DNS cache...
ipconfig /flushdns >nul 2>&1
echo   [OK] DNS cache cleared.

:: Release and renew DHCP
echo [2/3] Renewing IP address...
ipconfig /release >nul 2>&1
timeout /t 2 /nobreak >nul
ipconfig /renew >nul 2>&1
echo   [OK] IP address renewed.

:: Re-register DNS
echo [3/3] Re-registering DNS...
ipconfig /registerdns >nul 2>&1
echo   [OK] DNS registration refreshed.

echo.

:: Verify connectivity
echo [INFO] Testing connectivity...
ping -n 1 -w 3000 8.8.8.8 >nul 2>&1
if not errorlevel 1 (
    echo   [OK] Internet connectivity confirmed (8.8.8.8 reachable^).
) else (
    echo   [WARNING] Cannot reach 8.8.8.8. >&2
    echo   If the quick fix didn't work, run the full reset (Method 1^). >&2
)

echo.
echo [INFO] No reboot required for this fix.

endlocal
exit /b 0

When to use Method 1 vs. Method 2:

Symptom	Method
DNS resolution fails ("site not found" but IP ping works)	Method 2 (quick fix)
"Limited connectivity" or no IP address assigned	Method 2 first, then Method 1 if it fails
Internet worked yesterday, not today (no changes made)	Method 2 first
Network broken after installing/removing VPN or firewall	Method 1 (full reset)
Network broken after removing malware	Method 1 (full reset)
"No internet" despite valid Wi-Fi connection	Method 1 (full reset)
Nothing else has fixed the issue	Method 1 (full reset)

Method 3: Network Adapter Reset

When the TCP/IP stack reset doesn't resolve the issue, the problem may be at the adapter level. This method disables and re-enables the network adapter, the software equivalent of unplugging and reconnecting the network cable.

@echo off
setlocal EnableExtensions

echo [INFO] Resetting network adapters...
echo.

:: Admin check
net session >nul 2>&1
if errorlevel 1 (
    echo [ERROR] Administrator privileges required. >&2
    endlocal
    exit /b 1
)

echo [INFO] Active network adapters:
echo.

powershell -NoProfile -Command "Get-NetAdapter | Where-Object Status -eq 'Up' | ForEach-Object { Write-Host ('  ' + $_.Name + ': ' + $_.InterfaceDescription + ' [' + $_.Status + ']') }"

echo.

set /p "Confirm=Disable and re-enable all active adapters? (YES/no): "
if /i not "%Confirm%"=="YES" (
    echo [INFO] Cancelled.
    endlocal
    exit /b 0
)

echo.
echo [ACTION] Resetting network adapters...
echo.

powershell -NoProfile -Command "Get-NetAdapter | Where-Object Status -eq 'Up' | ForEach-Object { Write-Host ('  Disabling ' + $_.Name + '...'); Disable-NetAdapter -Name $_.Name -Confirm:$false; Start-Sleep -Seconds 3; Write-Host ('  Enabling ' + $_.Name + '...'); Enable-NetAdapter -Name $_.Name -Confirm:$false; Write-Host ('  [OK] ' + $_.Name + ' reset.'); Write-Host '' }"

echo [INFO] Waiting for adapters to reconnect...
timeout /t 5 /nobreak >nul

ping -n 1 -w 3000 8.8.8.8 >nul 2>&1
if not errorlevel 1 (
    echo [OK] Internet connectivity confirmed.
) else (
    echo [WARNING] No connectivity yet. It may take a moment to reconnect. >&2
)

endlocal
exit /b 0

When Adapter Reset Helps

Disabling and re-enabling the adapter forces the driver to reinitialize the hardware connection. This resolves issues that the TCP/IP stack reset cannot:

Adapter stuck in a "connected but no internet" state
Wi-Fi adapter not detecting available networks
VPN software left the adapter in an incorrect state after crashing
Wake-from-sleep caused the adapter to malfunction

This is the software equivalent of the classic "unplug the Ethernet cable and plug it back in" fix.

Method 4: Network Diagnostics Report

Before running any reset, capture a diagnostic snapshot to help identify the root cause. This is especially useful when supporting remote users.

@echo off
setlocal

set "ReportFile=%~dp0network_diag_%COMPUTERNAME%.txt"

echo [INFO] Generating network diagnostics report...
echo.

(
    echo ==================================================
    echo   NETWORK DIAGNOSTICS REPORT
    echo ==================================================
    echo Computer:  %COMPUTERNAME%
    echo User:      %USERNAME%
    echo Date:      %date% %time%
    echo.

    echo --- IP Configuration ---
    ipconfig /all
    echo.

    echo --- DNS Cache ---
    ipconfig /displaydns | findstr "Record Name"
    echo.

    echo --- Routing Table ---
    route print -4
    echo.

    echo --- Active Connections ---
    netstat -an | findstr "ESTABLISHED LISTENING"
    echo.

    echo --- Connectivity Tests ---
    echo Ping 127.0.0.1 (loopback^):
    ping -n 1 127.0.0.1 | findstr "Reply"
    echo.

    echo Ping 8.8.8.8 (internet^):
    ping -n 1 -w 3000 8.8.8.8 | findstr "Reply time"
    echo.

    echo Ping google.com (DNS resolution^):
    ping -n 1 -w 3000 google.com | findstr "Reply Pinging"
    echo.

    echo --- WinHTTP Proxy ---
    netsh winhttp show proxy
    echo.

    echo ==================================================
) > "%ReportFile%"

echo [OK] Report saved to: %ReportFile%
echo.
echo [INFO] Key findings:
echo.

:: Quick automated analysis
ping -n 1 127.0.0.1 >nul 2>&1
if errorlevel 1 (
    echo   [CRITICAL] Loopback (127.0.0.1^) failed - TCP/IP stack is broken.
    echo   -> Run Method 1 (full TCP/IP reset^)
    endlocal
    exit /b 0
)

ping -n 1 -w 3000 8.8.8.8 >nul 2>&1
if errorlevel 1 (
    echo   [ISSUE] Cannot reach external IP (8.8.8.8^) - connectivity problem.
    echo   -> Run Method 1 (full reset^) or check physical connection.
) else (
    ping -n 1 -w 3000 google.com >nul 2>&1
    if errorlevel 1 (
        echo   [ISSUE] IP works but DNS fails - DNS configuration problem.
        echo   -> Run Method 2 (quick DNS fix^)
    ) else (
        echo   [OK] Network connectivity appears functional.
        echo   The issue may be application-specific, not network-wide.
    )
)

endlocal
exit /b 0

Diagnostic interpretation:

Test Result	Diagnosis	Fix
Loopback (127.0.0.1) fails	TCP/IP stack is completely broken	Method 1 (full reset + reboot)
Loopback works, IP (8.8.8.8) fails	Connection to external networks is broken	Method 1 or check physical connection
IP works, DNS (google.com) fails	DNS configuration issue	Method 2 (quick DNS fix)
All tests pass	Network is functional; issue is elsewhere	Check specific application or website

Troubleshooting Sequence

When a user reports "internet is not working," run the diagnostics (Method 4) first to identify the specific layer that's broken. Then apply the targeted fix:

Method 4 → Diagnose
Method 2 → Try the quick fix first (no reboot needed)
Method 1 → Full reset if quick fix doesn't work (requires reboot)
Method 3 → Adapter reset if TCP/IP reset doesn't work
Driver reinstall → If nothing else works (hardware/driver issue)

How to Avoid Common Errors

Wrong Way: Skipping the Reboot

netsh int ip reset
netsh winsock reset
:: (User immediately tries to browse the web)
:: Result: "Still broken! The reset didn't work!"

The TCP/IP stack changes are registry-based. The running kernel keeps using the old configuration until reboot.

Correct Way: Always reboot after a full stack reset (Method 1). Method 2 (DNS/DHCP only) does NOT require a reboot.

Wrong Way: Running Reset Without Admin Rights

:: Silently fails, netsh produces no error message but makes no changes
netsh winsock reset
:: The Winsock catalog is not actually reset

Without elevation, netsh may appear to succeed but actually does nothing. Always verify admin rights first.

Correct Way: All methods check net session for elevation before proceeding.

Problem: Static IP Lost After Reset

ipconfig /release and /renew replace a static IP configuration with a DHCP lease. Servers, printers, and special-purpose workstations that use static IPs will lose their configuration.

Solution: Method 1 displays the current IP configuration before the reset so the administrator can note the settings. After the reset and reboot, reconfigure the static IP manually or via script:

netsh interface ip set address "Ethernet" static 192.168.1.100 255.255.255.0 192.168.1.1
netsh interface ip set dns "Ethernet" static 8.8.8.8

Problem: VPN or Firewall Left Winsock Hooks

Third-party VPN clients and firewalls install Winsock Layered Service Providers (LSPs) that intercept network traffic. If the VPN or firewall is uninstalled improperly, these hooks remain and corrupt network communication.

Solution: netsh winsock reset removes all non-default LSPs, restoring the Winsock catalog to its original state. This is the specific fix for post-uninstall VPN/firewall network breakage.

Problem: Reset Log Path Error

netsh int ip reset requires a writable path for its log file. If you specify a path to a non-existent directory or a read-only location, the command fails.

Solution: Use %TEMP% which is always writable:

netsh int ip reset "%TEMP%\tcpip_reset.log"

Best Practices and Rules

1. Diagnose Before Resetting

Run Method 4's diagnostic first. A DNS-only issue doesn't need a full TCP/IP stack reset, Method 2's quick fix is sufficient and doesn't require a reboot.

2. Reboot After Full Stack Reset

The TCP/IP stack and Winsock changes only take effect after a restart. Always include a reboot prompt.

3. Document Static IP Settings Before Reset

If the machine uses a static IP, record the settings before the reset. Method 1 displays the current configuration for this purpose.

4. Try the Quick Fix (Method 2) First

DNS flush + DHCP renew resolves most transient network issues. It's fast, requires no reboot, and is much less disruptive than a full stack reset.

5. Use Adapter Reset for Driver-Level Issues

If the TCP/IP stack reset doesn't help, the issue may be at the adapter/driver level (Method 3). This is the software equivalent of physically reconnecting the network cable.

6. Check Hardware If Nothing Software Works

If all software resets fail, the problem is likely physical: a disconnected cable, a failed Wi-Fi card, a crashed router, or a firewall appliance blocking traffic.

Conclusion

Resetting the TCP/IP stack is the definitive software fix for persistent network connectivity issues. By combining Winsock reset, TCP/IP stack reset, DNS flushing, DHCP renewal, and proxy reset into a single automated script, with proper diagnostics, static-IP preservation, and mandatory reboot guidance, you create a comprehensive network repair utility. Start with the quick fix (Method 2) for simple issues, escalate to the full reset (Method 1) for persistent problems, and use adapter reset (Method 3) when the stack itself is healthy but the connection won't establish.

Understanding What Gets Reset​

Method 1: Complete Network Reset​

Implementation​

Why a reboot is mandatory:​

Why ipconfig /release before /renew:​

What the reset log contains:​

Method 2: Quick Network Fix (DNS + DHCP Only)​

When to use Method 1 vs. Method 2:​

Method 3: Network Adapter Reset​

Method 4: Network Diagnostics Report​

Diagnostic interpretation:​

How to Avoid Common Errors​

Wrong Way: Skipping the Reboot​

Wrong Way: Running Reset Without Admin Rights​

Problem: Static IP Lost After Reset​

Problem: VPN or Firewall Left Winsock Hooks​

Problem: Reset Log Path Error​

Best Practices and Rules​

1. Diagnose Before Resetting​

2. Reboot After Full Stack Reset​

3. Document Static IP Settings Before Reset​

4. Try the Quick Fix (Method 2) First​

5. Use Adapter Reset for Driver-Level Issues​

6. Check Hardware If Nothing Software Works​

Conclusion​

Table of Contents