Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Capturing network packets on Windows machines when using Wireshark is not an option

    Manoj Chaurasia

    How to capture network packets on a Windows machine if Wireshark is not available and installing it is not an option?

    Wireshark is a convenient tool for capturing network packets on Windows machines but it is generally not installed on Production machines. This article lists a couple of alternatives.

    Packet Monitor (pktmon)

    Documentation -

    To start packet capture -

    pktmon start -c -f E:\temp\PktMon.etl


    To stop packet capture -

    pktmon stop


    To convert the output file to pcapng format so that it can be opened in Wireshark -

    pktmon etl2pcap E:\temp\PktMon.etl



    Documentation -

    To start packet capture,

    netsh trace start capture=yes tracefile=E:\temp\PktMon.etl


    To stop packet capture -

    netsh trace stop


    To convert the output file to pcapng format so that it can be opened in Wireshark, use etl2pcapng.exe from

    etl2pcapng.exe Netsh.etl Netsh.pcapng


    User Feedback

    Recommended Comments

    There are no comments to display.

  • Create New...