Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Capturing network packets on Windows machines when using Wireshark is not an option


    Manoj Chaurasia

    How to capture network packets on a Windows machine if Wireshark is not available and installing it is not an option?

    Wireshark is a convenient tool for capturing network packets on Windows machines but it is generally not installed on Production machines. This article lists a couple of alternatives.

    Packet Monitor (pktmon)

    Documentation - https://docs.microsoft.com/en-us/windows-server/networking/technologies/...

    To start packet capture -

    pktmon start -c -f E:\temp\PktMon.etl

    pktmonstart.thumb.jpeg.64d14101192e4944d0613094edaf4c6d.jpeg

    To stop packet capture -

    pktmon stop

    pktmonstop.thumb.jpeg.28ac07894ab974f2b7ad524fc68ac10b.jpeg

    To convert the output file to pcapng format so that it can be opened in Wireshark -

    pktmon etl2pcap E:\temp\PktMon.etl

    pktmonetl2pcap.thumb.jpeg.f6039d4a4ae3ca428be0bacdea3f3345.jpeg

    Netsh

    Documentation - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/window...(v=ws.11)

    To start packet capture,

    netsh trace start capture=yes tracefile=E:\temp\PktMon.etl

    netshstart.jpeg.9c532679ef740ab41df9467f17d12a87.jpeg

    To stop packet capture -

    netsh trace stop

    netshstop.thumb.jpeg.76cf551cb3a5b26db59733e7a1e64c6d.jpeg

    To convert the output file to pcapng format so that it can be opened in Wireshark, use etl2pcapng.exe from https://github.com/microsoft/etl2pcapng.

    etl2pcapng.exe Netsh.etl Netsh.pcapng

    etl2pcapng.thumb.jpeg.beffa9ee3e65f6540ef14a16b96a5bb1.jpeg


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...