Awesome Technique for Win7/2008 R2 Network Captures

Posted: June 20, 2011 in Windows

via Friday Mail Sack: Gargamel Edition – Ask the Directory Services Team – Site Home – TechNet Blogs.

A cool method that is too small to rate a full blog post: if you need to get a network capture on a Windows 7 or Windows Server 2008 R2 computer and you do not have or want Netmon installed, you can use NETSH.EXE.

From an elevated CMD prompt run:

netsh trace start capture=yes tracefile=c:\yourcapture.etl

Do whatever you needed to do

netsh trace stop

Boom – network capture, written in ETL format.

Open that file in Netmon 3.4 and you get all the usual capture info, plus other conversation and process info. AND other cool stuff – open the CAB file it created and you find a bunch of useful files with IP info, firewall event logs, applied group policies, driver versions, and more. All the goo I gather manually when I am getting a capture. Sweet!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s