Network Trace

published: March 14, 2022 author: Tinu tags: PowerShell categories: PowerShell-Network

---

Table of Contents

• Table of Contents
• Netsh
• Pktmon
• NetEventPacketCapture

Netsh

Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

Reference: Network Shell (Netsh)

netsh trace start persistent=yes capture=yes tracefile=c:\temp\nettrace-boot.etl

netsh trace stop

Pktmon

Windows Server 2022, Windows Server 2019

Reference: Packet Monitor (Pktmon)

pktmon start -c

pktmon stop

pktmon pcapng C:\tmp\PktMon.etl

NetEventPacketCapture

Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

Reference: NetEventPacketCapture

New-NetEventSession -Name 'Session1'

$session = New-NetEventSession -Name 'Session1'
$session.LocalFilePath

New-NetEventSession -Name 'Session1'

Add-NetEventProvider -Name 'Microsoft-Windows-TCPIP' -Name 'Session1'

Start-NetEventSession -Name 'Session1'

Stop-NetEventSession -Name 'Session1'

$log = Get-WinEvent -Path $session.LocalFilePath –Oldest

$log | select Message -First 5

---

← Previous Post ◇ [ Top ] ◇ Copyright © 2024 by tinuwalther ◇ [ Blog ] ◇ Next Post →