In this blog we are going to look at collecting a network capture using the NetSh.exe command. This tool will produce an .etl trace that can be read in Netmon. While in Netmon you will need to make the active parser “Windows” in order to parse the file correctly.
How to collect a network Trace
netsh trace start capture=yes tracefile=.\mytrace.etl maxsize=300
In the output below we have started collecting data in a 300mb Circular log. In order to review this data you will need to stop the collection and move the data to a box that has NetMon installed.
How to stop the network trace
netsh trace stop
In the output below we stopped the network trace. Notice the location of the final output.
I hope you found this useful. Please leave me a comment. Let me know if there are any core tasks you would like me to cover.