Learn about my 2012 Core Survival Guide here.

Netmon capturing

In this blog we are going to look at collecting a network capture using the NetSh.exe command.  This tool will produce an .etl trace that can be read in Netmon.  While in Netmon you will need to make the active parser "Windows" in order to parse the file correctly.

How to collect a network Trace

Command:

netsh trace start capture=yes tracefile=.\mytrace.etl maxsize=300

In the output below we have started collecting data in a 300mb Circular log. In order to review this data you will need to stop the collection and move the data to a box that has NetMon installed.

 

How to stop the network trace

Command:

netsh trace stop

In the output below we stopped the network trace.  Notice the location of the final output. 

 

I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

Bruce