Using NETSH to Capture Packets
Outages . Aside from the massive pressure of having to restore service, they can be pretty useful to learn new things. One recent discovery that was news to me is that you can use netsh to capture network traces. It appears on modern-ish operating systems (Windows 7/Windows 2008 R2 and above) you no longer need to install your favorite packet tracing application to capture packets. Who doesn’t like to cuddle up with a nice packet trace, eh? Obviously if you’re on a desktop OS, you should just load packet capturing utility of choice (and it had better be Network Monitor if you intend to open the .ETL trace ) -- unless you like to read it in some other way. That would mean your skillz are simply amazing and are wasting your time here! RUNNING A TRACE The most basic way to start and stop a trace is by performing the following commands: As you can see, netsh displays the trace configuration as well. It’s not the full configuration of defaults though. netsh trace start capture=ye