Capturing Packets Natively in Microsoft Windows

When having trouble installing Wireshark, Microsoft’s built in packet capture command netsh can be used.

Tony Fortunato

March 19, 2020

 

I’ve been there before. I wanted to capture packets from someone’s Windows computer, and I couldn’t install Wireshark for a variety of reasons.

Then I go down the rabbit hole of options: SPAN, hub, TAP, etc. Each option has its own pros and cons that you need to determine on the fly for each scenario. Even the ‘portable’ version of Wireshark isn’t entirely portable, and you may run into challenges trying to run it.

After some research, and testing, I’ve decided to use Microsoft’s built in packet capture commands and no, I’m not referring to Network Monitor. This is a simple netsh command to start and stop a capture.

Most of the details are in the video, but here’s the summary of some common commands

To display which interfaces Windows can use and their identification:

netsh trace show interfaces

To capture 11 MB from your Wi-Fi interface

netsh trace start capture=yes CaptureInterface=”Wi-Fi” tracefile=f:tracestrace.etl” maxsize=11

Check your capture status

netsh trace show status

To stop your capture

netsh trace stop

Capture 11 MB from your Wi-Fi interface to and from host 192.168.1.1

Netsh trace start capture=yes CaptureInterface="Wi-Fi " IPv4.Address=192.168.1.1tracefile=D:trace.etl" maxsize=11

After you have your packets captured scoot over to https://github.com/microsoft/etl2pcapng/releases and download etl2pcapng. Then unzip in any folder and you’re ready to convert those etl files to pcapng.

Hope that helps you and happy packet hunting.

About the Author

Tony Fortunato

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

See more from Tony Fortunato
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Reports
More Reports

Editor's Choice

Integrating the new APs into Dartmouth’s existing network infrastructure was no small feat. Mist’s AI-driven insights made this easier.
Network Management
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend

Sep 12, 2024

Extensive communications outages from Hurricane Helene drive home the need for new approaches to strengthen network resiliency.
Network Resilience
Hurricane Helene Communications Outages Show Need for Greater Network Resilience
Hurricane Helene Outages Show Need for Greater Network Resilience

Oct 3, 2024

Satellite services could bridge the digital divide in remote areas through partnerships like the SoftBank-Intelsat collaboration announced last month.
Network Infrastructure
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network

Oct 9, 2024

White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events