How can I perform a packet capture in Windows with built-in utility?

Description

This article explains how to use the built-in Windows packet capture utility. A packet capture can assist with troubleshooting while investigating a network issue.

Resolution

  • Open an elevated CMD prompt.
    • Open the start menu and type CMD in the search bar.
    • Right click  the command prompt and Run as Administrator.

      Image
  • Enter the following command.

                 netsh trace start capture=yes

  • You can use the following command if you want to specify the IP address.
             netsh trace start capture=yes IPv4.Address=X.X.X.X
    Image

  • When completed, run the following command.

                 netsh trace stop

  • Once the data collection has finished, attach both the files (NetTrace.cab and NetTrace.etl) to the case; the file location will be displayed in the CMD prompt once the data collection has been finished.

    Image

  • These files can be opened with Microsoft Message Analyzer. NOTE: Microsoft Message Analyzer has been retired 
  • Once the file has been loaded into Message Analyzer you can export it to pcap to view in wireshark.
    • First you click Save.
    • Then Click Export .
      Image

    • You can now open that file in wireshark and view the packet capture.
      Image

Related Articles

  • SonicWall UTM throws an error : " Invalid Authentication " Error: SN and EPAID Do Not Match
    Read More
  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More

Categories

Firewalls
NSa Series
System
Firewalls
TZ Series
System
Firewalls
NSv Series
System
not finding your answers?
Ask the Community
was this article helpful?
YesNo