<

Windows 10:- Sniffer/Packet Capture

Posted on
6,214 Points
14 Views
2 Endorsements
Last Modified:
Published
Experience Level: Intermediate
3:25
Edward van Biljon (MVP)
Experienced Messaging Specialist with a demonstrated history of working in the information technology and services industry.
In this video we show you how you can capture traffic in Windows 10 using a built-in app called pktmon. We also show you how you can convert the ETL created to a txt file so you can easily read the data.

Video Steps

1. Launch CMD

Click the start button and type in cmd and run it as administrator.

2. Run Start Command

In the window type in "pktmon start --etw.

3. Run Stop Command

In the same window, run "pktmon stop". This will stop the capture and create the file in location "C:\Windows\System32\pktmon.ETL"

4. Convert ETL to TXT

In the same window type in, "pktmon format PktMon.etl -o mylog.txt. You can now navigate to the location listed in Step 3 to view the TXT file.
2
  • 2
2 Comments
LVL 37

Comment

by:Andrew Leniart
What an excellent video about a Windows 10 function I had no idea even existed. Thanks for this information Ed. Very useful!

Endorsed!

Regards, Andrew
0
LVL 37

Comment

by:Andrew Leniart
0
This is a showcase article for admins, who intend to go passwordless. I finally got there and it was quite a ride, so to say.
Generally, an F248 error code will be caused by incorrect drivers on a Windows computer.  Ensuring you have correct drivers installed and are not using Microsoft IPP Class Drivers and are not using a WSD port, are the most common solutions. This can…