Fév 242019

An interesting article about how to perform a network capture when no tools are installed locally.


In short, example :

1-netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=

2-netsh trace stop

3-get your capture in %userprofile%\AppData\Local\Temp\NetTraces\NetTrace.etl
-open with Microsoft’s Message Analyzer app
-convert it with

$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl”
$s | Start-PefTraceSession

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.