No Wireshark? No TCPDump? No Problem!

 network  Add comments
Fév 242019
 

An interesting article about how to perform a network capture when no tools are installed locally.

Here.

In short, example :

1-netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=157.59.136.1

2-netsh trace stop

3-get your capture in %userprofile%\AppData\Local\Temp\NetTraces\NetTrace.etl
-open with Microsoft’s Message Analyzer app
or
-convert it with

$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl”
$s | Start-PefTraceSession

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.