{"id":2095,"date":"2019-02-24T13:49:23","date_gmt":"2019-02-24T12:49:23","guid":{"rendered":"http:\/\/labalec.fr\/erwan\/?p=2095"},"modified":"2019-02-24T14:11:26","modified_gmt":"2019-02-24T13:11:26","slug":"no-wireshark-no-tcpdump-no-problem","status":"publish","type":"post","link":"https:\/\/labalec.fr\/erwan\/?p=2095","title":{"rendered":"No Wireshark? No TCPDump? No Problem!"},"content":{"rendered":"<p>An interesting article about how to perform a network capture when no tools are installed locally.<\/p>\n<p><a href=\"https:\/\/isc.sans.edu\/forums\/diary\/No+Wireshark+No+TCPDump+No+Problem\/19409\/\" rel=\"noopener\" target=\"_blank\">Here<\/a>.<\/p>\n<p>In short, example :<\/p>\n<p>1-netsh trace start capture=yes Ethernet.Type=IPv4  IPv4.Address=157.59.136.1<\/p>\n<p>2-netsh trace stop<\/p>\n<p>3-get your capture in %userprofile%\\AppData\\Local\\Temp\\NetTraces\\NetTrace.etl<br \/>\n-open with Microsoft&rsquo;s Message Analyzer app<br \/>\nor<br \/>\n-convert it with<br \/>\n<code><br \/>\n$s = New-PefTraceSession -Path \u201cC:\\output\\path\\spec\\OutFile.Cap\u201d -SaveOnStop<br \/>\n$s | Add-PefMessageProvider -Provider \u201cC:\\input\\path\\spec\\Input.etl\u201d<br \/>\n$s | Start-PefTraceSession<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An interesting article about how to perform a network capture when no tools are installed locally. Here. In short, example : 1-netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=157.59.136.1 2-netsh trace stop 3-get your capture in %userprofile%\\AppData\\Local\\Temp\\NetTraces\\NetTrace.etl -open with Microsoft&rsquo;s Message Analyzer app or -convert it with $s = New-PefTraceSession -Path \u201cC:\\output\\path\\spec\\OutFile.Cap\u201d -SaveOnStop $s | Add-PefMessageProvider -Provider <a href='https:\/\/labalec.fr\/erwan\/?p=2095' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2095","post","type-post","status-publish","format-standard","hentry","category-network","category-5-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2095"}],"version-history":[{"count":2,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2095\/revisions"}],"predecessor-version":[{"id":2100,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=\/wp\/v2\/posts\/2095\/revisions\/2100"}],"wp:attachment":[{"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/labalec.fr\/erwan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}