Capture a network trace without installing anything on Windows

Netsh the native tool on Windows

On Microsoft Windows systems, you can perform a network capture without installing any tools.

This is particularly useful on production servers where you can't install any software or if your server has not a graphical interface (Windows Server Core or Nano mode).

By default, Microsoft systems include the netsh utility that allows you to perform a large number of actions.

Although the article only indicates the network capture part, netsh is a very powerful tool (firewall management, MTU modification, etc.).

To perform a network capture, open a CMD or PowerShell as an administrator:

netsh trace start capture=yes persistent=yes

The persistent=yes parameter is optional, it allows you to take a log when you restart the computer.

To stop the capture:

netsh trace stop

By default the saved trace are saved in C:\Users\<account>\AppData\Local\Temp\NetTraces\NetTrace.etl.

This file can be opened with Microsoft Message Analyzer.

Previous Post Réaliser une capture réseau sans rien installer sur Windows

Next Post Vérifier la version TLS utilisée

Comments

Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France

Capture a network trace without installing anything on Windows

Netsh the native tool on Windows

Comments

Les risques liés au déploiement d'applications à partir du Microsoft Store avec Intune

The risks of deploying apps from the Microsoft Store with Intune

Retrieving MSI file information with PowerShell