Netsh, the native tool on Windows
On Microsoft Windows systems, it is possible to perform a network capture without installing any tools.
This is particularly useful on production servers where it is not possible to install software or those without a graphical interface (Windows Server in Core or Nano mode).
By default, Microsoft systems include the netsh utility that allows you to perform a large number of actions.
Although the article only indicates the network capture part, netsh is a very powerful tool (firewall management, MTU modification, etc.).
To perform a network capture, open a CMD or PowerShell as an administrator:
<strong>netsh trace start capture=yes</strong> <strong>persistent=yes</strong>
The persistent = yes parameter is optional, it allows you to take a log when you restart the computer.
To stop the capture:
<strong>netsh trace stop</strong>
By default the saved trace are saved in C:\Users\<admin account>\AppData\Local\Temp\NetTraces\NetTrace.etl
This file must be open with Microsoft Message Analyzer.
Pingback: ITPro-Tips – Windows – Réaliser une capture réseau sans rien installer sur Windows