Capture a network trace without installing anything on Windows

Netsh the native tool on Windows

On Microsoft Windows systems, you can perform a network capture without installing any tools.

This is particularly useful on production servers where you can't install any software or if your server has not a graphical interface (Windows Server Core or Nano mode).

By default, Microsoft systems include the netsh utility that allows you to perform a large number of actions.

Although the article only indicates the network capture part, netsh is a very powerful tool (firewall management, MTU modification, etc.).

To perform a network capture, open a CMD or PowerShell as an administrator:

netsh trace start capture=yes persistent=yes

The persistent=yes parameter is optional, it allows you to take a log when you restart the computer.

To stop the capture:

netsh trace stop

By default the saved trace are saved in C:\Users\<account>\AppData\Local\Temp\NetTraces\NetTrace.etl.

This file can be opened with Microsoft Message Analyzer.

Clap

Comments

Bastien Perez

Freelance Microsoft 365 - Active Directory - Modern Workplace

France

Featured Posts

I'm now Microsoft MVP Identity and Access!

Capture a network trace without installing anything on Windows

Netsh the native tool on Windows

Comments

Bastien Perez

Featured Posts

Les risques liés au déploiement d'applications à partir du Microsoft Store avec Intune

The risks of deploying apps from the Microsoft Store with Intune

Retrieving MSI file information with PowerShell