Netsh the native tool on Windows
On Microsoft Windows systems, you can perform a network capture without installing any tools.
This is particularly useful on production servers where you can't install any software or if your server has not a graphical interface (Windows Server Core or Nano mode).
By default, Microsoft systems include the
netsh utility that allows you to perform a large number of actions.
Although the article only indicates the network capture part, netsh is a very powerful tool (firewall management, MTU modification, etc.).
To perform a network capture, open a CMD or PowerShell as an administrator:
netsh trace start capture=yes persistent=yes
persistent=yes parameter is optional, it allows you to take a log when you restart the computer.
To stop the capture:
netsh trace stop
By default the saved trace are saved in
This file can be opened with Microsoft Message Analyzer.