Using Microsoft Netmon at the command line

After my last article about Microsoft’s Netmon got quite a bit of attention.

One common point raised by more than one person is that Netmon would be so much better if it had command line support.

I knew it did, but never used it and was surprised how feature rich it was.

In the following video I go through some of the basics to get you going.

Here are the commands I used that you can copy and paste to save some keystrokes.

  • Nmcap /usage

  • Nmcap /displaynetworks

  • NMCap /network 3

  • NMCap /network 3 /capture /file 3.cap

  • nmcap /network 3 /capture ipv4.address == /file ip.cap /StartWhen /Time 4:48:00 pM 10/22/2014 /StopWhen /TimeAfter 20 min


