Getting Started With Microsoft’s netsh

There are many challenges we face when I want to capture packets while troubleshooting.

• Installing a packet capture tool such as Microsoft’s Netmon or Wireshark, might be a deal breaker for some admins.

• Using a span or mirror port might not be available or add excessive latency to packets.

In most cases I would be happy with a solution that simply captures the packets and I can analyze the data on another system.

Many analysts I speak to are not aware that most Microsoft operating systems allow you to capture packets without installing anything on it. The command is netsh trace start etc…

In this video I show you how to get started by capturing data and making the trace compatible for Wireshark.