Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
How can I perform a packet capture in Windows with built-in utility?
12/20/2019 
16 
12054
DESCRIPTION:
This article explains how to use the built-in Windows packet capture utility. A packet capture can assist with troubleshooting while investigating a network issue.
RESOLUTION:
- Open an elevated CMD prompt.
- Open the start menu and type CMD in the search bar.
- Right click the command prompt and Run as Administrator.
- Enter the following command.
netsh trace start capture=yes
- You can use the following command if you want to specify the IP address.
netsh trace start capture=yes IPv4.Address=X.X.X.X
- When completed, run the following command.
netsh trace stop
- Once the data collection has finished, attach both the files (NetTrace.cab and NetTrace.etl) to the case; the file location will be displayed in the CMD prompt once the data collection has been finished.
- These files can be opened with Microsoft Message Analyzer.
- Once the file has been loaded into Message Analyzer you can export it to pcap to view in wireshark.
- First you click Save.
- Then Click Export .
- You can now open that file in wireshark and view the packet capture.
- First you click Save.
