- Review the security
and performance implications of network trace.
- Right-click Command Prompt } Run as Administrator
- Start the capture:
pktmon start --capture --pkt-size 80 --file-size 2048 --log-mode circular
- This command captures up to 2GB of total data. Change file-size in
MB as needed.
- It also captures up to 80 bytes per packet. Set
--pkt-size 0
if you want to capture full packets although
this has a higher overhead.
- If you receive the error, "Packet monitor is already started," then
first run
pktmon stop
and then re-run the command.
- Check for any errors running the previous commands in your
terminal.
- Reproduce the problem.
- Stop the capture:
pktmon stop
- Convert the capture to pcapng format:
pktmon etl2pcap PktMon.etl
- Upload
PktMon.etl
and PktMon.pcapng
Previous Section (Troubleshooting Windows Recipes) |
Next Section (Windows pktmon on a port Recipe) |
Back to Table of Contents