- Review the security
and performance implications of network trace.
- Right-click Command Prompt } Run as Administrator
- Configure the filtered port; replace
%PORT% with the
target port (for example, 80, 443, and so on):
pktmon filter add -t tcp -p %PORT%
- Start the capture:
pktmon start --capture --pkt-size 80 --file-size 2048 --log-mode circular
- This command captures up to 2GB of total data. Change file-size in
MB as needed.
- It also captures up to 80 bytes per packet. Set
--pkt-size 0 if you want to capture full packets although
this has a higher overhead.
- If you receive the error, "Packet monitor is already started," then
first run
pktmon stop and then re-run the command.
- Check for any errors running the previous commands in your
terminal.
- Reproduce the problem.
- Stop the capture:
pktmon stop
- Convert the capture to pcapng format:
pktmon etl2pcap PktMon.etl
- Upload
PktMon.etl and PktMon.pcapng
Previous Section (Windows pktmon Recipe) |
Next Section (Windows 11 perfmon Recipe) |
Back to Table of Contents