Want to keep an eye on your network traffic? pktmon (Packet Monitor) is a handy tool built into Windows that lets you capture and analyse packets. Here’s a simple guide to get you started:
Introduction
pktmon is a cool network diagnostics tool available in Windows 10 and later. It helps you capture network traffic, apply filters, and dig into the data. Whether you’re troubleshooting or just curious about what’s happening on your network, pktmon has got you covered.
Steps to Use pktmon
Open Command Prompt as Administrator: Search for “cmd” or “Command Prompt” in the Start menu, right-click, and select “Run as administrator” (you need admin rights to capture packets).
Start Packet Capture: To start capturing packets, type the below:
pktmon start --capture
This command kicks off the packet capture process (you’ll see it running in the background).
Add Filters (Optional): Want to capture specific traffic? Add filters! For example, to capture traffic to and from a specific IP address, type the below:
pktmon filter add -i <IP_ADDRESS>
Replace <IP_ADDRESS> with the actual IP address you want to filter.
Stop Packet Capture: Once you’ve got enough data, stop the capture with
pktmon stop.
(Don’t forget to stop it, or it’ll keep running!)
Convert Logs to Text: Convert the captured logs to a readable text format by typing
pktmon etl2txt PktMon.etl -o output.txt
This will turn the PktMon.etl file into output.txt (makes it easier to read).
Analyse the Logs: Open the output.txt file in any text editor to check out the captured packets (now you can see all the details).
Conclusion
Using pktmon is a straightforward way to monitor and analyse network traffic on your Windows machine. Just follow these steps to capture packets, apply filters, and convert logs for detailed analysis. For more advanced usage and detailed information, check out the official Microsoft documentation.
Got any questions or need more help? Just let me know! (I’m here to help!)
