WingNews logo WingNews
top | item 11304640

(no title)

kubov | 10 years ago

You can use netsh on Windows without need to install anything external (beside capture file viewer - Microsoft's Message Analyzer - but that can be done on your workstation rather than servers)

  netsh trace start capture=yes IPv4.Address=10.2.0.1

  netsh trace stop
The last command will output path to .etl file containing captured packets.

https://technet.microsoft.com/en-us/library/dd878517(v=ws.10...

https://isc.sans.edu/forums/diary/No+Wireshark+No+TCPDump+No...

discuss

order

richardwhiuk|10 years ago

What's really irritating about the windows stack is how difficult it is to dump local host traffic compared to the same problem on Linux. I believe it's because the loopback interface isn't as completely implemented.