Windows packet capture

 

1. Start CMD Run as Administrator.

2. netsh trace start capture=yes IPv4.Address=X.X.X.X CaptureInterface=""

3. netsh trace stop

4. etl2pcapng.exe in.etl out.pcapng

=======

https://github.com/microsoft/etl2pcapng/releases

netsh trace show capturefilterHelp

netsh trace show interfaces