If you need to monitor the network traffic of a Windows client or server and you don’t want to install software such as Network Monitor or third-party tools such as Wireshark you can achieve the same results by using the native netsh console command, available on all Windows platforms starting from Windows 7, Windows Server 2008 R2 and above.
In order to use that you just need to open a elevated command prompt and issue the following command:
netsh trace start persistent=yes capture=yes tracefile=c:\temp\netsh-trace.etl
NOTE: If the /temp/ folder is not present in your system either create it or change the .etl file path accordingly.
It’s important to understand the usage of the persistent parameter: if you set it to yes the tracing will be kept active event after a system shutdown / reboot, meaning that you’ll be able to monitor your traffic even after a Windows reboot: this will be useful to inspect & solve slow boot related issues. Just be sure to remember that, once you create a persistent tracing, you’ll also have to shut it down when you’re done by issuing the following command:
netsh trace stop
The complete tracing log will be stored into the netsh-trace.etl file: you can choose any extension you like, but keeping .etl gives you the option to open it with Network Monitor.
That’s it for now: happy networking!