This ETL file is converted using Microsoft Message Analyzer:Ģ. You can obviously change the capture name and location if you want. The default maxSize is 250MB but it can be changed. The ETL file can be sent to anyone to convert it to a PCAP file for Wireshark viewing. Netsh trace start capture=yes IPv4.Address=X.X.X.X overwrite=no maxSize=500 tracefile=c:\MYCAP1.etl Or you can add an IP Address you want to target: If you ever need to do a packet capture on a Windows PC/Server and you don’t have or can’t install Wireshark, you can run this Windows command: netsh trace start capture=yes overwrite=no maxSize=500 tracefile=c:\MYCAP1.etl Set a size and rotate the log files: tcpdump –nni -C -W -v –w Įxample for us using 1G of space (you can adjust it) and timestamp the output cap file: tcpdump -nni eth0 -v -C 1000 -W 10 -w ~/"oncore-prod_`date '+%Y-%m-%d_%H:%M:%S'`.pcap" :space after date
0 kommentar(er)
