pktmon - Packet Monitor - "tcpdump" on windows

• Reference:

  • Pktmon command formatting

  • pktmon filter

Quick start

# Define filter
C:\Test> pktmon filter add help
C:\Test> pktmon filter add <filters>

# Start the capture
C:\Test> pktmon start -c

# Check Counter
C:\Test> pktmon counters

# Stop the capture and retrieve logs in txt format for analysis
C:\Test> pktmon stop
C:\Test> pktmon etl2txt <etl file>

Filter and Capture Examples

• Capture any ICMP traffic from or to the IP address 10.0.0.10 as well as any traffic on port 53:

• Capture all the SYN packets sent or received by the IP address 10.0.0.10:

• Display/remove active packet filters

• Capture packets of only the network adapters:

• Capture only the dropped packets that pass through components 4 and 5, and log them:

• Capture packets and log events from the provider "Microsoft-Windows-TCPIP":