What is and how to use the Windows 10 sniffer

Windows Articles

How To Configure Slave BIND DNS Server On Ubuntu 20.04

In our previous guide we covered the setup of Master(Primary) DNS Server. Here we'll learn that how to configure slave bind dns server on...

Install Fossil on Linux – An alternative to Git

Hello, friends. In this post, we will talk about a serious alternative to Git. In a few words, we'll show you how to install...

How to backup and restore BCD in Windows 10

Hi! Boot Configuration Data (BCD) is a set of data where the system boot information is stored. In addition, from there the operating systems...

How To Install and Configure Master BIND DNS Server On Ubuntu 20.04

Today we are going to learn that how to install and configure Master BIND DNS server on Ubuntu 20.04. As you all know that...

Diskpart is a very useful tool for managing storage in Windows 10.

Hello! Diskpart is an internal tool included in Windows systems that allows you to manage storage units. Indeed, it is possible to manage internal...

Hi! Microsoft wants Windows 10 to be the best version of their operating systems. In fact, updates incorporate new features that boost performance. However, there are features already included and little-publicized. Sometimes, these features are very useful and interesting for the user. In this case, we will talk about sniffer, an addition present since the October 2018 update, and very little known. Specifically, this is not a setting that modifies any aspect of the desktop. On the contrary, it is a tool to control the activity and latency of the network connection. Well, in this post we will see what is it and how to use the Windows 10 sniffer.

What is the Windows 10 sniffer?

This is a function to control or monitor the propagation of data packets. Consequently, it is possible to detect certain problems in the network. For example, an increase in latency and affected applications. It is very likely that you have looked for third-party apps to monitor the network without knowing that the system includes its own sniffer. The main function of these sniffers is to detect possible network failures.

As far as Windows 10 is concerned it is a command-line based tool called Packet Monitor. Therefore, to use it it is necessary to manage it from PowerShell.

How to use Package Monitor in Windows 10

As mentioned, to use Packet Monitor you need to launch a PowerShell with administrator privileges. With this intention, please press the Win+X combination, and from there select the option.

Launch a PowerShell with administrator privileges.
Launch a PowerShell with administrator privileges.

The correct syntax of PktMon is:

pktmon { filter | comp | reset | start | stop } [OPTIONS | help]

Below, I show you the available commands:

  • filter: Manages packet filters
  • comp: Manages the registered components.
  • reset: Resets the counters to zero
  • start: Starts package monitoring
  • stop: Stop monitoring.
  • format: Converts the log file to text
  • unload: Download the PktMon controller

If we need more help on a specific command, then we can use the following command:

Pktmon commando help.
PowerShell running the Pktmon start help command
PowerShell running the Pktmon start help command

Executing this instruction will display information about the syntax and possible commands to be used. This is the available syntax and command:

pktmon start { list | add | remove } [OPTIONS | help]

Commandos:

  • list: Shows the active packet filters.
  • add: Adds a filter to control which packets are notified.
  • remove: Remove all filters
pktmon comp { list | counters } [OPTIONS | help]

Commands:

  • list: Lists all active components.
  • counters: Shows the current counters per component

Other useful commands

pktmon reset[-counters]

Resets all component counters to zero.

pktmon start [-c { all | nics | [ids…] }] [-d] [–etw [-p size] [-k keywords]]  [-f] [-s] [-r] [-m]

Start package monitoring.

  • c, –components: Select the components to be monitored. This can be all components, only NICs, or a list of component IDs. The default is all.
  • -d, –drop-only: Only report discarded packages. Additionally, by default, the correct propagation of packets is also reported.

ETW Registry

  • –etw: Logs in for packet capture.
  • p, –packet-size: Number of bytes to be recorded from each packet. On the other hand, to always register the entire package, please set the value to 0.
  • k, –keywords: Hexadecimal bit mask that controls which events are recorded. That is the sum of the following marks. By default, all events are logged.
  • f, –file-name: Log file .etl. In addition, the default value is PktMon.etl.
  • -s, –file-size: Maximum log file size in megabytes Additionally, the default value is 512 MB.

Registration mode

  • r, –circular: New events overwrite older ones when the maximum file size is reached.
  • m, –multi-file: A new file is created when the maximum file size is reached.

pktmon stop

Stops the package monitoring and displays the results.

pktmon format log.etl [-o log.txt]

Converts the log file to text format.

pktmon unload

Stop the PktMon driver service and download PktMon.sys. Equivalent to sc.exe stop PktMon.

Conclusion

Ultimately we have seen what it is and how to use sniffer in Windows 10. In addition, this Windows function is very useful for monitoring the network. Similarly, there is no need to use third-party apps. Before saying goodbye, I invite you to see our post about changing the language in Windows Server. Bye!

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How To Configure Slave BIND DNS Server On Ubuntu 20.04

In our previous guide we covered the setup of Master(Primary) DNS Server. Here we'll learn that how to configure slave bind dns server on...

Install Fossil on Linux – An alternative to Git

Hello, friends. In this post, we will talk about a serious alternative to Git. In a few words, we'll show you how to install...

How to backup and restore BCD in Windows 10

Hi! Boot Configuration Data (BCD) is a set of data where the system boot information is stored. In addition, from there the operating systems...

How To Install and Configure Master BIND DNS Server On Ubuntu 20.04

Today we are going to learn that how to install and configure Master BIND DNS server on Ubuntu 20.04. As you all know that...

Diskpart is a very useful tool for managing storage in Windows 10.

Hello! Diskpart is an internal tool included in Windows systems that allows you to manage storage units. Indeed, it is possible to manage internal...
x