Home
How to use the Pktmon.exe Network sniffer tool on Windows 10

How to use the Pktmon.exe Network sniffer tool on Windows 10

October 7, 2021
Packet sniffing is frequently misunderstood as a malicious act, but it isn’t unless malicious intent is present. When network administrators need to troubleshoot something, they often use a network sniffing tool.

For a long time, users on Windows 10 had to rely on third-party network sniffers. This can be concerning not only because it’s a third-party tool, but also because these tools aren’t always free and require some setup.

How to use the Pktmon.exe Network sniffer tool on Windows 10

Pktmon.exe Network sniffer on Windows 10

Follow the steps below to use the Pktmon.exe network sniffer on Windows 10.

  1. Open Command Prompt with admin rights.
  2. By default, you should open to the location ‘C:\Windows\System32’. If it doesn’t, use the command below to move to it.
cd C:\Windows\System32
  1. Run this command to start monitoring the network.
pktmon start
  1. If you’d like to also create a log, you should modify the above command to the following.
pktmon start --etw
  1. Allow the tool to run for however long you require. When you’re finished monitoring the network, use the following command to terminate the tool.
pktmon stop
  1. When you stop the tool, you’ll see a detailed report of what it discovered. Run the following command to view the log, if one was created. The text file’s name can be changed to whatever you want. If there is already a file with that name, it will be overwritten without warning.
pktmon.exe format pktmon.etl -o mylog.txt

How to use the Pktmon.exe Network sniffer tool on Windows 10

Other Commands

Do the following to see a list of all supported commands for Pktmon.exe:

  1. Open Command Prompt with admin rights.
  2. Run the following command.
pktmon help

The following is what you will receive. You can also modify the Start command and use it to monitor a specific port, among other things, in addition to these commands. You’ll need to research the various switches that can be used with it.

  • filter Manage packet filters.
  • comp Manage registered components.
  • reset Reset counters to zero.
  • start Start packet monitoring.
  • stop Stop monitoring.
  • format Convert log file to text.
  • unload Unload PktMon driver.

Conclusion

This is a brand-new tool that is completely safe to use. You can analyze the traffic using the logs it generates with other apps, or you can get creative with the filters you use when you first start monitoring. The tool is far from lacking in features. Its only drawback right now is that it’s a command-line tool with no GUI counterpart.

Related Articles