For a long time, users on Windows 10 had to rely on third-party network sniffers. This can be concerning not only because it’s a third-party tool, but also because these tools aren’t always free and require some setup.
Pktmon.exe Network sniffer on Windows 10
Follow the steps below to use the Pktmon.exe network sniffer on Windows 10.
- Open Command Prompt with admin rights.
- By default, you should open to the location ‘C:\Windows\System32’. If it doesn’t, use the command below to move to it.
cd C:\Windows\System32
- Run this command to start monitoring the network.
pktmon start
- If you’d like to also create a log, you should modify the above command to the following.
pktmon start --etw
- Allow the tool to run for however long you require. When you’re finished monitoring the network, use the following command to terminate the tool.
pktmon stop
- When you stop the tool, you’ll see a detailed report of what it discovered. Run the following command to view the log, if one was created. The text file’s name can be changed to whatever you want. If there is already a file with that name, it will be overwritten without warning.
pktmon.exe format pktmon.etl -o mylog.txt
Other Commands
Do the following to see a list of all supported commands for Pktmon.exe:
- Open Command Prompt with admin rights.
- Run the following command.
pktmon help
The following is what you will receive. You can also modify the Start command and use it to monitor a specific port, among other things, in addition to these commands. You’ll need to research the various switches that can be used with it.
- filter Manage packet filters.
- comp Manage registered components.
- reset Reset counters to zero.
- start Start packet monitoring.
- stop Stop monitoring.
- format Convert log file to text.
- unload Unload PktMon driver.
Conclusion
This is a brand-new tool that is completely safe to use. You can analyze the traffic using the logs it generates with other apps, or you can get creative with the filters you use when you first start monitoring. The tool is far from lacking in features. Its only drawback right now is that it’s a command-line tool with no GUI counterpart.
No Responses