Capturing network traffic using NETSH

With Windows 7 and 2008 Server R2, network traffic can be captured using the NETSH command.  Within an elevated command prompt, enter the following command:

netsh trace start capture=yes tracefile=c:\yourcapture.etl

To stop the capture process, use the command:

netsh trace stop

A .ETL file should be present within the path specified.

The file can be viewed within Microsoft’s Network Monitor application.  With version 3.4, the details of each packet would not display correctly.  To solve this problem, change the Parser Profile from the Default value to Windows.