Home windows 7 Capturing network traffic using the netsh command for the Windows Filtering Platform

Capturing network traffic using the netsh command for the Windows Filtering Platform

By
Saturday, September 07, 2013
Read
Add Comment

The Windows Filtering Platform (WFP) is a new architecture that debuted in Windows Vista and Windows Server 2008.  Microsoft added a diagnostic tool for the Windows Filtering Platform in Windows 7 and Windows Server 2008 R2.  To capture network traffic, launch an elevated command prompt and use the following command:

netsh wfp capture start 

To stop the capture, use the command:

netsh wfp capture stop

 netsh_wfp_1

Within the .cab output file, two files should be present.

netsh_wfp_2

Within the .XML file, details of the network traffic should be present.  The example below is a ping to the IP address of 8.8.8.8.

netsh_wfp_3

Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us