Windows Command Prompt - cmd
Capture
(1)
Without Filter
netsh trace start capture=yes maxSize=512 tracefile=C:\capture.etl
netsh trace stop
(2)
With Filter
netsh trace start capture=yes maxSize=512 IPv4.Address=X.X.X.X tracefile=C:\capture.etl
netsh trace stop
Convert
etl2pcapng.exe capture.etl capture.pcapng
Convert Link: github.com/microsoft/etl2pcapng
first post. wish me many more :)
ReplyDeleteI liked the posts, they are helpful as a reference while doing IR.
ReplyDelete