This is a very quick and simple packet capture:
Creating a filter (logging PING packets):
pktmon filter add -t ICMP
Starting the ETW logging format:
pktmon start –etw
Generating some traffic:
ping 10.0.3.2
Stopping capture:
pktmon stop
Formatting capture:
pktmon format .\PktMon.etl -o log_icmp.txt
Viewing data:
14:27:17.599175400 PktGroupId 562949953422528, PktNumber 1, Appearance 1, Direction Tx , Type Ethernet , Component 189, Edge 1, Filter 1, OriginalSize 74, LoggedSize 74
MACADDRESS > MACADDRESS, ethertype IPv4 (0x0800), length 74: 10.0.3.118 > 10.0.3.2: ICMP echo request, id 1, seq 13724, length 40