{"id":378,"date":"2020-07-15T21:32:30","date_gmt":"2020-07-15T21:32:30","guid":{"rendered":"http:\/\/certcent.io\/?p=378"},"modified":"2020-07-15T21:32:30","modified_gmt":"2020-07-15T21:32:30","slug":"getting-started-packet-capturing-on-windows-10-with-pktmon","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2020\/07\/15\/getting-started-packet-capturing-on-windows-10-with-pktmon\/","title":{"rendered":"Getting started packet capturing on Windows 10 with PKTMON"},"content":{"rendered":"<p>This is a very quick and simple packet capture:<br \/>\nCreating a filter (logging PING packets):<br \/>\n<!--StartFragment --><strong>pktmon filter add -t ICMP<\/strong><br \/>\nStarting the ETW logging format:<br \/>\n<!--StartFragment --><strong>pktmon start &#8211;etw<br \/>\n<\/strong>Generating some traffic:<br \/>\n<strong>ping 10.0.3.2<br \/>\n<\/strong>Stopping capture:<br \/>\n<strong>pktmon stop<br \/>\n<\/strong>Formatting capture:<br \/>\n<!--StartFragment --><strong>pktmon format .\\PktMon.etl -o log_icmp.txt<br \/>\n<\/strong>Viewing data:<br \/>\n<strong>14:27:17.599175400 PktGroupId 562949953422528, PktNumber 1, Appearance 1, Direction Tx , Type Ethernet , Component 189, Edge 1, Filter 1, OriginalSize 74, LoggedSize 74 <\/strong><br \/>\n<strong> MACADDRESS &gt; MACADDRESS, ethertype IPv4 (0x0800), length 74: 10.0.3.118 &gt; 10.0.3.2: ICMP echo request, id 1, seq 13724, length 40<\/strong><br \/>\n<!--EndFragment --><br \/>\n<!--EndFragment --><br \/>\n<!--EndFragment --><br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is a very quick and simple packet capture: Creating a filter (logging PING packets): pktmon filter add -t ICMP Starting the ETW logging format: pktmon start &#8211;etw Generating some traffic: ping 10.0.3.2 Stopping capture: pktmon stop Formatting capture: pktmon format .\\PktMon.etl -o log_icmp.txt Viewing data: 14:27:17.599175400 PktGroupId 562949953422528, PktNumber 1, Appearance 1, Direction Tx&hellip; <a class=\"more-link\" href=\"https:\/\/certcent.io\/index.php\/2020\/07\/15\/getting-started-packet-capturing-on-windows-10-with-pktmon\/\">Continue reading <span class=\"screen-reader-text\">Getting started packet capturing on Windows 10 with PKTMON<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/378"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=378"}],"version-history":[{"count":0,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/378\/revisions"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}