pktmon tools (Network traffic tracking)
| F.A.Q.PktMon is a diagnostic tool available on Windows 10 or higher operating systems. It is short for Packet Monitor and is used to monitor network traffic on a computer. PktMon allows you to analyze the flow of network packets, which can be useful in diagnosing and troubleshooting network problems.
With PktMon, you can track various parameters and information about network packets, such as source and destination addresses, ports, protocols, number of packets, packet size, etc. This can help identify potential network problems, detect invalid packets, analyze network traffic and evaluate network performance.
To use PktMon, you can use the command line or the PowerShell interface. The tool is part of a set of diagnostic tools available on Windows systems and can be used by advanced users, network administrators or network diagnostics specialists to analyze and monitor network traffic on a computer.
In addition, we can convert the PktMon.etl file to the PCAPNG extension (the format used to record captured network packets in the trace file). To do this, type the following command:
pktmon pcapng PktMon.etl -o pktmon.pcapng
To capture real-time network traffic we use the command
pktmon counter --live
Other useful commands:
pktmon filter add -p 53 Dodaje port 53 (TCP/UDP) do listy filtrowania i tylko na tym porcie będzie nasłuchiwał
pktmon filter add -t TCP -p 22 Dodaje tylko port 22 TCP do nasłuchiwania
pktmon filter add -i 172.16.200.185 Nasłuchiwanie pakietów tylko z adresu 172.16.200.185
pktmon filter add -i 172.16.200.185, 8.8.8.8 Nasłuchiwanie pakietów między dwoma adresami 172.16.200.185 oraz 8.8.8.8
pktmon filter add -v 200 Nasłuchiwanie ruchu tylko na vlanie 200
pktmon filter list Wylistowanie wszystkich filtrów
pktmon filter remove Usunięcie aktualnie używanych filtrów
Related Pages: