Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Learn Pktmon: Windows 10's built-in network monitoring tool
A packet monitor, or network monitor, is a program that allows you to track the network traffic that travels through your computer's network devices down to the level of individual packets.
Pktmon: Windows 10's built-in network monitoring tool
When released, Pktmon only supported the Event Trace Log (ETL) format, a proprietary log format created by Microsoft. Later, Microsoft added support for PCAPNG log files and real-time monitoring, which we will learn about in this article.
To use Pktmon, you need to launch Command Prompt with admin rights on Windows 10, as the program requires admin rights. Then you can get instructions on how to use the program by typing pktmon help in Command Prompt.
To get more help instructions on a particular command, you can enter pktmon [command] help . For example, to view the documentation on the "comp" command , you would type:
pktmon comp help 
For each sub-command, you can continue to use the help function to see its instructions, for example:
pktmon comp list helpUsing the built-in help feature is a great way to learn how to use Pktmon, and all users should check out the documentation before using the program.
How to use the Pktmon network monitoring tool
Compared with a network monitoring tool with a graphical user interface, the Pktmon command line interface takes longer to get used to it.
Before you can track packets, you first need to create a filter using the command add pktmon filter, which specifies the traffic you want to track.
For example, you can monitor all network traffic on your network with the command:
pktmon filter add -i 192.168.1.0/24. or monitor DNS traffic with:
pktmon filter add -t UDP -p 53Again, the article recommends that you review the pktmon filter add help documentation to learn how to create filters.
For this example, I've created a filter to track DNS traffic as described above. To see filters made to monitor traffic, you would enter the command:
pktmon filter list 
To start monitoring DNS traffic on all network interfaces and displaying activity in real time, you would use the following command:
pktmon start --etw -p 0 -l real-timeNote that the example used the -p 0 argument , so it captures the entire packet. You can also specify a specific network interface to monitor using the -c argument followed by the interface's index ID. To get a list of network interfaces and index ID (ifIndex), you can use the command:
pktmon comp listWhen you start monitoring traffic, you should see captured DNS packets displayed in real time in the Command Prompt, as shown below.
When you're ready to stop traffic monitoring, press Ctrl + C . When done, there will be the PktMon.etl log file created in the directory where you ran Pktmon.
Unfortunately, ETL files are not a good choice as many applications don't support them. You can convert the ETL file into a PCAPNG file with the command pktmon pcapng . For example, to convert PktMon.etl to a PCAPNG file named PktMon.pcapng , type the following command:
pktmon pcapng PktMon.etl -o PktMon.pcapngAfter the log file is converted to PCANPNG format, you can load the file into a program like Wireshark to get detailed information about each DNS request.
As you can see, Pktmon is an extremely powerful tool, allowing you to gain insight into the type of traffic flowing through your network.
Also, Pktmon can be tricky to use, so it's a good idea to familiarize yourself with the help documentation before running the command.
Kareem WintersYou should read it
- 5 best Cisco network device monitoring tools
- 5 useful network monitoring tools
- Top 10 best bandwidth monitoring software
- Best SNMP monitoring software
- 5 best IT infrastructure monitoring tools
- Learn about Microsoft Network Monitor tool - part 1
- Learn about the management and monitoring functions of Resource Monitor tool
- Data analysis with Network Monitor
May be interested
- Top 10 best bandwidth monitoring software
monitoring network bandwidth is very important. it helps users understand what's going on within their network. - Best Linux monitoring tool & softwarelike windows, the infrastructure that runs on linux must also be monitored, which is why today tipsmake.com summarizes the best monitoring tools and software available today.
- Use Wireshark to analyze data packets in the networkwireshark, also known as ethereal, this tool is probably not so strange to most of our users, which is considered one of the network data analysis applications, with monitoring and monitoring capabilities. real-time monitoring of packets, accurate display of user reports via the interface is simple and user-friendly.
- Learn Resource Monitor tool in Windows Server 2012the resource monitor is a great tool to determine which programs or services are using resources such as programs, applications, network connections, and memory.
- 6 leading Exchange Server monitoring softwarethe following article will look at some of the best exchange server monitoring tools to help you monitor server health, mailbox size (mailbox), limits and more.
- Learn About Windows Maintenance Tool: Free Tool That Solves the Most Common Windows Problems Easilywindows has powerful built-in command line troubleshooting tools. the windows maintenance tool simplifies things by consolidating these tools into one easy-to-use menu.
- 3 best system monitoring tools for Ubuntuif you are using ubuntu, system monitoring tools will help detect any corrupted errors or services before they affect users.
- 5 best IT infrastructure monitoring toolsit infrastructure monitoring tools and software are very important in tracking today's complex and rapidly growing network systems.
- Hanoi Telecom launches an anti-network attack solutionon august 6, vncs vietnam cybersecurity technology joint stock company (hanoi telecom) introduced a centralized monitoring solution (vncs web monitoring) to detect network attacks promptly and take real-time alerts.
- All about Nmapwhile there are many advanced monitoring tools that can help network administrators in port scans and detect network vulnerabilities, nmap is still considered a standard tool. why is that?
Windows 10
- Try Disk Usage, a new tool to analyze hard drive space on Windows 10
- How to check if Modern Standby is connected or disconnected in Windows 10
- How to batch delete files on Windows 10
- How to clean and recover space on C drive Windows 10
- How to allow / deny an application access to the file system in Windows 10
- How to show the Taskbar on all monitors in a multi-monitor setup
Try Disk Usage, a new tool to analyze hard drive space on Windows 10
How to check if Modern Standby is connected or disconnected in Windows 10
How to batch delete files on Windows 10
How to clean and recover space on C drive Windows 10
How to allow / deny an application access to the file system in Windows 10
How to show the Taskbar on all monitors in a multi-monitor setup