Development

How to Use Netsh to Monitor Network Traffic on Windows

Captain Salem 2 min read

How to Use Netsh to Monitor Network Traffic on Windows

Network Shell, commonly known as Netsh, is a command-line tool in Windows that allows administrators to configure and manage various networking components, such as network interfaces, IP addresses, DNS servers, and more. It is included in all modern versions of Windows and can be accessed through the Command Prompt or PowerShell.

Netsh is a command-line tool used to manage and troubleshoot network configurations on Windows. It can also monitor network traffic by capturing packets and displaying statistics.

This tutorial teaches you how to use the Windows Netsh command to monitor network traffic and export it to an external file for later use and analysis.

How to Access the Network Shell

In Windows, we can access netsh using the Command Prompt or Windows PowerShell.

Open Command Prompt with administrative privileges. Click on the Start menu, type cmd, right-click on Command Prompt, and select “Run as administrator.”

In the command prompt, you can open the network shell by running the command:

netsh

This should open the netsh prompt and allow you to configure networks:

netsh>

Netsh Monitor Network Traffic

To start monitoring network traffic in the netsh utility, run the command below:

netsh> trace start capture=yes

Press Enter. This will start capturing network traffic.

Example command output:

Trace configuration:
-------------------------------------------------------------------
Status:             Running
Trace File:         C:\Users\csalem\AppData\Local\Temp\NetTraces\NetTrace.etl
Append:             Off
Circular:           On
Max Size:           512 MB
Report:             Off

Wait for some time to capture enough traffic, and then run the command:

netsh> trace stop

This will stop the capture.

Example output:

Merging traces ... done
Generating data collection ... done
The trace file and additional troubleshooting information have been compiled as "C:\Users\csalem\AppData\Local\Temp\NetTraces\NetTrace.cab".
File location = C:\Users\csalem\AppData\Local\Temp\NetTraces\NetTrace.etl
Tracing session was successfully stopped.

Convert ETL File to Wireshark Capture

In order to read and analyze the captured traffic, we need to convert the etl file to a .cap file as shown in the command below:

trace dump tracefile.etl -o capture.pcap

You can now open the capture.pcap file in Wireshark or other network analysis tool to view the network traffic.

Conclusion

In this tutorial, you learned how you can use the Windows netsh utility to capture network traffic and export it to an external file for later use.

We hope you enjoyed this tutorial. Feel free to comment below and let us know your thoughts.

Share
About the author
Captain Salem

Captain Salem

Reverse engineering all the complex functions into smaller, easy to digest components for your benefit. Basement Monkey & Nerd!
View all
Comments
More from Cloudenv

Cloudenv

Developer Tips, Tricks and Tutorials.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Cloudenv.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.