I'm trying to capture some traffic using netsh but I'm not getting the data I'm looking for, so I hope someone can help me out. Unfortunately, I can NOT add programs on to any of th systems I'm working with, and I don't have access to Message analyzer. I have used the following commands:
netsh trace start capture=yes ipv4.address=x.x.x.x tracefile=filename.etl
netsh trace start capture=yes provider=Microsoft-Windows-NDIS-PacketCapture level=5 tracefile=filname.etl
The captures run fine. I attemptet to look at them several ways. I converted to a csv with netsh dump, and I imported the data into powershell with Get-winevent. The data is very vague and doesn't have information like destination ip, just messages like "Packet fragment (54 bytes)". All examples I see online have actual data like IP's and ports. What am I doing wrong?
No comments:
Post a Comment