Hi everyone. I am attempting to capture some traffic on host using netsh trace and am running into an issue. The traffic I'm trying to capture is sporadic so I need to let the trace run, but also can't let it get too large. Here is the command I am using:
netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=x.x.x.x tracefile=<path>
While this is running, the trace file grows continuously, even when no traffic involving that address is ocurring. I let it run for approximately 5 hours yesterday, and it was filled with rows of "ETW" events. I don't want anything else except the traffic involving a specific address. Any help would be greatly appreciated.
No comments:
Post a Comment