Packet Monitor or Packetmon is a network diagnostics tool that was first released in Windows 10 and Windows Server 2019 version 1809 (October 2018 update).
With the Windows 10 May 2020 update, Microsoft has enhanced the capabilities of this super useful tool to help users pinpoint common network issues.
On a misconfigured Windows 10 PC, internet connectivity issues are often unavoidable. The internet is in itself a complex infrastructure involving billions of PCs, routers, and switches exchanging data between two or more endpoints.
As the network gets more and more complicated and congested, the new infrastructure requires a more comprehensive network diagnostics approach.
Introducing Packet Monitor!
Packet Monitor (PacketMon) is an in-box cross-component network diagnostics tool for Windows. It can be used for packet capture, packet drop detection, packet filtering and counting. The tool is especially helpful in virtualization scenarios like container networking, SDN, etc. It is available in-box via pktmon.exe command, and via Windows Admin Center extensions.
Microsoft
Capabilities:
- Packet capture at multiple locations of the networking stack
- Packet drop detection, including drop reason reporting
- Runtime packet filtering with encapsulation support
- Flexible packet counters
- Real-time on-screen packet monitoring
- High volume in-memory logging
- Microsoft Network Monitor (NetMon) and Wireshark (pcapng) compatibility
Limitations:
- Supports Ethernet only
- No Firewall integration
- Drop reporting is only available for supported components
Where can I find Packet Monitor?
You can find the packet sniffing tool under the System folder on your Windows 10 PC.
1. On your keyboard, press Windows + R to open the Run window.
2. Type C:\Windows\System32 and hit enter on the keyboard
Once the file explorer opens , search for pktmon and the search results appear.
How to run PktMon – Packet Monitor
Okay, now it is time for you to check and see how this tool works.
Go to Start and type ‘cmd’
Right click on Command Prompt from the results and select ‘Run as admin’
This will open the cmd prompt window with admin rights.
Type ‘pktmon’ and hit enter
This will execute the packet monitor tool and list all the commands that can be used in combination.
Let us add a filter that will listen to traffic on Port 443 (HTTPS) and log this report in a text file.
Type the commands on after the another and hit enter on each one.
pktmon filter add -p 443 (adds a filter on Port 443 – SSL)
pktmon start –etw -m (start the logging)
Once you are satisfied with the duration of the capture.
Type pktmon stop to terminate the measurement and record the results in a .etl file.
The next steps involve converting the .etl file to a .txt file to be able to open with Notepad editor.
Type pktmon format PktMon.etl -o packetsniffer.txt
The text file is saved to same System32 folder with the name specified above – in our case ‘packetsniffer.txt’
C:\WINDOWS\system32\packetsniffer.txt
This file can be simply viewed using the simple Notepad editor.
If you want to explore pktmon and the associated commands,
you can type pktmon {command_name} help
For example pktmon start help
That’s all.
Source: Microsoft