65335: Using netsh to capture network traffic in Windows

use Google Translate

Operating Systems: 

    Last update: Wed, 2020-07-22 09:39


    This article explains how to use the built-in Windows packet capture utility netsh. This integrated tool is available in Windows 7/ Windows Servers 2008R2 and newer.

    This utility may be useful in case using Wireshark is not an option.


    Do the following to collect a packet capture with netsh:

    • Open an elevated command prompt: open the start menu and type CMD in the search bar, then right-click the command prompt and select Run as Administrator.
    • Enter the following command.

      netsh trace start capture=yes tracefile=<location>

      e.g.: netsh trace start capture=yes tracefile=C:\temp\capture.etl

      Tracefile parameter specifies the location of the output files. If you don't specify this parameter, the default location is %LOCALAPPDATA%\Temp\NetTraces\

      Use the following command if you want to specify the IP address of the target device:

      netsh trace start capture=yes IPv4.Address=X.X.X.X

    • Reproduce the issue without closing the command prompt window
    • When completed, run the following command:

           netsh trace stop

    • Two log files will be created: .cab and .etl. File location will be displayed in command prompt window after data collection is finished.

    • Send the network capture logs to Acronis Customer Central or upload to FTP server as instructed by Acronis Support team representative. Please provide the IP address of the source and target device.