Windows 10:- Sniffer/Packet Capture

Posted on
6,208 Points
2 Endorsements
Last Modified:
Experience Level: Intermediate
Edward van Biljon
Experienced Messaging Specialist with a demonstrated history of working in the information technology and services industry.
In this video we show you how you can capture traffic in Windows 10 using a built-in app called pktmon. We also show you how you can convert the ETL created to a txt file so you can easily read the data.

Video Steps

1. Launch CMD

Click the start button and type in cmd and run it as administrator.

2. Run Start Command

In the window type in "pktmon start --etw.

3. Run Stop Command

In the same window, run "pktmon stop". This will stop the capture and create the file in location "C:\Windows\System32\pktmon.ETL"

4. Convert ETL to TXT

In the same window type in, "pktmon format PktMon.etl -o mylog.txt. You can now navigate to the location listed in Step 3 to view the TXT file.
  • 2
LVL 35

Expert Comment

by:Andrew Leniart
What an excellent video about a Windows 10 function I had no idea even existed. Thanks for this information Ed. Very useful!


Regards, Andrew
LVL 35

Expert Comment

by:Andrew Leniart
In part one of this two-part series, I'm going to explain in layman's terms what a VPN is, what it can and can't do for you, and how it works. In part two (coming soon), I will compare two or more popular VPN services and describe which one I believ…
With a new boss, who uses a MAC instead of a Windows box, I needed to get up and running on a MAC quickly.  But I felt lost without my Windows programs, so ...

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month