Windows 10:- Sniffer/Packet Capture

Posted on
6,209 Points
2 Endorsements
Last Modified:
Experience Level: Intermediate
Edward van Biljon
Experienced Messaging Specialist with a demonstrated history of working in the information technology and services industry.
In this video we show you how you can capture traffic in Windows 10 using a built-in app called pktmon. We also show you how you can convert the ETL created to a txt file so you can easily read the data.

Video Steps

1. Launch CMD

Click the start button and type in cmd and run it as administrator.

2. Run Start Command

In the window type in "pktmon start --etw.

3. Run Stop Command

In the same window, run "pktmon stop". This will stop the capture and create the file in location "C:\Windows\System32\pktmon.ETL"

4. Convert ETL to TXT

In the same window type in, "pktmon format PktMon.etl -o mylog.txt. You can now navigate to the location listed in Step 3 to view the TXT file.
  • 2
LVL 37


by:Andrew Leniart
What an excellent video about a Windows 10 function I had no idea even existed. Thanks for this information Ed. Very useful!


Regards, Andrew
LVL 37


by:Andrew Leniart
In over 20 years of working as an IT Professional fixing computers, I see the same problems posted again and again which can be prevented by just doing some regular maintenance on the Windows operating system. This article explains what you should b…
With the end of support for Windows Server 2008, it has become necessary for organizations to migrate off of this operating system. However, this can be time consuming and problematic for IT departments. This is where being able to upgrade is an adv…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month