Windows 10:- Sniffer/Packet Capture

Posted on
6,213 Points
2 Endorsements
Last Modified:
Experience Level: Intermediate
Edward van Biljon
Experienced Messaging Specialist with a demonstrated history of working in the information technology and services industry.
In this video we show you how you can capture traffic in Windows 10 using a built-in app called pktmon. We also show you how you can convert the ETL created to a txt file so you can easily read the data.

Video Steps

1. Launch CMD

Click the start button and type in cmd and run it as administrator.

2. Run Start Command

In the window type in "pktmon start --etw.

3. Run Stop Command

In the same window, run "pktmon stop". This will stop the capture and create the file in location "C:\Windows\System32\pktmon.ETL"

4. Convert ETL to TXT

In the same window type in, "pktmon format PktMon.etl -o mylog.txt. You can now navigate to the location listed in Step 3 to view the TXT file.
  • 2
LVL 37


by:Andrew Leniart
What an excellent video about a Windows 10 function I had no idea even existed. Thanks for this information Ed. Very useful!


Regards, Andrew
LVL 37


by:Andrew Leniart
This article covers various ways how to troubleshoot and fix display issues on a Windows Laptop when presenting in the office. Additionally, these steps are for those who have never troubleshooted a projector in their organization  and immediately c…
Generally, a Service Code of SC899-00 will be caused by incorrect drivers on a Windows computer.  Ensuring you have correct drivers installed and are not using Microsoft IPP Class Drivers and are not using a WSD port, are the most common solutions. …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month