Computer and IT knowledge - things to know
pktmon is a build in packet sniffer for windows. It is available via the pktmon.exe command, and via Windows Admin Center extensions.
commands:
- pktmon start help
- pktmon counters help
#run a realtime sniffing session
- pktmon start --etw --log-mode real-time
#save sniffing to file:
pktmon start -c --comp 12 --pkt-size 0 -f cap1.etl
#convert etl format to wireshark
pktmon etl2pcap cap1.etl --out cap1.pcapng
#see also
https://www.securitynik.com/2020/08/beginning-packet-capturing-with-windows.html
https://majornetwork.net/2023/05/capturing-packets-on-windows-with-packet-monitor-pktmon/ computer2know :: thank you for your visit :: have a nice day :: © 2025