These filters can be created by using the pktmon filter add -p command for each port we want to monitor. We then need to create two packet filters that tell Pktmon what traffic to monitor, which in our example will be the traffic on TCP ports 20 and 21. To do this, we first need to launch a Windows 10 elevated command prompt as Pktmon requires administrator privileges. Unfortunately, diving into the full feature set of Pktmon is outside of the scope of this article, but we wanted to show you a basic example of how you can use the tool.įor our example, we will use Pktmon to monitor FTP traffic from the computer it is run on. We have also provided an example in the next section to help you get started.
To learn how to use Pktmon, I strongly suggest you read through the help documentation and play around with the program. Similar to the Windows 'netsh trace' command, it can be used to perform full packet inspection of data being sent over the computer. This program has a description of "Monitor internal packet propagation and packet drop reports", which indicates it is designed for diagnosing network problems. With the release of the Windows 10 October 2018 Update, Microsoft quietly added a new network diagnostic and packet monitoring program called C:\Windows\system32\pktmon.exe. Built-in packet sniffer comes to Windows 10
This all changed when Microsoft released the October 2018 Update as now Windows 10 comes with a new "Packet Monitor" program called pktmon.exe. While Linux users always had the tcpdump tool to perform network sniffing, Windows users have had to install third-party programs such as the Microsoft Network Monitor and Wireshark. This can be used by network administrators to diagnose networking issues, see what types of programs are being used on a network, or even listen in on network conversations sent via clear text. Microsoft has quietly added a built-in network packet sniffer to the Windows 10 October 2018 Update, and it has gone unnoticed since its release.Ī packet sniffer, or network sniffer, is a program that monitors the network activity flowing over a computer down to an individual packet level.
0 kommentar(er)
