Home > Random Talk, Tech, windbg > How to monitor/trace Windows Network Activity

How to monitor/trace Windows Network Activity

October 18th, 2010

Sometimes you really need to know what is going on under the hook of windows network stack, why DNS is not resolving, why you always get 404 etc. Windows actually provides a very powerful infrastructure to allow trace through

What you need:
1. Windows Performance Analysis Tools (google it, or here)
2. Open cmd windows under admin permission.
3. Do “netsh trace start scenario=internetclient capture=yes persistent=yes”
4. Perform the activities you want to investigate.
5. “netsh trace stop” to stop the tracing.

It will have a ETL file generated, in my example : C:\Users\myusername\AppData\Local\Temp\NetTraces\NetTrace.etl

And open this using Microsoft® Windows® Performance Analyzer, take a look and have fun!

Screenshot from ETL viewer

Screenshot from ETL viewer

Categories: Random Talk, Tech, windbg Tags:
Comments are closed.