First thing that come to mind for packet capturing in Wireshark or tcpdump. In this tutorial we will be capturing packet on Windows 10 machine without any external tool installed. Microsoft is shipping PktMon utility with Windows 10 since 2018. It is gradually receiving updated and getting better as time moves on. Pktmon is a Windows Command Line Packet Capture utility. Getting started is fairly easy.
Open Windows Command Line with Administrator privileges.
A user need to specify its desired filter. Only packet matching this filter will be recorded.
Start the capture.
End the capture.
Convert, if desired.
Check if Pktmon is present on your machine by simply typing pktmon on elevated command shell.
-p 0 capture packet of minimum 0 (zero) size (all packets), default is 128 bytes.
-f ETL capture file location.
-l Logging mode, real-time verbose log on command line.
When you are done capturing press Ctrl + c. This will stop the capture and file is generated. Pktmon create files in ETL format, a windows propitiatory format. But it provides a mechanism to covert ETL format into PCAPNG format. By which converted file can be open in Wireshark or open online in Packet Total type utilities for further analysis.
pktmon pcapng e:\capture.etl -o e:\capture.pcapng
Specify the input etl file and output pcapng file.