Network Tracing Awesomeness

Published on Thursday, January 6, 2011 in ,

This is going to be a short one: believe it or not, but there’s an alternative to installing Wireshark (or at least winpcap) on all your servers when troubleshooting network related issues. It actually has been out there ever since Windows 7 and Windows 2008 R2 came out. Using “netsh trace start capture=yes” you can start capturing network traffic. Simply execute “netsh trace stop whenever you are ready. The result is an .etl file you can open using network monitor 3.2 or later. Awesome #1: no need to install anything!

But it doesn’t stops there: using “netsh trace start capture=yes persistent=yes” tracing will even continue after a reboot. So as soon as the network interface starts communicating, traffic will be captured! Awesome #2: capturing information during the boot process of a server!

Some screenshots:



Some additional information to get you started: http://blogs.technet.com/b/netmon/archive/2009/05/13/event-tracing-for-windows-and-network-monitor.aspx

But it doesn’t stops here! IE 9, currently in beta, has a new addition too: a built-in network trace utility! In fact it provides (some?) of the functionality Fiddler provides. I am not that experienced with Fiddler, so I don’t know how to compare them feature-wise, but It’s definitely useful having this built-in. Checking it out for sure!

To start using it: Press F12 –> Network –> Start Capturing


P.S. I am by no means saying you should ditch Wireshark/ Fiddler for Netsh Trace/ IE 9 network tracing.  But I think they are great tools to have in your toolbox!

Happy Tracing, Happy New Year!

Related Posts

1 Response to Network Tracing Awesomeness

20 December, 2011 06:47
This comment has been removed by a blog administrator.

Add Your Comment