HOW TO: Collect Network trace without installing Wireshark on a Windows OS
Article ID: CTX214599
Updated On:
Description
HOW TO: Collect Network trace without installing Wireshark on a Windows OS
With Windows Vista and above, Microsoft operating system has the functionality of ETW (Event Tracing for Windows) introduced which helps capture ETL tracing for specific scenarios. These scenarios are listed using the following command:
c:\> netsh trace show scenarios
Instructions
Start the log collection:
- Run the network trace on the VDA via an RDP connection over an elevated CMD prompt.
c:\> netsh trace start capture=yes tracefile=c:\net.etl persistent=yes maxsize=4096
capture =yes (ensures network trace is captured)
persistent =yes (specifies whether the tracing session continues across reboots, and is on until netsh trace stop is issued)
tracefile= %LOCALAPPDATA%\Temp\NetTraces\NetTrace.etl(specifies location of the output file, default is present here)
capture =yes (ensures network trace is captured)
persistent =yes (specifies whether the tracing session continues across reboots, and is on until netsh trace stop is issued)
tracefile= %LOCALAPPDATA%\Temp\NetTraces\NetTrace.etl(specifies location of the output file, default is present here)
Stop log collection:
Collect the following files:
- Logon to the VDA and stop the network trace
c:\> netsh trace stop
Collect the following files:
- C:\net.etl -> It is same as a capture file.
- C:\net.cab -> Contains TXT files with the report and a report.etl which is same as net.etl
c:\net.etl could be viewed in Microsoft Network Monitor 3.4 OR Microsoft Message Analyzer.
Environment
Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.
Issue/Introduction
HOW TO: Collect Network trace without installing Wireshark on a Windows OS
Additional Information
While reviewing the traces in Microsoft Network Monitor 3.4, you might not see all the packets due to incorrect parser profile.
BEFORE:
CHANGE PARSER PROFILE:
AFTER:
Post correcting the Parser profile for the Microsoft Network Monitor 3.4, we could see that we had this as a DNS packet which we managed to capture in the trace without installing Wireshark.
BEFORE:
CHANGE PARSER PROFILE:
AFTER:
Post correcting the Parser profile for the Microsoft Network Monitor 3.4, we could see that we had this as a DNS packet which we managed to capture in the trace without installing Wireshark.
Was this article helpful?
Yes
No
Powered by
