I have an apparently simple issue which is proving very difficult to find an answer for.
The site has a highly-secured Windows Server 2019 installation and an appliance connected to it running on a certain TCP port.
I need a sample of the raw data coming out of that port, taken for a few minutes, dumped into a binary file. It needs to be as raw as possible (i.e. it needs to resemble what we would read from the TCP stream when we would connect to that same port from a local .NET application).
It is highly preferable to use only built-in Windows tools for this (i.e. netsh
), but worst-case windump
or telnet
are also fine.
Yes, you can do that with netsh:
Run this command as admin:
then, stop the capture with
netsh trace stop
and grab the.etl
file.Download etl2pcapng on your computer, and use it to convert the .etl file in the pcapng format:
etl2pcapng.exe in.etl out.pcapng
Finally, open the pcapng file with Wireshark or similar.
Note that if the server runs at least Windows Server 2019 Update 2004, you can use pktmon too.