Can you advise me a network traffic logger for Windows 2008 R2? It expected to be executed as service and gather simple data "source ip/port, dest ip/port, packets size". I have tried to use ETW Tracing with Winsock AFD provider, but it produces enormous size of data, dropping a lot of packets and its hard to analyze resulting ETL log files.
SnapOverflow
Wireshark can be launched from the command line. Then you just create a scheduled task that will start it on boot.
Command lines arguments for wireshark: http://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
Else you could also do port mirroring from the switch on another port to collect data.
Depending on how the network traffic is done, you could use process monitor from Sysinternals. It can log activity since boot directly (option in tools). Network traffic is logged if using windows api. Be sure to "drop filtered entry" and to only log network.
When you will launch again the tool, it will detect it and ask for retrieving the logged entries.
Best product I know of is Microsoft Network Monitor. It's a free download and highly extensible / maintained by Microsoft. I've used most of the others, but I always come back to this one when I need to get something done.
There are also additional parsers on Codeplex, but the built in stuff is pretty robust.
Network Monitor Blog Site
Download Links
Have you looked at netmon? ETW will provide a lot of data but shouldn't drop packets.