How to use the Pktmon.exe Network sniffer tool on Windows 10
Packet sniffing is often seen as a malicious action, but it isn’t unless there is malicious intent behind it. A network sniffing tool is often useful to network admins when they have to troubleshoot something.
On Windows 10, users have had to rely on third-party network sniffers for a long time. Not only can this be a cause for concern, given it’s a third-party tool, but these tools aren’t always free and require some setting up.
Pktmon.exe Network sniffer on Windows 10
To use the Pktmon.exe network sniffer on Windows 10, follow the steps below.
- Open Command Prompt with admin rights.
- By default, you should open to the location ‘C:\Windows\System32’. If it doesn’t, use the command below to move to it.
cd C:\Windows\System32
- Run this command to start monitoring the network.
pktmon start
- If you’d like to also create a log, you should modify the above command to the following.
pktmon start --etw
- Allow the tool to run for as long as you need it to. When you’re done monitoring the network, you can stop the tool with the following command.
pktmon stop
- When you stop the tool, you will see a complete report of what the tool has found. To view the log, if you created one, run the following command. You can change the name of the text file to anything you like. If a file by that name already exists, it will be overwritten without warning.
pktmon.exe format pktmon.etl -o mylog.txt
Other Commands
To view all supported commands that Pktmon.exe can run, do the following;
- Open Command Prompt with admin rights.
- Run the following command.
pktmon help
You will get the following. In addition to these commands, you can also modify the Start command and use it to monitor a particular port, among other things. You will have to read up on the switches that can be used with it.
- filter Manage packet filters.
- comp Manage registered components.
- reset Reset counters to zero.
- start Start packet monitoring.
- stop Stop monitoring.
- format Convert log file to text.
- unload Unload PktMon driver.
Conclusion
This is a new tool, and it’s safe to run. You can use the logs it creates with other apps to analyze the traffic, or you can get creative with the filters that you use when you begin monitoring. The tool is by no means low on features. Its only downside at this point is that it’s a command-line tool that has no GUI alternative.