netsh trace抓包结合microsoft network monitor 进行分析

According to Microsoft “Windows 7 also includes Unified Tracing to help identify and resolve network connectivity issues in a single tool. Unified Tracing collects event logs and captures packets across all layers of the networking stack, providing an integrated view into what’s happening in the Windows 7 networking stack and aiding analysis and problem resolution.”

What that says is that under the auspices of one analytical tool, you can get information about the network and other connectivity issues. It can collects network-related event logs and provide captures packets across all network layers.

To perform Unified Tracing, you need the Netsh command line command, and the Network Monitor tool, which can be downloaded from Microsoft. (See sources below)
 

Part 1 Unified Tracing – Download the Network Monitor Tool:

Let us start with the Network Monitor tool, since this is a powerful tool that will be used to make the analysis. Microsoft Network Monitor 3.3 tool is used to capture and  perform protocol analysis of network traffic.

Download and install the version that is right for your system. There is an Itanium version (6.2 MB), a 64 bit version (5.2 MB), and a 32 bit version (5.0 MB).

Installing Microsoft Network Monitor 3.3

Installing Microsoft Network Monitor 3.3

 

Microsoft Network Monitor 3.3

Microsoft Network Monitor 3.3

Now you are ready to load the etl file created with the Netsh command.

Part 2 Creating the etl file using Unified Tracing

First open the command prompt

Click Start then select Run

Click Start then select Run

CMD

CMD

 An etl file will be created from the Netsh command. It will subsequently uploaded into the Network Monitor Tool. 
 

Run the the Netsh Command

The netsh command is used for the unified tracing operation available in Windows 7. You can use the Netsh.exe tool to perform the following tasks:

  1. Configure routes.
  2. Configure filters.
  3. Configure routing protocols.
  4. Configure interfaces.
  5. Display the configuration of a currently running router on any computer.
  6. Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service.
  7. Use the scripting feature to run a collection of commands in batch mode against a specified router.

The syntax for the Netsh.exe tool is:
netsh [-r router name] [-a AliasFile] [-c Context] [Command | -f ScriptFile]
To learn how to use Netsh with its switches and parameters, type the context name followed by a space and a ? at the netsh> command prompt. Netsh /?. Or to display a list of subcontext and commands that can be used in the interface context, type Netsh Interface / ?

 

Netsh command: Netsh /? To view the switches and Parameters

Netsh command: Netsh /? To view the switches and Parameters

Example #1
To see an example of Netsh

 

“] netsh interface ip show config  [This is similar to the netconfig command]

netsh interface ip show config [This is similar to the netconfig command

Example #2 Netsh to trace network connections

Run the following command
Netsh trace start scenario = InternetClient tracefile=Windows7News.etl

 

 

netsh trace start scenario = InternetClient tracefile = Windows7News.etl

netsh trace start scenario = InternetClient tracefile = Windows7News.etl

To stop the trace type: Netsh trace stop

Part 3: Launch Microsoft Network Monitor

Open Microsoft Network Monitor and select file -> open -> capture -> msn.etl (in the folder that it was created saved in.)

Network Conversations - Details of Windows7News.com trace

Network Conversations – Details of Windows7News.com trace

This will show the network trace to the Windows7News.com site. The network monitor tool breaks down the activity frame by frame.  Here are some of the features available in the tool.

  • Frame Comments
  • API Extensions
  • Autoscroll
  • Right-Click Add-to-Alias
  • Tunnel Capture Support
  • WWAN Capture Support
  • Experts Available Online
  • Right-Click Go-to-Definition 

You can also create a capture on the local computer network.
Go to New Capture -> Press Start (F5)

 

Using the Capture command to Identify Local Network Operations
Using the Capture command to Identify Local Network Operations

The network monitor tool works with Netsh to provide information about network connections. Netsh, the command line tool has many switches and parameters. The GUI interface uses the information created by the netsh operation, an etl file and puts it in readable format in the GUI interface.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值