Capture a LAN trace using NETSH.EXE

Other Micro Focus TIDs describe how to capture a LAN trace using Wireshark, Ethereal, Sniffer, LANalyzer, or other tools. 

Another method for machines running Windows 7 / Windows 2008 R2 or above is to use the NETSH.EXE application furnished with Windows itself (no additional software is needed).

 

NETSH.EXE can be used to capture a "typical" LAN trace of a problem being experienced after the machine is already running and the user is logged on, or can be configured to capture LAN traffic that occurs as the machine is booting up (a "boot-up" trace).

 

 

1. Open an elevated command prompt (from the Start menu, right-click "Command Prompt" and  select the "Run As Administrator" option). 

2. In the elevated command prompt, execute a command such as:

netsh trace start capture=yes tracefile=<path and name of trace file>.etl

e.g. netsh trace start capture=yes tracefile=tracefile.etl

 

3. Duplicate the problem you are experiencing.

4. In the command prompt where NETSH is running, type

Provide the .etl file to your support engineer for analysis. The .cab file is not generally needed and can be deleted.

 

 

1. Open an elevated command prompt (from the Start menu, right-click "Command Prompt" and select the "Run As Administrator" option).

2. In the elevated command prompt, execute a command such as:

netsh trace start capture=yes tracefile=<path and name of trace file>.etl

e.g. netsh trace start capture=yes persistent=yes tracefile=tracefile.etl

 

3. Restart the workstation. Duplicate the problem you are experiencing.

4. Open an elevated command prompt and run this command:

 

Provide the .etl file to your support engineer for analysis. The .cab file is not generally needed and can be deleted.

More information about available option can be viewed by typing "netsh.exe trace start help".