/pktmon-quick-reference

A Quick Reference Card for PKTMON the built-in Windows 10 packet sniffer

Creative Commons Zero v1.0 UniversalCC0-1.0

pktmon Quick Reference Card

A Quick Reference Card for PKTMON the built-in Windows 10 packet sniffer

Recently Bleeping Computer explored "pktmon", the hidden packet sniffer in Windows 10. https://www.bleepingcomputer.com/news/microsoft/windows-10-quietly-got-a-built-in-network-sniffer-how-to-use/

Microsoft has released some documentation announcing pktmon (2020-05-22): https://techcommunity.microsoft.com/t5/networking-blog/introducing-packet-monitor/ba-p/1410594

While pktmon is not much different from the old "netsh trace" common (both produce ETL files, not PCAP files), Bleeping Computer pointed out that the Windows 10 May 2020 update will include PCAPNG support.

With this in mind I realized that I would find pktmon a convenient tool. It's built-in, allows the conversion of ETL to PCAP and that means it would be simpler than installing Wireshark in many cases.

I also realized that I wasn't going to use it often enough to memorize how to use it. So I created a quick reference.

I welcome your feedback and suggestions for improvement!

I also did a YouTube Live stream for my friends where I explored its features: https://youtu.be/1sJSKWkhh7k