Hi Everyone,

I am trying to find a way to capture network packets though the CLI on a remote host on Windows2008 and Windows7 machines without RDPing into the remote machine.

Locally, I use something like: netsh trace start capture=yes report=no tracefile=c:\temp\cap1.etl maxsize=2000 IPv4.Address=10.1.72.213

Is there some way to target a different machine with the trace command? When I do a "set machine name=hostname", the capability to perform trace seems to go away.

Or as an alternative, is there some way to do it through Powershell? Or Netmon?

I am thinking that the capability exists, so what am I missing? Any suggestions would be greatly appreciated.  

Thanks, CharlieDeL

Hi CharlieDeL,

We can use the command line capture tool nmcap to capture the network traffic.

Then we can use the powershell to excute the nmcap remotely.

For detailed information about how to use nmcap, please refer to the link below:

http://blogs.technet.com/b/netmon/archive/2006/10/24/nmcap-the-easy-way-to-automate-capturing.aspx

Best Regards.

Hi Steven,

Sorry, but I didn't make my question clear enough. I have 1,000s of potential capture candidates. I am looking to perform the captures without having to install additional code on all of these boxes. Unless I am missing something, it looks like that using nmcap would require that Netmon be installed on the target machine. I was interested in netsh because it is already natively installed along with Windows.

Are you aware of a way to remotely capture without having to install additional code on the target box?

  Thanks, CharlieDeL

Hi CharlieDel,

>>Are you aware of a way to remotely capture without having to install additional code on the target box?

Yes. If you want to use netsh command, it' OK.

Powershell can excute any command line remotely.

For detailed information, please refer to the link below,

https://technet.microsoft.com/en-us/magazine/ff700227.aspx

Best Regards.