Wireshark is a great way to capture network packets, but it's not always practical to use it. In an enterprise environment, at the very least, we need to get a change approved to install the software. Often it is just not possible to get approval to install Wireshark onto a desktop or server. So packet capture isn't possible - or is it?
Windows includes a rarely-used command line tool that has many of the capabilities of Wireshark dumpcap. It's there ready and waiting, on every Windows machine! Let's take a look at how we can use it.
Windows 2000 introduced a command line utility called netsh (network shell). As the name suggests, netsh is a shell environment that provides commands that address network issues. One of the commands it provides is netsh trace, a simple command line packet capture tool.
In the following video ..