Jump to content
Firefox

Windows 10 has a hidden built-in Packet Sniffer 'PktMon'

Recommended Posts

Windows 10 has a hidden built-in Packet Sniffer 'PktMon' that works just like Wireshark and other Packet monitoring tools

Microsoft silently pushed a CLI based Packet sniffer in the October 2018 update in Windows 10. It's called "PktMon" and Windows describes it as a "Packet Monitor". The executable file is located at the path:

C:\Windows\system32\pktmon.exe

The interesting thing is that it can be used as a Packet filtering / monitoring tool just like Wireshark. It doesn't have a GUI yet so you have to operate it from the command-line.

Microsoft still hasn't provided any official instructions on how to use it.

The tool also allows you to generate .etl and .pcapng log files that can be analyzed in other third-party tools as well.

Real-time monitoring feature has also been included in the May 2020 update. It allows you to monitor the traffic to your PC in real-time.

Source: Reddit.com

Share this post


Link to post
Share on other sites

I was aware of the tool but have not used it. Microsoft has had something similar for years now but has never been as capable as some other 3rd party dedicated tools so I've never bothered to spend much time with the Microsoft tools.

Maybe someday they'll actually get much more like a WireShark program

 

Share this post


Link to post
Share on other sites
On 6/3/2020 at 6:03 PM, AdvancedSetup said:

Maybe someday they'll actually get much more like a WireShark program

That would be great.. can't beat WireShark right now, and its free at that, and don't forget three is a portable version too.

Share this post


Link to post
Share on other sites
13 hours ago, Firefox said:

That would be great.. can't beat WireShark right now, and its free at that, and don't forget three is a portable version too.

It's only partially portable; it still has to load a driver, right?

Share this post


Link to post
Share on other sites
1 hour ago, exile360 said:

It's only partially portable; it still has to load a driver, right?

Not sure to be honest, I had not ran the portable version in quite some time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.