Remote Packet Capture - Windows
Remote host packet capture:
Enter-PSSession -ComputerName HOSTNAME -Credential USERNAME
netsh trace start capture=yes maxsize=512 filemode=circular overwrite=yes report=no correlation=no Ethernet.Type=IPv4 IPv4.Address=146.70.24.173
Script to convert to PCAP:
$s = New-PefTraceSession -Path “C:\Users\EXAMPLE\AppData\Local\Temp\NetTraces\capture.cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\Users\EXAMPLE\AppData\Local\Temp\NetTraces\NetTrace.etl”
$s | Start-PefTraceSession
No Comments