Saturday, September 7, 2013

Capturing network traffic using the netsh command for the Windows Filtering Platform

The Windows Filtering Platform (WFP) is a new architecture that debuted in Windows Vista and Windows Server 2008.  Microsoft added a diagnostic tool for the Windows Filtering Platform in Windows 7 and Windows Server 2008 R2.  To capture network traffic, launch an elevated command prompt and use the following command:

netsh wfp capture start 

To stop the capture, use the command:

netsh wfp capture stop


Within the .cab output file, two files should be present.


Within the .XML file, details of the network traffic should be present.  The example below is a ping to the IP address of


How to check if Secure Boot is enabled with Windows 8

To determine if the Secure Boot feature is enabled, launch a PowerShell session with local administrative authority and use the following cmdlet:


The possible answers are True, False, or the platform does not support the feature.



Information concerning snapshot files within VMware

Below is a list of files for a Windows 7 virtual machine with VMware Workstation without any snapshot entries present:


Below is an updated list when a snapshot had been created.


Below are the contents of the .vmsd file:


The snapshot list file contains the name of the .vmsn file, the snapshot name, the description, the name of the original disk and subsequent snapshot files.  Below is the contents of the .vmsd file after the snapshot had been deleted.


Monday, September 2, 2013

Network Monitor feature within Firefox and Chrome

Starting with version 23, Firefox includes a network monitoring feature that can be accessed by using the keyboard shortcut combination of Control-Shift-Q or via Tools –> Web Developer –> Network.


Chrome has a similar feature which can be accessed by using the F12 key.


Horizon View Events Notifier

Horizon View Events Notifier is an application that can generate email alerts based on events within the VMware View Events database.


Graylog2 is an open source and free log management application.  It consists of a server written in Java that accepts your syslog messages via TCP, UDP or AMQP, and stores it in the database for later review.


TraceWrangler is an utility currently for the Windows platform that will sanitize WireShark packet capture data.

PowerShell cmdlets to remove Modern applications within Windows 8

A few PowerShell cmdlets are available to remove Modern applications within Windows 8.  Remove-AppxProvisionedPackage will remove an application from the operating system but will not remove the icons from any existing user profiles.  Remove-AppxPackage will remove an application for the user currently logged on.