Friday, February 9, 2018

PowerShell NetEventPacketCapture

PowerShell has an option available to capture network traffic.  To view the list of available provider parameters, use the following command:

logman query providers

image

The Select-String cmdlet can be used to search within the list.

logman query providers | select-string smb

image

https://blogs.technet.microsoft.com/networking/2017/12/12/wnv-deep-dive-part-3-capturing-and-reading-virtualized-network-traffic/

https://docs.microsoft.com/en-us/powershell/module/neteventpacketcapture/?view=win10-ps

https://4sysops.com/archives/capture-network-traces-with-the-powershell-module-neteventpacketcapture/

https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/12/packet-sniffing-with-powershell-getting-started/

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.