Network tracing with netsh (command line)

# first, make a local directory:
mkdir c:\temp

# run 'netsh help' or 'netsh trace help' to get help for topcs

netsh trace start <options>
...
do something
....
netsh trace stop  (this is very slow, and will cost 100 percent of CPU)

netsh help

# examples:
   netsh trace start capture=yes IPv4.SourceAddress=192.168.0.99 tracefile=c:\temp\trace1.etl maxsize=512 persistent=yes
# IPv4.Address=192.168.0.99     listen on local IP-Adress 192.168.0.99
# persistent=yes                            continue tracing after reboot

   netsh trace start capture=yes tracefile=c:\temp\trace1.etl maxsize=512 provider="Microsoft-Windows-TCPIP" providerfilter=yes IPv4.SourceAddress=192.168.0.99
# provider="Microsoft-Windows-TCPIP"                           use provider
# providerfilter=yes IPv4.SourceAddress=192.168.0.99     use providerfilter

   netsh trace start capture=yes tracefile=c:\temp\trace1.etl maxsize=512 provider="Microsoft-Windows-TCPIP" captureinterface=Ethernet keywords=ut:TcpipListener
# captureinterface=Ethernet         capture certain interface

trace-file must be inspected with Microsoft Network Monitor (GUI)

- if not spezified, the etl-file will be written in the local profile
- find providers:  'netsh trace show providers | findstr -i tcp'
                          'netsh trace show provider name="Microsoft-Windows-TCPIP"'