Network tracing with powershell (command line)

Buildin Windows 10 and Windows Server 2016 and above

# run powershell as administrator!

# create a new session
# name of the session
# capture mode
# path of the trace-file, create directory before
# max file size in MB
   New-NetEventSession -Name "trace1" -CaptureMode SaveToFile -LocalFilePath c:\temp\trace1.etl -MaxFileSize 8192

# add new event provider to session
# before that lsit the providers with
# logman query providers | select-string tcp
   Add-NetEventProvider -Name “Microsoft-Windows-TCPIP” -SessionName “trace1”
   Add-NetEventPacketCaptureProvider -SessionName "trace1"

# is there a need ???
   Add-NetEventNetworkAdapter -Name "Ethernet"

# start the session
   Start-NetEventSession -Name “trace1”

# information about the running session
   Get-NetEventSession

# stop the running session
   Stop-NetEventSession -Name "trace1"

# remove the session
   Remove-NetEventSession


The Result is ugly and unusable.