...Because someone's gotta tell the story...


To return to the main Blog List, click Full Blog Listing.



Network Tracing on Steroids

Wednesday, September 22, 2010 in Technical Articles (Views: 4896)
Today, I have found the coolest (by far) network tracing tool, which has caused me to declare to this point all other network tracing tools (which are free) to be pronounced absolute crap (yes, you too Wireshark).

The tool is part of netsh, which can trace a variety of things, but in this case we'll look at networking... My need? I have a Windows 7 box that on wireless (only) domain logins, won't map drives from a login script. Of course, wired connections work like a champ.

Disclaimer here: I have only tested this on Windows 7 and Server 2008 R2. I would think this worked in Server 2008 and Vista as well, but no guarantees.

So, netsh does a lot of things, but again, let's focus on networking. What can netsh do for tracing? Use this command to find out:

netsh trace show scenarios

But for the sake of capture, here is a great way to create a capture, quick and simple. You don't have to worry about running netmon as a service or anything else (time for a quick sigh of relief).

Use this command to start a trace, without doing it on bootup:

netsh trace start capture=yes

This will simply begin the trace. When you're finished...

netsh trace stop

This will compile the trace data into %TEMP%\NetTraces. You will find a couple of files here:

• NetTrace.etl: A nice trace capture, available to be opened from Windows Network Monitor (NetMon to some).
• A bundle of system config info such as gpresult, DNS info, file sharing, adapter info, environment, you get the idea.

So, how do we make this capture to be run at boot time? You want to use the persistent=yes parameter, so your capture will look like this:

netsh trace start capture=yes persistent=yes

You then want to reboot, and once you have reproduced the issue, you can then head to the command prompt and perform the netsh trace stop command.

A lot more that netsh can do - but this is one great feature of it.


Related Blogs You May Be Interested In:

To leave a comment, please log in and/or register.