Today I tried these two commands.
netsh trace start capture=yes
 It requires to be run in administer mode.
This commands starts the network capturing.
The immediate output is an etl file.
The netsh stop command(netsh trace stop) stops the capturing and creates a cap file in the end. The cap file is an archive file.
When extracted, it has many info about the system info and the etl file.

Today I tried these two commands.

**netsh trace start capture=yes**
	It requires to be run in administer mode.
This commands starts the network capturing.
The immediate output is an etl file.
The netsh stop command(**netsh trace stop**) stops the capturing and creates a cap file in the end. The cap file is an archive file.
When extracted, it has many info about the system info and the etl file.


yosa's tech journey

yosa's tech journey

WIP, Trace monitoring in Windows

Table of contents

No headings in the article.