Fortytwo - Answer to the Ultimate Question of Life, the Universe, and Everything

User Tools

Site Tools

Trace:
powershell

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
powershell [2022/11/10 18:44] – [Simple TCP Portscan] baumipowershell [2022/11/20 10:19] (current) – [Convert to PCAP] baumi
Line 24: Line 24:
   Test-NetConnection -ComputerName $target -Port $port   Test-NetConnection -ComputerName $target -Port $port
 } }
 +</code>
 +===== Packet Capture =====
 +==== Capture ====
 +<code powershell>
 +$duration=90
 +$env:HostIP = (
 +    Get-NetIPConfiguration |
 +    Where-Object {
 +        $_.IPv4DefaultGateway -ne $null -and
 +        $_.NetAdapter.Status -ne "Disconnected"
 +    }
 +).IPv4Address.IPAddress
 +
 +netsh trace start capture=yes IPv4.Address=$env:HostIP tracefile=c:\temp\capture.etl
 +Start-Sleep $duration
 +netsh trace stop
 +</code>
 +==== Convert to PCAP ====
 +https://github.com/microsoft/etl2pcapng/releases
 +<code powershell>
 +Invoke-Webrequest -O etl2pcapng.exe https://github.com/microsoft/etl2pcapng/releases/download/v1.9.0/etl2pcapng.exe
 +./etl2pcapng.exe c:\temp\capture.etl c:\temp\capture.pcap
 </code> </code>
 ===== Useful Commandlets ===== ===== Useful Commandlets =====
powershell.1668102253.txt.gz · Last modified: by baumi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki