Windows 10 waxa ay bixisaa Shabakadda Sniffer Tool^{(Network Sniffer Tool)} - PktMon.exe- si ay ula socdaan faafinta baakidhka gudaha iyo warbixinaha soo ridista baakidhka. Qalabkani waxa uu kaa caawin karaa in aad dhex gashato. Shabakadda oo kaa caawisa xalinta sababta daahsoonnimada shabkada, garato codsiyada la saameeyey, iyo, marka lagu isticmaalo qalab dheeri ah, waxay ku siin kartaa aragti ku saabsan cabbirada sare. Maqaalkan, waxaan ku tusi doonaa sida aad u isticmaali karto Shabakadda Sniffer Tool^{(Network Sniffer Tool)} ( PktMon.exe ) ee cusub Windows 10 .

Qalabka Sniffer Network^{(Network Sniffer Tool)} pktmon.exe gudaha Windows 10

PktMon.exe ama Packet Monitor waa shabakada cusub ee wax quudisa ama shabakada ogaanshaha iyo qalabka la socodka xidhmooyinka. Waxay ku taal galka Nidaamyada^(Systems) , taas oo macnaheedu yahay inaad ka wici karto Run ama Command Prompt ama PowerShell .

Haddii barnaamijku ku xasuusiyo wax ku saabsan Netsh Trace Command, markaa waad saxantahay. Amarka Netsh Trace wuxuu kaa caawinayaa inaad awood u yeelato oo aad habayso raadinta shabakada si ay kuu caawiso markaad cilad-saarayso dhibaatooyinka isku xidhka shabakada.

Maxay PktMon qaban kartaa?

Haddii aad ku shaqeyso  PktMon.exe Help isla markiiba amarka. Waa kan waxa aad hesho:

• filter: Maamul filtarrada baakadaha.
• comp: Maamul qaybaha diiwaangashan.
• dib u habeyn: Ku^(reset:) celi xisaabaadka eber.
• bilow:^(start:) Bilow la socodka baakidhka.
• joojinta:^(stop:) Jooji la socodka.
• qaabka:^(format:) U beddel gal gal qoraal qoraal ah.
• dejin:^(unload:) Soo deji darawalka PktMon.

Oo haddii aad rabto caawimo dheeraad ah oo ku saabsan amar gaar ah, markaa waxaad caawin kartaa amarkaas. Waa kan sida ay u egtahay:

pktmon filter help

pktmon filter { list | add | remove } [OPTIONS | help]

Commands
list Display active packet filters.
add Add a filter to control which packets are reported.
remove Removes all filters.

PktMon.exe waxa kale oo ay la socotaa la socodka wakhtiga dhabta ah iyo taageerada qaabka faylka PCAPNG.

Akhri^(Read) : Sida loo sahlo oo looga tijaabiyo DNS-ka HTTPS gudaha Windows 10^{(How to enable and test DNS over HTTPS in Windows 10)} .

Sida loo isticmaalo PktMon si loola socdo taraafikada shabakada

Halkan waxaa ah tusaale sida loo isticmaalo tusaale fudud.

1. Samee Shaandheeye si aad ula socoto dekedda
2. Bilaw la socodka
3. Dhoofinta Log qaab la akhriyi karo

Tusaalahani waxa uu u malaynayaa in aad rabto in aad la socoto nambarka dekedda ee kombiyuutarka, kaas oo laga yaabo in ay marar badan dhibaato haysato.

1. Samee Shaandho

Xulashada koowaad ee kuu oggolaanaysa inaad la socoto taraafikada waa — filter. Isticmaalka doorashadan, waxaad abuuri kartaa shaandheyn si aad u xakameyso xirmooyinka la soo sheegay iyadoo lagu saleynayo Ethernet Frame , madaxa IP, madaxa TCP , iyo Encapsulation . Haddii aad socodsiiso barnaamijka hoos ku xusan, waxaad heli doontaa faahfaahin buuxda oo ku saabsan waxa aad ku samayn karto shaandhada.

pktmon filter add help

Markaa u soo noqo mawduuceena, aynu ka soo qaadno inaan la socon doono TCP port^{(monitor TCP port)} no 1088. Waxay noqon kartaa deked uu isticmaalo codsigaaga caadada ah, kaas oo burburaya, PktMon waxay kaa caawin kartaa inaad ogaato haddii shabakadu tahay dhibaatada.

Fur Command Prompt ama PowerShell oo leh mudnaanta maamulka

Samee shaandhada baakidhka adoo isticmaalaya amarka: "pktmon filter add -p [port]"

pktmon filter add -p 1088

Waxaad markaa wadi kartaa amarka "liiska filter pktmon" si aad u aragto liiska filtarrada lagu daray.

Si aad meesha uga saarto dhammaan filtarrada ku orod amarka "pktmon filter ka saar"

2. Bilaw la socodka

Maadaama kani aanu ahayn barnaamij toos ah oo gadaal ka socda balse uu ku shaqeeyo baahi, waxaad u baahan tahay inaad si gacanta ah ula socoto. Ku socodsii amarkan soo socda si aad u bilowdo xidhmooyinka la socodka

pktmon start --etw - p 0

Waxay bilaabi doontaa la socodka waxayna abuurtay gal gal meesha lagu sheegay. Waa inaad gacanta ku joojisaa adeegsiga dooda “joojinta” si aad u joojiso jarista, ama waxay dhammaan doontaa marka kombuyuutarku xidhmo. Haddii aad ku maamusho amarka "-p 0" markaas waxay qabsan doontaa 128 bytes oo baakidh ah.

Log filename: C:\Windows\system32\PktMon.etl
Logging mode: Circular
Maximum file size: 512 MB

3. Dhoofinta Log qaab la akhriyi karo

Faylka log waxaa lagu kaydiyaa faylka PktMon.ETL kaas oo loo rogi karo qaab bini'aadamku akhriyi karo iyadoo la adeegsanayo amarka soo socda

pktmon format PktMon.etl -o port-monitor-1088.txt

Markaad taas sameyso, markaad faylka ku furto notepad, oo aad akhrido, si macno loo sameeyo, waa inaad isticmaashaa Kormeeraha Shabakadda Microsoft.  Waxay si toos ah u akhrin kartaa faylka ETL.

Taasi waxay tidhi, Microsoft waxaa la filayaa inay bilawdo soo saarista taageerada la socodka wakhtiga dhabta ah, taas oo la filayey gudaha Windows 10 2004 - laakiin wali ma arko doorashadaas.

Akhri wax la xidhiidha^{(Related read)} : Qalabka wax lagu urijiyo ee bilaashka ah^{(Free Packet Sniffing Tools)} ee Windows 10.

How to use Network Sniffer Tool PktMon.exe in Windows 10

Windows 10 offers аn inbuilt Network Sniffer Tool — PktMon.exe — to monitor internal packet propagation and packet drop reports. This tool can help you snoop around. The network and help you resolve the cause of network latency, identify impacted applications, and, when used with an additional set of tools, can provide insight into top metrics. In this post, we will show how you can use the new Network Sniffer Tool (PktMon.exe) in Windows 10.

Network Sniffer Tool pktmon.exe in Windows 10

PktMon.exe or Packet Monitor is the new network sniffer or network diagnostic and packet monitoring tool. It is located in the Systems folder, which means you can invoke it from the Run or Command Prompt or PowerShell.

If the program reminds you about Netsh Trace Command, then you are right. Netsh Trace command helps you to enable and configure network tracing to assist you when troubleshooting network connectivity problems.

What can PktMon can do?

If you run PktMon.exe Help on the command prompt. Here is what you get:

• filter: Manage packet filters.
• comp: Manage registered components.
• reset: Reset counters to zero.
• start: Start packet monitoring.
• stop: Stop monitoring.
• format: Convert log file to text.
• unload: Unload PktMon driver.

And if you want further help on a specific command, then you can run help against that command. Here is how it looks like:

pktmon filter help

pktmon filter { list | add | remove } [OPTIONS | help]

Commands
list Display active packet filters.
add Add a filter to control which packets are reported.
remove Removes all filters.

PktMon.exe also comes with real-time monitoring and support for the PCAPNG file format.

Read: How to enable and test DNS over HTTPS in Windows 10.

How to use PktMon to monitor network traffic

Here is an example of how to use it with a simple example.

1. Create a Filter to monitor a port
2. Start Monitoring
3. Export Log into a readable format

This example is assuming that you want to monitor a port number on the computer, which might be having issues often.

1. Create a Filter

The primary option which allows you to monitor traffic is —filter. Using this option, you can create a filter to control which packets are reported based on Ethernet Frame, IP header, TCP header, and Encapsulation. If you run the below-mentioned program, you will get full details on what you can do with the filter.

pktmon filter add help

So coming back to our topic, let’s assume that we are going to monitor TCP port no 1088. It can be a port used by your custom application, which is crashing, and PktMon can help you figure out if the network is the problem.

Open Command Prompt or PowerShell with admin privileges

Create a packet filter using the command: “pktmon filter add -p [port]”

pktmon filter add -p 1088

You can then run the command “pktmon filter list” to see a list of added filters.

To remove all the filters run the command “pktmon filter remove”

2. Start Monitoring

Since this is not an automated program running in the background but works on-demand, you need to start monitoring manually. Run the following command to start monitoring packets

pktmon start --etw - p 0

It will start the monitoring and created a log file at the mentioned location. You will have to manually stop using the “stop” argument to stop the logging, or it will end when the computer shuts down. If you run the command with “-p 0” then it will only capture 128 bytes of a packet.

Log filename: C:\Windows\system32\PktMon.etl
Logging mode: Circular
Maximum file size: 512 MB

3. Export Log into a readable format

The log file is saved into PktMon.ETL file which can be converted into a human-readable format using the following command

pktmon format PktMon.etl -o port-monitor-1088.txt

Having done that, while you open the file in notepad, and read it, to make sense, you will have to use the Microsoft Network Monitor. It can directly read the ETL file.

That said, Microsoft is expected to start rolling out support for real-time monitoring, which was expected in Windows 10 2004 – but I do not see that that option yet.

Related read: Free Packet Sniffing Tools for Windows 10.

Related posts

• Sida loo abuuro Warbixinta Adapter Network ee Wi-Fi Windows 10

• Aaladaha Shabakadda Wireless-ka ee bilaashka ah ee loogu talagalay Windows 10

• Sida loo helo cinwaanka IP-ga ee Windows 10 - Raadinta Ciwaanka IP-ga

• Sida loo habeeyo Global Proxy Server Settings gudaha Windows 10

• Sida loo abuuro shares Network gudaha Windows 10

• Sida loo khariidado darawalada FTP, wadayaasha shabakadaha, iyo wadaaga shabakada, gudaha Windows 10

• Waa maxay Firewall iyo Ilaalinta Shabakadda ee Windows 10 iyo sida loo qariyo qaybtan

• Soo hel Tusiyaha Waxqabadka Shabakadda caadiga ah Windows 10

• Sida dib loogu habeeyo Settings Network on Windows 10

• Sida looga saaro VPN adoo isticmaalaya isku xirka shabakada gudaha Windows 10

• Adapter Network ayaa ka maqan Windows 10? 11 Siyaabaha Shaqada ee lagu hagaajinayo!

• U beddelo Shabakadda Dadweynaha una beddelo Shabakadda Gaarka ah ee Windows 7, 8 iyo 10

• 2 siyaabood oo loo khariideeyo Network Drive gudaha Windows 10

• Sida loola socdo apps-ka isticmaala xogta ugu badan Windows 10

• Maamulaha TCP/IP ee Windows 10

• Sida loogu daro Wireless ama Network Printer gudaha Windows 10

• Sida loogu xidho server-ka FTP gudaha Windows 10, laga bilaabo File Explorer -

• Sawir-qaade sare oo IP ah, iskaanka IP-ga bilaashka ah ee loogu talagalay Windows 10

• Sida fog looga galo Windows 10 ka Mac

• Soo celi oo soo celi WiFi ama Shabakadda Shabakadda Wireless-ka ee gudaha Windows 10