![]() ![]() Furthermore, pktmon must be executed as Administrator in order to use it effectively. To get an overview of the options of pktmon, help can be appended after each command. The directory C:\tmp\pktmon was created for this purpose. It is recommended to create a directory where the first captures are stored, because C:\Windwos\System32\ is not the ideal place for this. The packet sniffer pktmon can be found at C:\Windows\System32\pktmon.exe, but can be executed anywhere on the command line with pktmon. For this purpose, a small lab environment with a current Windows 10 Pro as a test client and a Kali Linux as an additional participant in the network was set up. In the following article we will introduce first steps with pktmon and look for ways to get quick analysis results from the captures in a security context. Therefore, the question arises whether this is possible with pktmon under Windows with built-in mechanisms. The analysis with tcpdump on Linux with some Bash commands for sorting and filtering packet captures is relatively powerful and easy to do. The question is whether, in analogy to the well-known tools such as tcpdump or Wireshark, pktmon can now be used on a Windows system to make rapid analyses of possible indicators of a compromise. In the Windows Update Version 2004, pktmon received further updates, which might make it interesting for the analysis in a security context. ![]() Microsoft introduced with the Windows 10 October 2018 Update the command line Packet Sniffer pktmon. pktmon from Windows Update 2004 offers export of capturings as pcapng.Deeper analyses should be done with specialized tools.And PowerShell can be used for rudimentary review.Windows pktmon can be used for network capture.How to Analyze Network Traffic with Windows
0 Comments
Leave a Reply. |