I would think you would like to submit a packetcapture that’s why you need to install wireshark. You can use NETSH as an alternative
Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a currently running computer. Used without parameters, netsh opens the Netsh.exe command prompt and is capable of obtaining the network trace using the trace command.
Netsh basically exist on Windows 7, server 2008 and above machines.
You can read more about this here
In many scenarios, we wants to capture the IP address, UDP port 2055, 514 etc 162 , the filter help will help us in our daily task.
Multiple filters could be used:
netsh trace show capturefilterhelp
Most commonly used filters:
Protocol=<protocol>
Matches the specified filter against the IP protocol.
e.g. Protocol=6
e.g. Protocol=!(TCP,UDP)
e.g. Protocol=(4-10)
IPv4.Address=<IPv4 address>
Matches the specified filter against both source and destination
IPv4 addresses.
e.g. IPv4.Address=157.59.136.1
e.g. IPv4.Address=!(157.59.136.1)
e.g. IPv4.Address=(157.59.136.1,157.59.136.11)
IPv4.SourceAddress=<IPv4 address>
Matches the specified filter against source IPv4 addresses.
e.g. IPv4.SourceAddress=157.59.136.1
IPv4.DestinationAddress=<IPv4 address>
Matches the specified filter against destination IPv4 addresses.
e.g. IPv4.DestinationAddress=157.59.136.1
For Example:
Netsh trace start Capture =yes Ethernet.Type=IPv4 Protocol=UDP //captures all IPv4 UDP traffic.
To stop the trace, issue the command netsh trace stop
Location of ETL file by default at C:\Users\{USERaccount}\AppData\Local\Temp\NetTraces
Convert to PCAP using PowerShell using ETLPCAPNG
Etlpcapng is a converter utility for ETL to PCAP on github
The executable could be obtained here
After extracting the files, place the file in the same executable as the etl2pcapng folder
Command: etl2pcapng.exe NetTrace.etl output.pcapng
End Result: 276 packets captured and displayed
Once you have the ETL file and converted it to pcap, send the result over to support or you can inspect it yourself.
Perfect! This works! Thank you donrobert5
For those who may not be able to install ANY packet capture app on their server, there are alternative options, so don't give up hope.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.