Fast Auto method :
Fast way is to use our c++ console app that we made who do the below steps ,it will get you pcap file in your Desktop.
Capture.exe already located in your desktop server you have created with us ! , you can download it here
using windows pktmon ( built in windows 10 ) .
the pktmon tool allows you to display monitored packets in real-time and to convert the native ETL files to the PCAPNG format, which can be read by us to analyze the attack pattern.
- Open Windows Command Prompt as an administrator.
- Go to Desktop ( cd Desktop ).
- start capturing ( pktmon start –etw -c ).
- wait at least 10 seconds during the attack not more.
- stop the packet capture ( pktmon stop ).
- file will be generated in your desktop.
- convert the ETL to the WireShark supported pcapng format with the following command ( pktmon pcapng PktMon.etl out.pcapng).
- You can now open that file in wireshark and view the packet capture, share it with us !