After my last article about Microsoft’s Netmon got quite a bit of attention.
One common point raised by more than one person is that Netmon would be so much better if it had command line support.
I knew it did, but never used it and was surprised how feature rich it was.
In the following video I go through some of the basics to get you going.
Here are the commands I used that you can copy and paste to save some keystrokes.
Nmcap /usage
Nmcap /displaynetworks
NMCap /network 3
NMCap /network 3 /capture /file 3.cap
nmcap /network 3 /capture ipv4.address == 10.44.10.1 /file ip.cap /StartWhen /Time 4:48:00 pM 10/22/2014 /StopWhen /TimeAfter 20 min
Enjoy