Security News > 2020 > December > Hands on with Windows 10's built-in Pktmon network monitor
With the Windows 10 October 2018 update release, Microsoft had quietly added a built-in command-line network packet sniffer called Pktmon to Windows 10.
Compared to a network monitor with a graphical user interface, the command-line interface of Pktmon takes a bit more time to get used to it.
Before you can monitor packets, you first need to create filters using the pktmon filter add command, which specifies what traffic you want to monitor.
You can monitor all the network traffic on your network using the pktmon filter add -i 192.168.1.0/24 command or monitor DNS traffic using pktmon filter add -t UDP -p 53.
You can also specify the specific network interface to monitor using the -c argument followed by an interface index ID. For a list of network interfaces and their index IDs, you can use the pktmon comp list command.
News URL
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Windows 10 KB5045594 update fixes multi-function printer bugs (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Windows 10 KB5046613 update released with fixes for printer bugs (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Windows 10 KB5046714 update fixes bug preventing app uninstalls (source)
- New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times (source)