Tool Tip-How to Capture Windows Network Trace using netsh

One of our clients needed to do research on an intermittent network issue that occurred between a Windows Server web application and the NonStop. Because the problem occurred intermittently, network traces must be run continuously.

Most of you are probably familiar with Wireshark, the free Windows tool used for capturing network traces for offline analysis. It is the same tool that can be used to analyze NonStop CLIM traces, which are in Wireshark .cap file format.  Wireshark is a wonderful tool that is easy to use, but there are times when its use may be limited.

For Example:

1. Wireshark needs to be installed. In some organizations, the User doesn’t have Admin rights to install new programs on the desktop. The User has to submit a request which has to be approved. After approval, the installation will then be scheduled and performed by Network Administrators. Potentially, this has the makings of being a long, drawn-out process.
2. Wireshark is known to use a lot of memory during capture.  If you decide to run a Wireshark trace continuously to try to capture an intermittent problem, Wireshark could eat up most of the available memory of your computer.

Running Wireshark continuously could be quite taxing to your computer’s resources, and not something that’s sustainable.  That’s when a tool like Microsoft’s netsh utility is necessary.

What is netsh?

netsh (network shell) is a command-line scripting utility that allows you to display or modify the network configuration of a computer that is currently running. netsh commands can be run by typing commands at the netsh prompt and they can be used in batch files or scripts. Remote computers and the local computer network devices can be configured by using netsh commands. One common use of netsh is to capture network traces.

How to use netsh in 3 quick steps

1, Start a trace: netsh trace start capture=yes

2. Stop a trace: netsh trace stop

Note: It may take a long time for the “Generating data collection…” to be completed. Be patient and wait until the “done” appears.

3. Analyze a trace:  Use Microsoft Message Analyzer to import the .etl file

Note: It may take a while for the analyzer to ingest the file ready for analysis.

Summary

Wireshark is still the “go-to” tool for analyzing network traffic. However, a tool like netsh, is a good alternative if you’re having problems with Wireshark.

---

Phil Ly is the president and founder of TIC Software, a New York-based company specializing in software and services that integrate NonStop with the latest technologies, including Web Services, .NET and Java. Prior to founding TIC in 1983, Phil worked for Tandem Computer in technical support and software development.