Microsoft rolled out a feature that no one knew existed. A previous Windows 10 update included an unreported packet network sniffer.
The Windows 10 2018 update included a packet network sniffer. The sniffer dubbed Packet Monitor or Pktmon did not appear in the update details on the Microsoft website.
Packet Monitor or Pktmon functions
A report elaborated on how a Packet Monitor or Pktmon would function. It said that a pocket is an essential tool in network problem diagnosis.
It is also used to track a network activity from two ends. It monitors the flow of network activity from packet levels up to the computers.
The said unrevealed feature is essential for network administrators. It can be used to detect the potential networking issues that could arise.
The sniffer can monitor the online activities of the people connected to a network. It may not specifically view the actual activities but it can see the types of programs being used.
The Packet Monitor or Pktmon could also monitor and listen to conversations going on within the network. The conversations are sent through a compilation of clear text.
Before the Windows October 2018 update, Microsoft used an alternative. Microsoft customers installed the Microsoft Network Monitor and Wireshark, a third-party program.
Linux, on the other hand, used a separate tool for the network sniffing. Linux users installed the tcpdump on their devices for network diagnostics.
When the Microsoft Windows October 2018 update released the Packet Monitor or Pktmon along with the update, it indicated an unnoticeable description. The description said it will monitor internal packet propagation and packet drop reports.
The statement describes the sniffer’s capability similar to that of the Windows ‘netsh trace’ command. The said command executes a full packet inspection of data set over the entire network.
The description indicates that the program is actually designed to diagnose network problems. However, no further descriptions about the program can be found with the update.
Users who know about the program had to study and play with it to know more about how it works. They began their study on C:\Windows\system32\pktmon.exe.
How to access the Packet Monitor or Pktmon
They explored different commands on Command Prompt to experiment on the Packet Monitor or Pktmon various functions. The commands should all be executed through the Command Prompt.
To learn more about each of the commands, users must key in “pktmon comp help” on the Command Prompt. Type “pktmon filter add -p 80” to add a filter to a specific command.
To monitor type “pktmon start –etw -m real-time” while using “pktmon stop” to stop monitoring the command.
Type pktmon format PktMon.etl -o packetlog.txt to convert the details that the Windows 10 sniffer gathered into a plain text.
Image courtesy of Radu Bercan/Shutterstock