Netcap Examples

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Example 1: Capture network packets for 3 minutes

In this example, you monitor your network port for three minutes and capture the information to the C:\Temp folder. Type the following at the command prompt:

netcap /c:c:\temp /l:00:03:00

NetCap displays the following result:

Total frames captured: 229

Capture file name: c:\temp\7D16111E39FA.cap

Example 2: Monitor with a trigger

In this example, you want to monitor with a trigger defining when to stop. You want to look for a certain pattern, and when found, keep listening until the trigger is halfway into the buffer. You have previously defined a filter restricting the monitoring to a suspicious host. Type the following at the command prompt:

NetCap /B:20 /N:2 /T BP 50 0a ff1f /F:d:\IPFilter.CF

NetCap produces the following output:

Total frames captured: 85220

Capture file name: c:\temp\7D234C233A3B.cap

Example 3: Remove the Network Monitor Driver

In this example, you remove the Network Monitor Driver that NetCap has installed. Type the following at the command prompt:

netcap /remove

NetCap produces the following output:

The NetCap.exe instance of the Network Monitor driver successfully removed.

