pktmon

Applies to: Windows Server 2022, Windows Server 2019, Windows 10, Azure Stack HCI, Azure Stack Hub, Azure

Packet Monitor (Pktmon) is an in-box, cross-component network diagnostics tool for Windows. It can be used for advanced packet capture and event collection, drop detection, filtering, and counting. Pktmon is especially helpful in virtualization scenarios such as container networking and SDN, because it provides visibility within the networking stack.

Syntax

pktmon { filter | list | start | stop | status | unload | counters | reset | etl2txt | etl2pcap | hex2pkt | help } [options]

Commands

Command Description
pktmon filter Manage packet filters.
pktmon list List packet processing components.
pktmon start Start packet capture and event collection.
pktmon stop Stop data collection.
pktmon status Query current status.
pktmon unload Unload PktMon driver.
pktmon counters Display current packet counters.
pktmon reset Reset packet counters to zero.
pktmon etl2txt Convert log file to text format.
pktmon etl2pcap Convert log file to pcapng format.
pktmon hex2pkt Decode packet in hexadecimal format.
pktmon help Show help text for specific command.