Capture a NETSH network trace

Here are the official details on this one.  I was needing to do this and realized that I had never written a post on this one.  Although we are moving into the cloud and this isn’t needed so much anymore, all the IT pros who will continue to work with Windows Server within their own data centers might find it useful.

See also These articles:

• Analyze NETSH traces with Wireshark or Network Monitor, convert ETL to CAB
• How to analyze a trace taken using NETSH TRACE

In my scenario there is a outgoing request, server side that is failing.  I.e. a client calls an API on the server and that API makes a request that leaves the server and is having some problems.  I access the server and execute this command.  All commands are shown in Figure 1.

 
netsh trace start scenario=InternetClient,InternetServer,NetConnection globalLevel=win:Verbose capture=yes report=yes traceFile=C:\temp\trace\trace001.etl

Figure 1, capturing a NETSH TRACE to find out why there is a network connection issues

Here are the details of the scenarios I used, see Figure 2 for a complete list.

• InternetClient –> Diagnose web connectivity issues
• InternetServer –> Troubleshoot server-side web connectivity issues
• NetConnection –> Troubleshoot issues with network connections

Here are some other optional parameters I used:

• • capture –> Specifies whether packet capture is enabled
    in addition to trace events. If unspecified, the default entry for capture is
    no.
  • persistent -> Specifies whether the tracing session
    resumes upon restarting the computer, and continues to function until the “Netsh
    trace stop” command is issued. If unspecified, the default entry for persistent
    is no.
  • maxSize –> default is 250MB-ish, if set to 0 then there
    is no maximum

Next, after the NETSH TRACE is started, reproduce the issue.  The execute the following command:

 
netsh trace stop

To read about how I analyzed the trace see here.

To view all the NETSH TRACE scenarios enter the following command, see Figure 2.

 
netsh trace show scenarios

Figure 2, how to find NETSH TRACE scenarios

to find the values for setting the global level verbosity, execute the following command, see Figure 3.

 
netsh trace show globalkeywordsandlevel

Figure 3, how to find NETSH TRACE verbosity settings