How to use the new PktMon.exe Tool in Windows 10

Windows 10 offers an inbuilt Network Sniffer ToolPktMon.exe — to monitor internal parcel engendering and bundle drop reports. This tool can assist you with snooping around. The network and assist you with resolving the cause of network idleness, identify affected applications, and, when used with an extra arrangement of tools, can give insight into top measurements. In this post, we will show how you can use the new Network Sniffer Tool (PktMon.exe) in Windows 10.

Network Sniffer Tool pktmon.exe in Windows 10

PktMon.exe or Packet Monitor is the new network sniffer or network indicative and bundle monitoring tool. It is situated in the Systems folder, which implies you can invoke it from the Run or Command Prompt or PowerShell.

If the program reminds you about Netsh Trace Command, then you are correct. Netsh Trace order causes you to empower and design network tracing to help you when troubleshooting network connectivity issues.

What can PktMon can do?

If you run PktMon.exe Help on the order prompt. Here is the thing that you get:

  • channel: Manage bundle channels.
  • comp: Manage enlisted parts.
  • reset: Reset counters to zero.
  • start: Start bundle monitoring.
  • stop: Stop monitoring.
  • position: Convert log file to content.
  • empty: Unload PktMon driver.

Furthermore, if you need further assistance on a specific order, then you can run help against that order. Here is how it would appear that:

pktmon filter help

pktmon filter { list | add | remove } [OPTIONS | help]
list Display active packet filters.
add Add a filter to control which packets are reported.
remove Removes all filters.

How to use PktMon to monitor network traffic

This model is assuming that you need to monitor a port number on the PC, which may be having issues regularly.

1. Make a Filter

The essential choice which permits you to monitor traffic is — channel. Using this choice, you can make a channel to control which bundles are accounted for dependent on Ethernet Frame, IP header, TCP header, and Encapsulation. If you run the underneath referenced program, you will get full subtleties on what you can do with the channel.

pktmon filter add help

So coming back to our topic, how about we expect that we are going to monitor TCP port no 1088. It very well may be a port used by your custom application, which is crashing, and PktMon can assist you with figuring out if the network is the issue.

Open Command Prompt or PowerShell with admin benefits

Make a packet filter using the order: “pktmon channel include – p [port]”

pktmon filter add -p 1088

You would then be able to run the order “pktmon channel list” to see a rundown of included channels.


To evacuate all the channels run the order “pktmon channel remove”

Also see: How to Fix Windows 10 Get Help app not working

2. Start Monitoring

Since this isn’t an automated program running in the foundation however deals with the request, you have to start monitoring physically. Run the following order to start monitoring bundles.

pktmon start --etw - p 0

It will start the monitoring and made a log file at the referenced area. You should physically stop using the “stop” contention to stop the logging, or it will end when the PC closes down. If you run the order with “- p 0” then it will just catch 128 bytes of a bundle.

Log filename: C:\Windows\system32\PktMon.etl
Logging mode: Circular
Maximum file size: 512 MB

3. Export Log into a readable format


The log file is spared into PktMon.ETL file which can be changed over into a comprehensible organization using the following order.

pktmon format PktMon.etl -o port-monitor-1088.txt

Having done that, while you open the file in notepad, and read it, to bode well, you should use the Microsoft Network Monitor. It can legitimately peruse the ETL file.

All things considered, Microsoft is relied upon to start rolling out help for ongoing monitoring, which was normal in Windows 10 2004 – yet I don’t see that that choice yet.

Leave a Comment