Packet captures on Windows 2008 R2 ( & 2012, 2016)

Need to run a packet capture but your services for some unknown reason are running on a Windows Server? If yes, then your in luck. As of Windows Server 2008 R2 the tools you need are already installed on the server for you!

Quick capture

Note: Needs to be run from an elevated command prompt

Start the capture

netsh trace start scenario=NetConnection capture=yes tracefile=tracefile.etl

Stop the capture

netsh trace stop

Results

The results will be a nice cab file you can easily transfer to your client workstation for review.
You may want to use a tool like Microsoft’s Message Analyzer to review the capture.
Micosoft Message Analyzer

 

References: http://blogs.technet.com/b/yongrhee/archive/2012/12/01/network-tracing-packet-sniffing-built-in-to-windows-server-2008-r2-and-windows-server-2012.aspx