none
Powershell NetEventSession RRS feed

  • General discussion

  • Hi Guys, 

    I'm trying to capture packets on a specific destination port (port 25) using powershell commands, and would need some help. I have attempted two ways, but hasn't worked.

    Method 1:

    param([UInt16[]]$ports=25)
    New-NetEventSession -Name "Capture" -CaptureMode RealtimeLocal -LocalFilePath "C:\Users\5.etl"
    Add-NetEventWFPCaptureProvider -SessionName "Capture" -TCPPorts $ports
    Start-NetEventSession -Name "Capture"

    Method 1 Result (Error): 

    Start-NetEventSession : A general error occurred that is not covered by a more specific error code.
    At line:4 char:1
    + Start-NetEventSession -Name "Capture"
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (MSFT_NetEventSe...EFDF64462B1D}"):root/StandardCimv2/MSFT_NetEventSession) [St 
       art-NetEventSession], CimException
        + FullyQualifiedErrorId : MI RESULT 1,Start-NetEventSession

    Method 2:

    param([UInt16[]]$ports=25)
    New-NetEventSession -Name "Capture" -CaptureMode RealtimeLocal -LocalFilePath "C:\Users\5.etl"
    Add-NetEventPacketCaptureProvider -SessionName "Capture" -IpProtocols $ports
    Start-NetEventSession -Name "Capture"

    Method 2 Result:

    Captures all traffic and doesnt limit it to dest.port 25, and i'm not sure of the arguments that could be used for -IpProtocols

    Appreciate any help on this.

    thanks.

    • Changed type Bill_Stewart Wednesday, May 30, 2018 7:31 PM
    • Moved by Bill_Stewart Wednesday, May 30, 2018 7:31 PM Unanswerable drive-by question
    Wednesday, April 4, 2018 6:14 AM

All replies