.. / Pktmon.exe
Star

Capture Network Packets on the windows 10 with October 2018 Update or later.


Paths:


Resources:
https://binar-x79.com/windows-10-secret-sniffer/

Acknowledgement:
Derek Johnson -


Detection:
.etl files found on system



Reconnaissance

Will start a packet capture and store log file as PktMon.etl. Use pktmon.exe stop
pktmon.exe start --etw
Usecase:use this a built in network sniffer on windows 10 to capture senstive traffic
Privileges required:Administrator
OS:Windows 10 1809 and later
Mitre:T1040



Select Desired ports for packet capture
pktmon.exe filter add -p 445
Usecase:Look for interesting traffic such as telent or FTP
Privileges required:Administrator
OS:Windows 10 1809 and later
Mitre:T1040