.. /Pktmon.exe
Star

Capture Network Packets on the windows 10 with October 2018 Update or later.


Paths:

Resources:
Acknowledgements:

Detection:

Reconnaissance

Will start a packet capture and store log file as PktMon.etl. Use pktmon.exe stop
pktmon.exe start --etw
Usecase: use this a built in network sniffer on windows 10 to capture senstive traffic
Privileges required: Administrator
OS: Windows 10 1809 and later, Windows 11
MITRE ATT&CK®: T1040



Select Desired ports for packet capture
pktmon.exe filter add -p 445
Usecase: Look for interesting traffic such as telent or FTP
Privileges required: Administrator
OS: Windows 10 1809 and later, Windows 11
MITRE ATT&CK®: T1040