I was hunting for some information and came across this post on a blog on TechNet, by YongRhee at Microsoft. I am copying his post here because it such a great idea to share.
Windows Server 2012
Windows Server 2008 R2
In Windows Server’s, if you wanted to capture network packets (for those coming from a Unix background, Packet sniffer or protocol analyzer, or TCPDump), you would have to install an add-on such as Network Monitor (Netmon) or Wireshark (used to be known as Ethereal). In order to install these products, you would have to go thru a change control process.
Starting with Windows 7 and Windows Server 2008 R2, network capture has been built-in and native to the Windows O.S.
Start, CMD (Run as admin)
Type “Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:LogsNetTrace.etl” without the quotation marks and then press Enter.
Note: Details of all the options are available in the links to more information.
Note 2: You always want to take network traces from both sides (sending and receiving).
Reproduce the issue.
Open a second CMD (Run as admin)
When you have the repro, to make the network trace with a ‘marker’ that you are done.
Type “ping 127.0.0.1” without the quotation marks and then press Enter.
To stop the network capture
Type “netsh trace stop” without the quotation marks and then press Enter.
Once you have the nettrace.etl file, you could copy it off the server to your Windows client.
In your Windows client, you would use Microsoft Network Monitor 3.4 to analyze the network packets.
Troubleshoots what type of related issues?
common file and printer sharing problems
Diagnose web connectivity
server-side web connectivity
layer 2 authentication
layer 2 connectivity
Windows Connect Now
Windows Filtering Platform and IPsec
Network Tracing in Windows 7
Network Tracing in Windows 7 (Windows)
Netsh Commands for Trace
Netsh Commands for Network Trace in Windows Server 2008 R2 and Windows 7
Event Tracing for Windows and Network Monitor
For those administrators that want to learn more and their company has a Premier contract. There is a workshop available called “Netmon for Enterprise Troubleshooting”. Please contact your Technical Account Manager (T.A.M.) about availability in your neck of the woods.
Microsoft Services – Premier Support Proactive Services – Proactive Education
Link to his original Post