Sniff traffic on Windows without using Wireshark

-

scenario:  you do no have rights (formally) to install software on your managed Windows Server: 


from elevated prompt:

netsh trace start capture=yes tracefile=C:\TEMP\trace1.etl persistent=yes maxsize=4096

#at the end of your network debugging operation:

netsh trace stop


copy your trace1.etl, open it with Microsoft Network Monitor : 

Microsoft Network Monitor 3.4

go to Tools>Options>Parser Profile. Select Windows and click on Set as Active.

analyze network traffic.

Commenti

Posta un commento

Post popolari in questo blog

Teams Incoming Webhook deprecated: Use PowerAutomate - Workflow

-
Since is not possible configure Classic Teams Webhook (deprecated, and it does not work from teams gui), I just created a workflow for "Gatus" monitoring application.  goto: https://make.powerautomate.com/ go to My flows > New flow > instant cloud flow     select "When a Teams webhook request is received" > create               configure: "Who can trigger the flow" > anyone add an action, search for:            post message in a chat or channel          configure:               "post as": flow bot               "post in": channel               "team": dropdown select team               "channel": dropdown select channel               "content":  Content: @...
Continua a leggere

Mysql operator S3 innodbcluster backup SECRET CONFIG

-
[ERROR] [backup] Backup failed with an exception: Util.dump_instance: Argument #2: The AWS access and secret keys were not found in: environment variables     mysql do not provide a good documentation about mysql operator. ORACLE WANT YOU TO USE OCI! USE OCI cmon.  mysql operator wants aws "cretentials" file down the "/mysqlsh/.aws folder, it does this in pod through VolumeMount the secret file, nothing about to worry about.  PS: If you are trying to backup to an s3 endpoint with self signed or with private ca certificate, loose all hopes. I do not find a solution about that.  cat secret   [default]   aws_access_key_id=REDACTED aws_secret_access_key=REDACTED cat secret | base64 -w 0 W2RlZmF1bHRdIAphd3NfYWNjZXNzX2tleV9pZD1SRURBQ1RFRAphd3Nfc2VjcmV0X2FjY2Vzc19rZXk9UkVEQUNURUQKCg==                            ...
Continua a leggere

Fedora - KVM - qemu - Windows 11 guest. error: swtpm at /usr/bin/swtpm does not support TPM 2

-
 you cannot create and execute VM: Windows 11 Guest in Fedora 40?  it's SELINUX. you can disable SELINUX or create a rule to avoid the TPM problem. we choose the second one.  check sudo ausearch -c 'virtqemud' --raw or sudo ausearch -m avc -ts recent if results appear, go on solution: sudo ausearch -m avc -ts recent | grep virtqemud | sudo audit2allow -M local_virtqemud sudo semodule -i local_virtqemud.pp systemctl restart libvirtd
Continua a leggere