windows抓取winsock的tracert文件进行分析

  • A+
所属分类:默认

要查询网络问题,抓取tracert文件进行分析

1、跟踪tracert

logman start -ets mywinsocksession -o winsocklogfile.etl -p Microsoft-Windows-Winsock-AFD

 
 

2、停止跟踪

logman stop -ets mywinsocksession

 
 

可以使用tracerpt把文件解压出TXT或者XML

tracerpt.exe <name of the .etl file> –o winsocktracelog.txt

tracerpt.exe <name of the .etl file> –o winsocktracelog.xml –of xml

 
 

或者直接使用windows的日志管理,导入我们的tracet文件进行分析

关于Winsock 分析方向

Winsock network event

logman start -ets mywinsocksession -o winsocklogfile.etl -p Microsoft-Windows-Winsock-AFD

 
 

Winsock Catalog Change

logman start -ets mywinsockcatalogsession -o winsockcataloglogfile.etl -p Microsoft-Windows-Winsock-WS2HELP

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: