Capture a NETSH network trace

Here are the official details on this one.  I was needing to do this and realized that I had never written a post on this one.  Although we are moving into the cloud and this isn’t needed so much anymore, all the IT pros who will continue to work with Windows Server within their own data centers might find it useful.

See also These articles:

In my scenario there is a outgoing request, server side that is failing.  I.e. a client calls an API on the server and that API makes a request that leaves the server and is having some problems.  I access the server and execute this command.  All commands are shown in Figure 1.

netsh trace start scenario=InternetClient,InternetServer,NetConnection globalLevel=win:Verbose capture=yes report=yes traceFile=C:\temp\trace\trace001.etl


Figure 1, capturing a NETSH TRACE to find out why there is a network connection issues

Here are the details of the scenarios I used, see Figure 2 for a complete list.

  • InternetClient –> Diagnose web connectivity issues
  • InternetServer –> Troubleshoot server-side web connectivity issues
  • NetConnection –> Troubleshoot issues with network connections

Here are some other optional parameters I used:

    • capture –> Specifies whether packet capture is enabled
      in addition to trace events. If unspecified, the default entry for capture is
    • persistent -> Specifies whether the tracing session
      resumes upon restarting the computer, and continues to function until the “Netsh
      trace stop” command is issued. If unspecified, the default entry for persistent
      is no.
    • maxSize –> default is 250MB-ish, if set to 0 then there is no maximum

Next, after the NETSH TRACE is started, reproduce the issue.  The execute the following command:

netsh trace stop

To read about how I analyzed the trace see here.

To view all the NETSH TRACE scenarios enter the following command, see Figure 2.

netsh trace show scenarios


Figure 2, how to find NETSH TRACE scenarios

to find the values for setting the global level verbosity, execute the following command, see Figure 3.

netsh trace show globalkeywordsandlevel


Figure 3, how to find NETSH TRACE verbosity settings