How to use Windows 10 Packet Monitor tool Pktmon

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • Windows 10 Packet Monitor or Pktmon is a real-time monitoring tool that was included in the Windows 10 October 2018 Update.
  • Its description from Command Prompt calls it an Advanced packet capture and event collection but its more common description would be a package sniffer.
  • If you need to know more about Windows 10 tools, the place to start would be our Windows 10 Tools section.
  • We've got plenty of guides about software or hardware. Check them out in our Tech Tutorials Hub.
How to use Windows 10 Pktmon

Windows 10 Packet Monitor or Pktmon is a real-time monitoring tool that was included in the Windows 10 October 2018 Update. Its description from Command Prompt calls it an Advanced packet capture and event collection but its more common description would be a package sniffer.

How can I use Packet Monitor in Windows 10?

To run the Packet Monitor, first, you need to open a Command Prompt Window.

1. Press Ctrl + R to open Run and type cmd, then hit Enter or click the OK button.

How to run command Prompt

2. While in Command prompt, type pktmon.exe and hit Enter.

How to use the Packet Monitor in Windows 10

3. You will see a list of possible commands. If you’re not familiar with them, you can use the help command. Type pktmon name of the command help. For example, the pktmon start help will show you the whole description of the command like in the picture below.

pktmon start help command window

Some useful Pktmon command lines

1. To filter a port for packages, you can use the pktmon filter add -p [port] command for each port you want to monitor. For instance, pktmon filter add -p 80 will filter the 80 port.

2. To start monitoring packages type pktmon start –etw -m real-time.

3. to stop the monitoring type pktmon stop.

After you stopped monitoring, the report has been stored in the PktMon.etl file. To read that, you either download and install the Microsoft Network Monitor, or you can transform that into a text file.

To do that, type pktmon format PktMon.etl -o reportlog.txt.

Please leave us your comments in the section below.

[wl_navigator]

More about the topics: Monitoring Software

User forum

0 messages