How to use Windows 10 Packet Monitor tool Pktmon

How to

Reading time icon 2 min. read

Calendar icon Updated on

by Claudiu Andone 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Windows 10 Packet Monitor or Pktmon is a real-time monitoring tool that was included in the Windows 10 October 2018 Update.
  • Its description from Command Prompt calls it an Advanced packet capture and event collection but its more common description would be a package sniffer.
  • If you need to know more about Windows 10 tools, the place to start would be our Windows 10 Tools section.
  • We've got plenty of guides about software or hardware. Check them out in our Tech Tutorials Hub.
How to use Windows 10 Pktmon

Windows 10 Packet Monitor or Pktmon is a real-time monitoring tool that was included in the Windows 10 October 2018 Update. Its description from Command Prompt calls it an Advanced packet capture and event collection but its more common description would be a package sniffer.

How can I use Packet Monitor in Windows 10?

To run the Packet Monitor, first, you need to open a Command Prompt Window.

1. Press Ctrl + R to open Run and type cmd, then hit Enter or click the OK button.

How to run command Prompt

2. While in Command prompt, type pktmon.exe and hit Enter.

How to use the Packet Monitor in Windows 10

3. You will see a list of possible commands. If you’re not familiar with them, you can use the help command. Type pktmon name of the command help. For example, the pktmon start help will show you the whole description of the command like in the picture below.

pktmon start help command window

Some useful Pktmon command lines

1. To filter a port for packages, you can use the pktmon filter add -p [port] command for each port you want to monitor. For instance, pktmon filter add -p 80 will filter the 80 port.

2. To start monitoring packages type pktmon start –etw -m real-time.

3. to stop the monitoring type pktmon stop.

After you stopped monitoring, the report has been stored in the PktMon.etl file. To read that, you either download and install the Microsoft Network Monitor, or you can transform that into a text file.

To do that, type pktmon format PktMon.etl -o reportlog.txt.

Please leave us your comments in the section below.

[wl_navigator]

More about the topics: Monitoring Software

Claudiu Andone

Claudiu Andone Shield

Windows Toubleshooting Expert

Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home Computer as a kid. However, his passion for Windows and everything related became obvious when he became a sys admin in a computer science high school. With 14 years of experience in writing about everything there is to know about science and technology, Claudiu also likes rock music, chilling in the garden, and Star Wars. May the force be with you, always!