Windows 10 includes the included package analysis software |
Microsoft added new software to Windows 10 to scan the network or so-called sniffing via an update (Windows 10, October 2018). No one has noticed since the release that the program could be at the next level. Monitor the network activity that crosses the computer: independent packaging.
Network administrators can use this program to diagnose network problems, understand the types of programs used on the network, even hear network conversations sent in plain text, and monitor and recover all data packets that pass through the network. Especially.
This process identifies and records various restricted information, especially passwords required to access files or the network.
When Linux users use the tcpdump tool to analyze network packets, Windows users must install external programs such as (Microsoft Network Monitor) and (Wireshark) to perform such tasks.
After Microsoft released the update (Windows 10, 2018), Windows 10 changed this mode by adding a new network diagnostics and packet monitoring software (pktmon).
The program can be accessed via the path (C: \ Windows \ system32 \ pktmon.exe), which is described as monitoring and reporting on the distribution of internal data packets. This indicates that the program is designed to diagnose network problems.
Similar to Windows Operating System Commands (Netsh Tracking), the new software can be used to perform a full scan of data packets sent over the computer. Microsoft briefly introduced the program through a publication to demonstrate the ability of DNS tests over HTTPS.
The program includes a comprehensive support system that can be used for writing (pktmon [command] help). For example, when you type a command (pktmon filter help), you get a help screen for a filter command.
With the next Windows 10 update on May 10, 2020 (also known as Windows 10 2004), Microsoft has updated Pktmon software so that users can view and convert real-time monitoring packages into ETAP files in PCAPNG format.
In this way, recorded data packets can be displayed directly on the screen. Meanwhile, it can be saved in ETL file and ETL file can be converted to PCAPNG format so it can be used in program, for example b (Wireshark).