NetworkPacketCapture.md

title	author	ms.author	ms.date	ms.topic	description	keywords
Network packet capture	saraclay	saclayt	08/28/2017	article	Learn how to use Microsoft Message Analyzer to enable network packet capture	windows iot, network packet, network packet capture, Microsoft Message Analyzer, PowerShell

Network packet capture

You can use Microsoft Message Analyzer to capture, display, and analyze protocol messaging traffic on your Windows 10 IoT Core device.

Prerequisites

Working PowerShell Connection (Step 1 to 8 described at PowerShell.

Set up your device

In order to connect to your device using Message Analyzer, you need to first rename your device. This can be done through SSH or PowerShell using the setcomputername command.

After you rename your device, reboot the device to apply the name change.

Turn off the firewall

Connect to your device using PowerShell or SSH and run the following command to disable the firewall.

netsh advfirewall set allprofiles state off

Connect to your device using Message Analyzer

Now that your device is set up, let's connect to it using Microsoft Message Analyzer.

1. Download the Microsoft Message Analyzer.

2. Open Message Analyzer.

3. Click on New Session.

   

4. In the window that opens, click on the Live Trace button.

5. Click on the Edit... button.

6. Replace Localhost with the name of your IoT device, and enter the administrator user name and password. Then click OK.

7. Click on the Select a trace scenario dropdown and select Local Network Interfaces.

8. Click the Start button.

9. You should start to see the messages going through the network interfaces on your device.

10. After you start the trace through Message Analyzer, you can also view the ETW messages from the packet capture driver in your device's web interface. To do this, go to the ETW tab of the web interface, select Microsoft-Windows-NDIS-PacketCapture from the Registered providers dropdown menu and click the Enable button.