Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Orion Platform > Orion - Knowledgebase Articles > How to capture packets from a specific IP address without Wireshark

How to capture packets from a specific IP address without Wireshark

Updated January 23, 2018


This article explains how to capture a packet from a specific IP address when the customer is not running Wireshark in their corporate enterprise. 


  • Windows 7
  • Windows Server 2008 and higher


1. Start the trace


netsh trace start capture=yes IPv4.Address= $device_ip  tracefile=c:\temp\nettrace-boot.etl

where tracefile=c:\temp\nettrace-boot.etl is the location of the trace output. You can update this path to any valid path you choose. 

2. Stop the trace


netsh trace stop

3. Examine the results

When the trace is completed, ask the customer to send you the file. 

When you receive the file, examine the package using Microsoft Message Analyzer. (© 2018 Microsoft Corporation, available at, obtained on January 23, 2018)



Last modified



Internal Use Only