Looking to capture Windows network traffic without Wireshark, if so you can use "netsh" to complete this action and if you have captured a network trace with this command below:
netsh trace start capture=yes tracefile=C:\temp\NetworkTrace.etl maxsize=6024 report=no
This will output a ETL file which is not compatible with Wireshark but can be read natively in Windows with the correct commands, the file will available when you stop the network trace with the command:
netsh trace stop
This should as an example look like this when the capture and process is complete and the file is ready:
Next, from the same command prompt use this command:
netmon
This will start the Microsoft Network Monitor that will look like this:
We then need to navigate to File > Open > Capture as below:
We then need to navigate to File > Open > Capture as below:
This will then open the "etl" file as we can see below, but this will not look very helpful for now, as below you can see "netevents" and other data about the packets but not really a Wireshark view:
Then we need to choose Tools > Options then choose Parser Profile from those options, then click Windows and then choose "Set as Active"
When this is applied it may take a couple of seconds but when its complete and you visit the network trace again you will notice a "Wireshark" style interface where you can now see the data in the packets with the "Source" and "Destination" and other variables which should look more familiar.
Then we need to choose Tools > Options then choose Parser Profile from those options, then click Windows and then choose "Set as Active"
When this is applied it may take a couple of seconds but when its complete and you visit the network trace again you will notice a "Wireshark" style interface where you can now see the data in the packets with the "Source" and "Destination" and other variables which should look more familiar.