• m reading through the discussion in https://github.com/getsentry/sentry-swift/issues/10, but is there a way to attach a human readable stack trace to an Event or Message? <p>Something that will give ...
  • Network trace without NetMon, WireShark, etc…http://msmvps.com/blogs/it-is-etc/archive/2011/06.aspx It is often necessary to capture and analyze some network traffic to troubleshoot a problem....

    Network trace without NetMon, WireShark, etc…



     It is often necessary to capture and analyze some network traffic to troubleshoot a problem. Usually, it requires to install some software package similar to several stated in the subject to this article. It’s ok, when the computer in question is, say, your laptop, or its user is at least advanced user, has administrative permissions and it is permitted by a security policy to install some new software. But what if it is not the case? A user is some sales manager who don’t want to spend their time installing anything? Or this is a server, where you cannot change anything?

    To cut a long story short, recently I’ve run into a totally awesome blogpost, where among other truly interesting things (the blog is in the top 5 of my most favorite, if not the most interesting, BTW) there was a solution for such a situation.

    In short, you don’t have to install, say, Network Monitor onto a Windows7/2008 R2 box to get network capture. It can be done with the built-in tool, that is netsh. You still need

    1) to be a local admin on the computer you are tracing

    2) NetMon to analyze the package you receive after the capture is complete. But you can do it on any computer you wish.

    How does it work? Just excellent ;)

    1) Start the trace

    netsh trace start capture=yes tracefile=<PathToFile>


    2) Then reproduce the problem. I started my chrome (to much open tabs in IE ;) ) and went to www.microsoft.com.

    3) Then stop the trace:

    netsh trace stop


    Please notice, that the trace created two files: .etl and .cab. The ETL one is where our network trace is placed. The second… It makes the method even more awesome, but I will dedicate the next blog post to it.

    4) Open the trace on any computer where you have Network Monitor installed:


    Oops… What’s with parsers? If we take a closer look at the interface we’ll see the following:

    Process: Windows stub parser: Requires full Common parsers. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading these parser sets.

    Well, some parsers are definitely not turned on. Let’s do it now, it’s easy (I have NetMon 3.4). Go to tools->options


    Look at Parser Profiles tab:


    and turn on the Windows profile by right clicking it and selecting Set As Active option:


    That’s what we were looking for:


    5) Now do all the NetMon stuff, for example I was looking for Chrome activity and, say, I need to look at DNS requests:


    Isn’t that great? No, it is simply awesome, because we haven’t yet take a look at .cab file, which contains tons of useful info. But we’ll do it in the next article.

    Published Mon, Jun 20 2011 13:34 by KomatoZo


    # re: Network trace without NetMon, WireShark, etc…

    Friday, September 16, 2011 4:28 AM by Mike Guest


    Very interesting post. Exactly what I was looking for. Many thanks

    I'm having an issue that it looks like you know how to solve. Between the two netmon screenshots on your blog, you enter a filter of "utprocessname.contains ("chrome")" - however, also between those 2 screenshots, it appears that the source and destination columns become populated. I'm stuck with completely unpopulated columns and so can't track which systems my app is communicating with - any idea how I can recover that info?

    # re: Network trace without NetMon, WireShark, etc…

    Friday, September 16, 2011 4:45 AM by KomatoZo

    Well... I did exactly what I wrote here. But I'll try it again soon, probably I left somthing out.

    # re: Network trace without NetMon, WireShark, etc…

    Tuesday, January 17, 2012 4:42 AM by Alexandre Augagneur

    If the source and destination columns are not populated it's probably because the option capture=yes was not precised.

     As I told you in the previous episode, there is more than just capturing without installing any software. Much more, actually. There is a .cab file which contains many files: 33 to be accurate (at least in my case). The files contain the heck of information about the computer’s networking configuration as well as logs. Let’s take a look at those files:


    1) adapterinfo.txt: contains info about your NICs’ drivers:


    How can this be useful? Easily, say, you see the driver for a physical NIC which was issued 5 years ago: why not to upgrade it first? Anyway, this can give you the starting point for troubleshooting.

    2) dns.txt: this one contains the output for ipconfig /displaydns command which gives us the content of the DNS client cache


    3) envinfo.txt: all you want and even more about the wireless network. Drivers with supported authentication and cipher options, interfaces and their state, hosted networks, WLAN settings, profiles and more and more…


    4) filesharing.txt: nbtstat –n, nbtstat –c, net config rdr, net config srv, net share


    5) gpresult.txt: no comments

    6) neighbors.txt: arp –a, netsh interface ipv6 show neighbors (yeah, calling netsh from netsh… inception… ;) )

    7) netiostate.txt: in my case there were Terede settings


    8) osinfo.txt: at first it looks like systeminfo output, but actually it is somewhat different, yet can prove useful.


    9) Report.etl: trace log file. I haven’t yet took a look into it. Probably it can be good for a deep troubleshooting

    10) wcninfo.txt: wireless computer network information. Services status, files information and again interfaces info, ipconfig, and more…


    11) wfpfilters.xml: I haven’t yet undertook a close investigation on the file, but seems like the file contains firewall rules in XML format

    12) windowsfirewallconfig.txt: config for the firewall. Is it turned on, global settings and all that stuff

    13) several other files, which contain various event logs related to networking, registry keys dumps and other info


    14) Report.html: an .html file which contains links to the files above


    Well, that’s it. Actually, while troubleshooting some incidents I was forced to request some info several time, just because I didn’t know what exactly I was going to need and I didn’t want to frustrate users with many commands or sending them a .bat file. Now I can give them only two commands and voila! I love it, really. IMHO this ability is just awesome even without taking network traffic capture, so I strongly advise to remember it!

  • <div><p>[merge]</p><p>该提问来源于开源项目:openshift/origin-server</p></div>
  • <p>This would allow applications using stacktrace.js to continue working as well as possible if a situation like this comes up. </p><p>该提问来源于开源项目:stacktracejs/error-stack-parser</p></...
  • Database (Mariadb) disconnected without trace. Tried to run for 24 hours and found there is something wrong with the database connection. Check the log and found the followings. The db is running well...
  • killed without trace back

    2020-12-28 11:52:59
    <div><p>Hello! <p>When using the framework, I encountered the following problem: This process was automatically killed, and the error report did not provide effective information, so I hope you can ...
  • t seem to be anyway to enable <code>TRACE</code> logging without recompiling. <p>Is that correct? (the docs also says accepted values are just <code>VERSION, <code>WARN</code> and <code>INFO). <p>cc:...
  • <div><p>All of us know how clear and open is a baritone user, so i have a suggestion for the goals. My suggestion is a command or a parameter that the baritone will show you the path but dont walk, ...
  • <div><p>This makes sure when we parse bad data, we can log, but don't do things expensive in the mean time. This does so by inlining parsing. <p>Fixes #625</p><p>该提问来源于开源项目:...
  • <div><p>I have just tried to push my submission, however, soon (411.10 sec) I’ve got <code>"Submission Status: failed"</code>. It seems that log files (stderr and stdout, as well as, results)...
  • - <code>TracingChannelInterceptor, where the <code>beforeHandle</code> method is starting a consumer span without a name. - <code>TraceLoadBalancerFeignClient, where the started <code>fallbackSpan...
  • <div><p>I just tried the latest UI and saw this <p><img alt="image" src="https://img-blog.csdnimg.cn/img_convert/a72f2b3dd4a82833a811bebc1410c810.png" /></p><p>该提问...jaegertracing/jaeger-ui</p></div>
  • When I try to run <code>pcluster update --config config.test ClusterName, I get to the point where I see <code>UPDATE_ROLLBACK_IN_PROGRESS</code> and the script exists without any useful info as to ...



1 2 3 4 5 ... 20
收藏数 9,624
精华内容 3,849