Analizar una captura de una traza de red | Operating systems, scripting, PowerShell and security

Logs, Red

Para realizar una captura de una traza de red es necesario ser administrador y ejecutar el comando

netsh trace start persistent=yes capture=yes tracefile=c:\fichero.etl

1	netsh trace start persistent=yes capture=yes tracefile=c:\fichero.etl

Pasado un tiempo se para con el comando

netsh trace stop

1	netsh trace stop

Y se obtienen los siguientes ficheros:

adapterinfo.txt
allcred.reg.txt
allcredfilter.reg.txt
apiperm.reg.txt
application_export.evtx
application_export_3082.mta
battery-report.html
createbindingmap.log
dispdiag_start.dat
dispdiag_stop.dat
dns.txt
dxdiag.txt
envinfo.txt
filesharing.txt
gpresult.txt
hklmwlansvc.reg.txt
homegrouplistener.reg
homegroupprovider.reg
hotfixinfo.log
neighbors.txt
netevents.xml
neteventslog.txt
netiostate.txt
networkprofiles.reg.txt
notif.reg.txt
osinfo.txt
policymanager.reg
powershellinfo.log
processes.txt
report.etl
report.html
scm.evm.1
scm.evm.2
scm.evm.3
serviceinfo.log
sysports.xml
sysportslog.txt
system_export.evtx
system_export_3082.mta
vmswitchlog.evtx
vmswitchlog_3082.mta
wcmlog.evtx
wcmlog_3082.mta
wcninfo.txt
wfpfilters.xml
wfplog.log
wfpstate.xml
wfpstatelog.txt
windowsfirewallconfig.txt
windowsfirewallconseclog.evtx
windowsfirewallconseclogverbose.evtx
windowsfirewallconseclogverbose_3082.mta
windowsfirewallconseclog_3082.mta
windowsfirewalleffectiverules.txt
windowsfirewalllog.evtx
windowsfirewalllogverbose.evtx
windowsfirewalllogverbose_3082.mta
windowsfirewalllog_3082.mta
windows_panther_setupact.log
windows_panther_setuperr.log
winsock.log
winsockcatalog.txt
wlan-report-2017-05-06.html
wlan-report-latest.cab
wlan-report-latest.html
wlan-report-latest.xml
wlanautoconfiglog.evtx
wlanautoconfiglog_3082.mta
wlaninfo.txt
wwanlog.evtx
wwanlog_3082.mta

adapterinfo.txt

allcred.reg.txt

allcredfilter.reg.txt

apiperm.reg.txt

application_export.evtx

application_export_3082.mta

battery-report.html

createbindingmap.log

dispdiag_start.dat

dispdiag_stop.dat

dns.txt

dxdiag.txt

envinfo.txt

filesharing.txt

gpresult.txt

hklmwlansvc.reg.txt

homegrouplistener.reg

homegroupprovider.reg

hotfixinfo.log

neighbors.txt

netevents.xml

neteventslog.txt

netiostate.txt

networkprofiles.reg.txt

notif.reg.txt

osinfo.txt

policymanager.reg

powershellinfo.log

processes.txt

report.etl

report.html

scm.evm.1

scm.evm.2

scm.evm.3

serviceinfo.log

sysports.xml

sysportslog.txt

system_export.evtx

system_export_3082.mta

vmswitchlog.evtx

vmswitchlog_3082.mta

wcmlog.evtx

wcmlog_3082.mta

wcninfo.txt

wfpfilters.xml

wfplog.log

wfpstate.xml

wfpstatelog.txt

windowsfirewallconfig.txt

windowsfirewallconseclog.evtx

windowsfirewallconseclogverbose.evtx

windowsfirewallconseclogverbose_3082.mta

windowsfirewallconseclog_3082.mta

windowsfirewalleffectiverules.txt

windowsfirewalllog.evtx

windowsfirewalllogverbose.evtx

windowsfirewalllogverbose_3082.mta

windowsfirewalllog_3082.mta

windows_panther_setupact.log

windows_panther_setuperr.log

winsock.log

winsockcatalog.txt

wlan-report-2017-05-06.html

wlan-report-latest.cab

wlan-report-latest.html

wlan-report-latest.xml

wlanautoconfiglog.evtx

wlanautoconfiglog_3082.mta

wlaninfo.txt

wwanlog.evtx

wwanlog_3082.mta

Analizar una captura de una traza de red (Red, Logs)

LIBRO DE POWERSHELL

LO ÚLTIMO

VÍDEOS