Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, August 17, 2017 7:15 PM
I started NetSh but there's no process listed in the Task manager which can confirm whether or not it is running
Regards, -JP
All replies (2)
Friday, August 18, 2017 1:02 PM âś…Answered
Hi Brian,
Thank you for your suggestion.
I am using Windows 7 and was using NetSh to record a trace of the network activity. The command that I ran before closing the command line was:
netsh trace start capture=yes packettruncatebytes=512 tracefile=%systemdrive%\NetworkLogs\computername%_nettrace.etl maxsize=250 filemode=circular overwrite=yes report=no persistent=yes
When I look at my Task Manager, I really don't see any process named "NetSh.exe"; I made sure that "Show processes from all users" was checked.
By looking further in the command line help of "netsh" I came across what I was looking! If you type in:
netsh trace show status
It shows that NetSh is still running the trace (Status: Running)
Regards, -JP
Thursday, August 17, 2017 8:06 PM
Look more closely; it is named NetSh.exe and shows up in the Details tab of TaskMgr
-Brian
Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog