![]() ![]() Another item to note is that "netsh trace" is a command-line tool and the other three each have command-line alternatives for network captures. ![]() In many environments where change control is strict and the necessary software hasn't already been installed, this often makes it the only option. It does require an elevated command prompt to run, but nothing beyond that. Right off the bat, it should become apparent from the above table that one of these options - netsh trace – has one benefit over the others as it is ready to go without any further installation. ![]() ***Network Monitor is currently the only supported tool to install on an Advanced Threat Analytics server. Network Monitor can capture a chained set of files, but will not overwrite old files and can only be done via command line. **Wireshark can capture X files of Y size and roll as needed. client and server) using a single client. *MMA gives you the ability to setup and collect captures from multiple systems (e.g. MMA (Netmon or Wireshark if saved in CAP format)Ībility to capture a rolling set of files** Netmon or MMA (MMA can save in CAP format) Wireshark, MMA or Netmon (when traced saved in tcpdump format)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |