Skip to main content
All CollectionsKnowledge BaseEnterprise WorkloadsHow To - Enterprise Workloads
How to collect Circular and Chain network captures on Windows
How to collect Circular and Chain network captures on Windows
Updated over 7 months ago

This article applies to:

  • OS: Windows

  • Product edition: Phoenix

Overview

This article describes the procedure to collect circular and chain network trace on a Windows machine to troubleshoot Phoenix network related issues.

Definitions:

  • Circular: A captured file which overwrites after it reaches a predefined size.

  • Chain: A capture where multiple files are created in a sequential manner after it reaches a predefined size.

Circular network capture

  1. Create a temporary directory to store the captured file. For example E:\DruvaLogs.

  2. Run the below command in an elevated command prompt.
    netsh trace start capture=yes tracefile=C:\DruvaLogs\000capture.etl maxsize=1024 filemode=circular overwrite=yes report=no
    In the above command:

    • E:\DruvaLogs is the directory which will be used to save the captured file

    • 000capture.etl is the name of the trace file

    • maxsize=1024 defines that the capture will start overwriting the oldest packets once it reaches 1024 MB. This value can be changed. The file will never grow beyond 1024 MB in this scenario

  3. Stop the trace with the following command:
    netsh trace stop

  4. Send the C:\DruvaLogs directory to Druva for analysis.

Chain network capture

  1. Create a temporary directory to store the captured file. For example C:\DruvaLogs.

  2. Install Microsoft Network Monitor tool from the below link. (Select complete installation during the setup.)
    https://www.microsoft.com/en-us/download/4865

  3. Run the below command in an elevated command prompt.
    NMCap /network * /capture /file E:\DruvaLogs\capture.chn:1M
    In the above command:

    • E:\DruvaLogs is the directory which will be used to save the captured file

    • Capture is the name of the file which will be generated.

    • 1M signifies that after creating 1 MB of captured file, another file will be created with incremental number. Like, capture.cap, capture(1).cap, capture(2).cap and so on. Each file will be of 1 MB in size.

    • Note: Do not remove the string “chn” from the above command. This is necessary to add the incremental numbers in the name of each file.

  4. Stop the trace by pressing Ctrl+C.

  5. Send the E:\DruvaLogs directory to Druva for analysis.

Did this answer your question?