MC91021636214.png

Network trace without NetMon, wireShark, etc… Part 2

MC91021636214As I told you in the previous episode, there is more than just capturing without installing any software. Much more, actually. There is a .cab file which contains many files: 33 to be accurate (at least in my case). The files contain the heck of information about the computer’s networking configuration as well as logs. Let’s take a look at those files:

 

1) adapterinfo.txt: contains info about your NICs’ drivers:

image

How can this be useful? Easily, say, you see the driver for a physical NIC which was issued 5 years ago: why not to upgrade it first? Anyway, this can give you the starting point for troubleshooting.

2) dns.txt: this one contains the output for ipconfig /displaydns command which gives us the content of the DNS client cache

image

3) envinfo.txt: all you want and even more about the wireless network. Drivers with supported authentication and cipher options, interfaces and their state, hosted networks, WLAN settings, profiles and more and more…

image

4) filesharing.txt: nbtstat –n, nbtstat –c, net config rdr, net config srv, net share

image

5) gpresult.txt: no comments

6) neighbors.txt: arp –a, netsh interface ipv6 show neighbors (yeah, calling netsh from netsh… inception… ;) )

7) netiostate.txt: in my case there were Terede settings

image

8) osinfo.txt: at first it looks like systeminfo output, but actually it is somewhat different, yet can prove useful.

image

9) Report.etl: trace log file. I haven’t yet took a look into it. Probably it can be good for a deep troubleshooting

10) wcninfo.txt: wireless computer network information. Services status, files information and again interfaces info, ipconfig, and more…

image

11) wfpfilters.xml: I haven’t yet undertook a close investigation on the file, but seems like the file contains firewall rules in XML format

12) windowsfirewallconfig.txt: config for the firewall. Is it turned on, global settings and all that stuff

13) several other files, which contain various event logs related to networking, registry keys dumps and other info

image

14) Report.html: an .html file which contains links to the files above

image

Well, that’s it. Actually, while troubleshooting some incidents I was forced to request some info several time, just because I didn’t know what exactly I was going to need and I didn’t want to frustrate users with many commands or sending them a .bat file. Now I can give them only two commands and voila! I love it, really. IMHO this ability is just awesome even without taking network traffic capture, so I strongly advise to remember it!

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s