Capturing network traffic on Xbox One Dev Kits
Use this topic to understand how to use network packet capture on an Xbox One Dev Kit. While debugging your Microsoft Game Development Kit (GDK) title, you might want to analyze the network traffic coming to and from your Xbox One Dev Kit. Fiddler is a popular tool for monitoring HTTP, HTTPS, and WebSocket traffic. However, Fiddler doesn't capture other kinds of network traffic. To capture a trace of all network packet traffic to and from an Xbox One Dev Kit, you can first use the network-trace-capture functionality that's described in this topic and then analyze that traffic by using powerful tools.
Captured content is in the "on-the-wire" state. This includes Transport Layer Security (TLS) encryption for HTTPS traffic and any encryption that you're using for sockets. This makes direct analysis of any encrypted content impossible. Keep in mind that any unexpected traffic, the size or frequency of the packets, and the endpoints of unexpected communication flows are often enough to find an issue with networking code. To debug a networking issue, it's not always necessary to inspect the packet content.
To see the message content while you're debugging, temporarily disable your encryption for the traffic whose content you want to inspect.
A network capture can also be used to identify any traffic that is accidentally left unencrypted and unprotected.
Capturing network packets
To activate and deactivate network traffic captures, use the Trace (xbtrace.exe) (NDA topic)Authorization required tool.
Start a network capture
To start a network capture, use the xbtrace start netcap
command. This initiates a network capture on the default console.
To start tracing on a console other than the default console, use the /X:
argument.
Stop a network capture
To stop a network capture, use xbtrace stop
. By default, the capture is saved as xbtrace.etl in the current directory. To save to a different location or file name, provide the path and file name after stop
. For example, xbtrace stop c:\temp\sample.etl
saves the trace file as c:\temp\sample.etl. If you specify an existing file name, xbtrace
provides an informative message and the trace continues to run.
Note
On-console trace data isn't lost when you specify an existing file name. There's currently no way to overwrite an existing trace file. You must delete the existing file or specify a different file name for the new trace.
To stop capturing on a console that isn't the default console, use the /X
argument to specify a console address.
Using network capture data
The following tools can open a raw network captures. Choose a tool according to your preferences.
Use Microsoft Message Analyzer (MMA) to open etl network captures and view network events. Analyze the captured file directly in MMA. You can also use MMA to save the captured packet data as a PCAP file, which you can then open for analysis in other tools, such as Fiddler or Wireshark.
Note
Microsoft Message Analyzer is archived and no longer maintained.
Use Network Monitor (netmon) to open a network capture etl file and view packets. To fully parse all network events, set the 'Windows Parser Profile' under Tools > Options > Parser Profiles. Analyze the captured, raw network events directly in netmon.