Pktmon support for Microsoft Network Monitor (Netmon)

• Odnosi se na:

  ✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016, ✅ Windows 11, ✅ Windows 10, ✅ Azure Stack HCI, versions 23H2 and 22H2

Packet Monitor (Pktmon) generates logs in ETL format. These logs can be analyzed using Microsoft Network Monitor (Netmon) by using special parsers. This topic explains how to analyze Packet Monitor-generated ETL files within Netmon.

Network Monitor setup and configuration

Follow these steps to install and configure Netmon to parse Packet Monitor-generated ETL files:

1. Install Network Monitor 3.4.
2. Start Network Monitor elevated and set Windows as Active parser profile at (Tools / Options / Parser Profiles).
3. Copy etl_Microsoft-Windows-PktMon-Events.npl from here to "%PROGRAMDATA%\Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Windows"
4. Copy stub_etl_Microsoft-Windows-PktMon-Events.npl from here to "%PROGRAMDATA%\Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Windows\Stubs"
5. Rename stub_etl_Microsoft-Windows-PktMon-Events.npl to etl_Microsoft-Windows-PktMon-Events.npl
6. Include etl_Microsoft-Windows-PktMon-Events.npl into NetworkMonitor_Parsers_sparser.npl at "%PROGRAMDATA%\Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers"
7. Restart Network Monitor elevated for rebuilding the parsers.