Capturing Packets without Wireshark

If you want to capture network packets on a Windows machine, but can't install Wireshark for some reason, there is an alternative. [more]

Use "netsh trace" to capture packets.  This creates a Microsoft proprietary format ".etl" file. The only tool to covert to regular PCAP format is the Microsoft Message Analyzer.  Download from https://www.microsoft.com/en-us/download/details.aspx?id=44226

For more details see https://isc.sans.edu/diary/19409 and https://technet.microsoft.com/en-us/library/dd878517

Networking Wireshark Packet Capture