none
Only 10 minutes' worth of data from netsh

    Question

  • Hopefully this is the right forum to ask this question about netsh. Running netsh on a Windows 2012 R2 server with the following command:

    netsh trace start capture=yes Ethernet.type=!(IPv6) tracefile=c:\temp\Capture_Test.etl maxSize=1024 overwrite=no report=no

    We let this run from 5-7PM (2 hrs) but the resulting etl file only has data from about the first 10-12 minutes.  Known issue?  Bad syntax in the command?

    Hmmm.  Just had a thought.....we are starting the command from an RDP session.  Could it be that disconnecting from RDP ends the capture?

    Wednesday, May 18, 2016 1:12 AM

All replies

  • RDP session ending could be related, if you signed out.  You could see if the session is stilling running after you reconnect to the RDP session.

    Otherwise I'm not sure why you would see the first 10-12 minutes.  Circular capture default should capture the last 10-12 minutes.

    Paul

    Wednesday, May 18, 2016 1:57 PM
  • HI Paul

    Thank you so much for the feedback. Turns out we are not logging off the RDP session while the capture is running so I guess so much for that theory.  The resulting ETL file was about 280 meg so nowhere close to the max file size.  Fortunately my customer has a support contract with Microsoft so they're working it from that angle.  If you (or anyone else) think of other ideas, I'm all ears.

    Wednesday, May 18, 2016 3:22 PM
  • I'm curious to know, did you ever determine why you weren't seeing all the data?

    Paul

    Thursday, June 23, 2016 3:37 PM