none
Unable to Utilize Message Analyzer Via PowerShell RRS feed

  • Question

  • Hi Everyone,

    I've been attempting to capture traffic by invoking this tool via PowerShell but for whatever reason it is not generating .matu output file. Can someone please let me know what am I doing wrong?

    $TraceSessionA = New-PefTraceSession -Mode Linear

    #Establish Triggers
    $Trigger01 = New-PefTimeSpanTrigger -TimeSpan (New-TimeSpan -Seconds 60)
    $Trigger02 = New-PefDateTimeTrigger -DateTime "1/12/2018 9:35 AM"
    $Trigger03 = New-PefDateTimeTrigger -DateTime "1/12/2018 9:40 AM"

    <#Windows 2012 or earlier
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-PEF-NDIS-PacketCapture"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-L2NACP"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-Wired-AutoConfig"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-EapHost"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-OneX"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-NDIS"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-SMBClient"
    #>

    #Windows 2012 R2 or later
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-NDIS-PacketCapture"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-L2NACP"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-Wired-AutoConfig"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-EapHost"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-OneX"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-NDIS"
    Add-PefMessageSource -PEFSession $TraceSessionA -Source "Microsoft-Windows-SMBClient"

    #Set Filters
    #Set-PefTraceFilter -PEFSession $TraceSessionA -Filter "IPv4.Destinaton contains BLOB AND SMB2.Summary contains NOT_FOUND OR SMB.Summary contains NOT_FOUND" -Trigger $Trigger01
    #Add Trigger to Stop Cmdlet
    Stop-PefTraceSession -PEFSession $TraceSessionA -Trigger $Trigger03  

    #Add Trigger to Save Cmdlet
    Save-PefDataCollection -PEFSession $TraceSessionA -Path "C:\Temp\MessageAnalyzer\TraceSessionA\TraceSessionA.matu" -Force -Trigger $Trigger03  

    #Initiate Capture
    Start-PefTraceSession -PEFSession $TraceSessionA -Trigger $Trigger02

    Note, I commented out the Set-PefTraceFilter because I wanted to confirm it's capturing some data at least. Also for Trigger 2 and 3 you would adjust them accordingly.



    • Edited by mh73024p Friday, January 12, 2018 2:40 PM Adjust greeting.
    Friday, January 12, 2018 2:39 PM