Can you advise me a network traffic logger for Windows 2008 R2? It expected to be executed as service and gather simple data "source ip/port, dest ip/port, packets size". I have tried to use ETW Tracing with Winsock AFD provider, but it produces enormous size of data, dropping a lot of packets and its hard to analyze resulting ETL log files.
Windows 2008 R2 network traffic logging
loggingnetwork-trafficwindowswindows-server-2008
Best Answer
Wireshark can be launched from the command line. Then you just create a scheduled task that will start it on boot.
Command lines arguments for wireshark: http://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
Else you could also do port mirroring from the switch on another port to collect data.
Depending on how the network traffic is done, you could use process monitor from Sysinternals. It can log activity since boot directly (option in tools). Network traffic is logged if using windows api. Be sure to "drop filtered entry" and to only log network.
When you will launch again the tool, it will detect it and ask for retrieving the logged entries.