- (A) Use "netsh trace" command
- pros: You can use it in isolated network.
- cons: You should convert the captured file with Microsoft Message Analyzer if you want to see packets with Wireshark. (You can also view the packets with Microsoft Message Analyzer)
- cons: Microsoft Message Analyzer will intercept all the packets to your machine (even if you haven't expressly run Message Analyzer!), and it will throw away large packets. So it will make the network unstable.
- cons: It doesn't support promiscuous mode.
- (B) Use raw-socket-sniffer
- pros: You can get .cap file for Wireshark directly.
- cons: You should store .ps1 file in the target machine.
- cons: It doesn't support promiscuous mode.
