只想捕获数据包 - 而不是Windows_Kernel_Trace [英] Just want to capture packets - not Windows_Kernel_Trace

问题描述

所以，这很令人尴尬;我应该在这方面有点专业。  一直在使用NetMon& Wireshark多年。安装了MMA 1.4，启动了本地网络接口（8.1及更高版本），网格有900个Windows_Kernel_Traces& 200个实际的
网络数据包。  有没有办法让网络流量获得类似NetMon的结果？

So, this is embarrassing; I am supposed to be somewhat of a professional at this.  Been using NetMon & Wireshark for years. Installed MMA 1.4, started Local Network Interfaces (8.1 & later) and grid has 900 Windows_Kernel_Traces & 200 actual network packets.  Is there a way to get NetMon-like results of just network traffic?

搜索论坛中的Windows_Kernel_Trace。  找到"升级到Windows 10，Message Analyzer似乎没有捕获任何流量"线程，但我
我 捕获流量，所以这似乎不适用。

Searched the forum for Windows_Kernel_Trace.  Found the "Upgraded to Windows 10, Message Analyzer doesn't seem to be capturing any traffic" thread, but I am capturing traffic, so this does not seem to apply.

提前致谢。

推荐答案

包含Windows内核跟踪流量，因为它包含流程信息，因此我们可以提供友好的名字。也许最简单的方法就是通过执行来过滤掉这些事件！Windows_Kernel_Trace，然后剩下的就是网络相关的
流量。 但是，请记住，Message Analyzer会显示压缩的数据视图。 如果要查看所有单个片段（如网络监视器），可以使用"展平消息"按钮。 您可能希望在http://aka.ms/mavideos上查看Message
Analyzer的简化视图视频，其中详细介绍了扁平化消息以及为何存在差异。

The Windows Kernel Traces traffic is included because it contains process information so we can provide friendly names. Maybe the easiest thing to do is to filter out those events by doing !Windows_Kernel_Trace, then all that remains is the network related traffic.  However, keep in mind that Message Analyzer shows a compressed view of the data.  If you want to see all the individual fragments, like Network Monitor does, you can use the Flatten Message button.  You might want to view the Message Analyzer's Simplified View video on http://aka.ms/mavideos, which explain a little more about flattening messages and why there are differences.

谢谢。

Paul

这篇关于只想捕获数据包 - 而不是Windows_Kernel_Trace的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！