Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hands On With Windows 10’s Built-In Pktmon Network Monitor

Hands On With Windows 10’s Built-In Pktmon Network Monitor

With the Windows 10 October 2018 update release, Microsoft had quietly added a built-in command-line network packet sniffer called Pktmon to Windows 10. Since then, Microsoft has added a few more features to the tool that make it much easier to use.

A packet monitor, or network sniffer, is a program that lets you monitor the network traffic flowing over a computer’s network devices down to the individual packet level.

When Pktmon was first released as part of the October 2018 Update, it only supported the event trace log (ETL) format, a proprietary log format created by Microsoft. Since then, Microsoft added PCAPNG log file support and real-time monitoring, which is demonstrated in this article.

To use Pktmon, you need to launch a Windows 10 elevated command prompt as the program requires administrator privileges. You can then get instructions on using the program by typing pktmon help in the command prompt.

Pktmon help documentation

To get further help instructions about a particular command, you can type pktmon [command] help. For example, to see the documentation on the ‘comp’ command, you would type pktmon comp help.

Using the help command

For each subcommand, you can continue using the help function to see its instructions – for example, pktmon comp list help.

Using the built-in help feature is a great way to learn how to use Pktmon, and it’s recommended that all users explore the documentation before trying to use the program.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Hands-on with the Pktmon network monitor

Compared to a network monitor with a graphical user interface, the command-line interface of Pktmon takes a bit more time to get used to it.

Before you can monitor packets, you first need to create filters using the pktmon filter add command, which specifies what traffic you want to monitor.

For example, you can monitor all the network traffic on your network using the pktmon filter add -i command or monitor DNS traffic using pktmon filter add -t UDP -p 53. Once again, it is strongly recommended to review the pktmon filter add help documentation to learn how to make filters.

For our demonstration, I have created a filter to monitor DNS traffic as described above. To see the filters made to monitor traffic, you would enter the pktmon filter list command.

Listed created monitoring filters

To start monitoring for DNS traffic on all network interfaces and display the activity in real-time, you will use the following command:

pktmon start --etw -p 0 -l real-time

It should be noted that I used the -p 0 argument, so it captures the entire packet. You can also specify the specific network interface to monitor using the -c argument followed by an interface index ID. For a list of network interfaces and their index IDs (ifIndex), you can use the pktmon comp list command.

Once you start monitoring traffic, you will see captured DNS packets displayed in real-time in the command prompt, as shown below.

Real-time monitoring of DNS traffic

When you are ready to stop monitoring traffic, press the Ctrl-C keyboard combination. When done, there will be a PktMon.etl log file created in the folder you ran Pktmon.

Unfortunately, ETL files are not a very good option as many applications do not support them. Instead, it would be best to convert it to a PCAPNG file using the pktmon pcapng command.  For example, to convert the PktMon.etl to a PCAPNG file called PktMon.pcapng, we would enter the following command:

pktmon pcapng PktMon.etl -o PktMon.pcapng

Once the log file is converted into the PCANPNG format, you can load it into a program like Wireshark to get detailed information about each DNS request.

Also Read: Data Protection Authority GDPR: Everything You Need To Know

Analyzing Pktmon log with Wireshark

As you can see, Pktmon is an extremely powerful tool that allows you to get a great insight into the type of traffic running over your network.

At the same time, Pktmon can be complicated to use, so it is strongly advised that users familiarize themselves with the help documentation before using it.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us