This article applies to:
OS: Windows
Product edition: Phoenix
Overview
This article describes the procedure to collect circular and chain network trace on a Windows machine to troubleshoot Phoenix network related issues.
Definitions:
Circular: A captured file which overwrites after it reaches a predefined size.
Chain: A capture where multiple files are created in a sequential manner after it reaches a predefined size.
Circular network capture
Create a temporary directory to store the captured file. For example E:\DruvaLogs.
Run the below command in an elevated command prompt.
netsh trace start capture=yes tracefile=C:\DruvaLogs\000capture.etl maxsize=1024 filemode=circular overwrite=yes report=no
In the above command:E:\DruvaLogs is the directory which will be used to save the captured file
000capture.etl is the name of the trace file
maxsize=1024 defines that the capture will start overwriting the oldest packets once it reaches 1024 MB. This value can be changed. The file will never grow beyond 1024 MB in this scenario
Stop the trace with the following command:
netsh trace stop
Send the C:\DruvaLogs directory to Druva for analysis.
Chain network capture
Create a temporary directory to store the captured file. For example C:\DruvaLogs.
Install Microsoft Network Monitor tool from the below link. (Select complete installation during the setup.)
https://www.microsoft.com/en-us/download/4865Run the below command in an elevated command prompt.
NMCap /network * /capture /file E:\DruvaLogs\capture.chn:1M
In the above command:E:\DruvaLogs is the directory which will be used to save the captured file
Capture is the name of the file which will be generated.
1M signifies that after creating 1 MB of captured file, another file will be created with incremental number. Like, capture.cap, capture(1).cap, capture(2).cap and so on. Each file will be of 1 MB in size.
Note: Do not remove the string “chn” from the above command. This is necessary to add the incremental numbers in the name of each file.
Stop the trace by pressing Ctrl+C.
Send the E:\DruvaLogs directory to Druva for analysis.