I am playing with capturing my network traffic and came across two different MS commandline tools that allow doing this:
- a well-known netsh tool, recently equipped with powerful capture switch
- a brand-new PEF Framework that is shipped together with MS Message Analyzer.
MS Analyzer is a tool that covers all my requirements in traffic analyzing, however it does have one disadvantage: it is very resource-greedy.
So I decided to switch to commandline tools in my everyday work and came to the above two options.
As it stated in PS PEF cmdlets documentation, PEF commands mainly follow Message Analyzer functionality which makes it very powerful and configurable. However, netsh trace capture has very extended syntax too and I am stuck upon choosing the right tool.
Dear admin gurus, does anybody have experience with both tools and can give reasoned advice on the subject:
- Do PEF commands has exactly the same features as Message Analyzer?
- If so, is there any advantage in using netsh over PEF? Performance?
- Any limitations in both of them?
UPD: For now the only distinction I was able to find between them is that netsh trace doesn't support IP-subnetting specification (in CIDR or whatever) and that's it. I see no other differences: both of them support the same filters, the same providers (incl. ETW) and so on...
UPD2: I also discovered Network Event Packet Capture cmdlets just now and it seems they do exactly the same. Completely confused now ((
