.. / Add-NetEventPacketCaptureProvider

Adds a Remote Packet Capture provider

Network

Add packet capture provider to eventsession

Add-NetEventPacketCaptureProvider -SessionName sess -CimSession $s -Level 4 -CaptureType Physical -TruncationLength ([UInt16]::MaxValue)

• Create CimSession $s using New-CimSession
• See all details in New-NetEventSession
• Can be opened using for example NetworkMiner or Wireshark
• PowerShell Module: NetEventPacketCapture