Using netsh to trace communications

 

Use the netsh trace command to capture communication activities between the user terminal and the NES server, while performing the action that fails.

For example, to troubleshoot the issue where a user terminal cannot retrieve NEA certificates from NES, perform the following steps:

  1. On the NES server, open up a command prompt as administrator, and then type:
     netsh trace start capture=yes tracefile=.\capture_server.etl scenario=internetserver
  2. On the user terminal, open up a command prompt as administrator, and then type:
     netsh trace start capture=yes tracefile=.\capture_client.etl scenario=internetclient
  3. Delete all the files in the C:\Windows\System32\config\systemprofile\AppData\Roaming\Nymi\NSL\<randomstring>\ksp directory
  4. Perform the action to trigger the certificate retrieval.  For example:
    • If a user terminal with EAM client cannot retrieve certificates, restart the EAM Security Services service.
    • If the enrollment terminal cannot retrieve the certificates, log into the Nymi Band Application.
  5. Wait about a minute and then from the command prompt on both the user terminal and the NES server, type:
     netsh trace stop
    The netsh command records the command line output into the filename that you specified with the tracefile option in the current directory.
  6. Optional, to convert the output file to a text file, type the following command:
    netsh trace convert input=filename.etl
    The command creates a text file with the same name as the .etl file in the current directory.
  7. For ease of analysis, retrieve .etl file from the machine and use the etl2pcapng tool (https://github.com/microsoft/etl2pcapng/) to convert  the file into to a .pcapng file. 
  8. Use an application such as WireShark to analyze the output to determine the communication path between components.

 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.