You can use the following "netsh" command to generate a packet capture and have it continue on reboot.
- Launch an elevated command prompt using the Run As Administrator option
- Enter the following command and press Enter
netsh trace start capture=yes report=yes tracefile=C:\temp\tracefile.etl persistent=yes
- The trace configuration will be displayed similar to the following:
C:\Windows\system32>netsh trace start capture=yes report=yes tracefile=C:\temp\tracefile.etl
persistent=yes
Trace configuration:
-------------------------------------------------------------------
Status: Running
Trace File: C:\temp\tracefile.etl
Append: Off
Circular: On
Max Size: 250 MB
Report: On
C:\Windows\system32>
- Reboot the system if needed.
- To stop the trace launch an elevated command prompt and type "netsh trace stop". This will create two files Tracefile.cab and tracefile.etl. File names and location will be displayed in command prompt window after data collection is finished.
- Zip up the files and upload them to the support case.
- You can use Etl2Pcapng to convert it to pcap file that can then be read with Wireshark.