Network issues can be hard to detect and pin down. In the recent years, due to network virtualization and other advanced networking features, the complexity of debugging process has increased significantly. There are some advanced packet capture tools like wireshark which helps developers to diagnose the issues.
In 2018, Microsoft introduced Packet Monitor (PacketMon), a built-in cross-component network diagnostics tool for Windows. PacketMon can be used for packet capture, packet drop detection, packet filtering and counting.
Packetmon intercepts packets at multiple locations throughout the networking stack, exposing the packet route. If a packet was dropped by a supported component in the networking stack, PacketMon will report that packet drop.
Recently, Microsoft added new capabilities to PacketMon in Windows 10 and Windows Server 2019 version 2004 (May 2020 Update). You can find the capabilities of PacketMon below.
- Packet capture at multiple locations of the networking stack
- Packet drop detection, including drop reason reporting
- Runtime packet filtering with encapsulation support
- Flexible packet counters
- Real-time on-screen packet monitoring
- High volume in-memory logging
- Microsoft Network Monitor (NetMon) and Wireshark (pcapng) compatibility
PacketMon also has its limitations. It supports Ethernet only and does not come with Firewall integration. Also, drop reporting is only available for supported components.
You can access Packet Monitor (PacketMon) through pktmon.exe command, and via Windows Admin Center extensions in Windows Server.