wtrace - Interact with the Network Trace window
wstrace - Interact with the Wireshark Trace mechanism
wtrace [open | close | on | off | allow | block | clear | save | mark | [filter port] | e|E | n|N]DESCRIPTION
wstrace [open | close | [on [ifn] [w]] | [off [ifn]] | pause | resume | [filter port]]
The Trace window displays network traffic in real time. The window can be opened with argument open, or closed with argument close.
When the trace window is open, the following arguments are valid:The wstrace command is used to trace network traffic with Wireshark. Note that because NAT32 has full access to all network interfaces, including WLAN, WWAN, 3G, 4G, Bluetooth, USB, RAS Client and RAS Server interfaces, Wireshark is able to display traffic to which its standard driver (WinPcap) has no access.
Argument on turns tracing on; argument off turns tracing off.
Argument block immediately blocks all traffic on all interfaces; argument allow immediately restores traffic flow.
Argument clear clears the trace window; argument save writes the contents of the window to file trace.txt.
Argument mark writes a numbered checkpoint message to the trace window.
Argument filter_port is a TCP port number for which traffic should never be displayed. It is used to prevent packet storms which would otherwise occur when Remote Desktop software is used to interact with NAT32. The default value is 3389, which is the TCP port number used by Microsoft's RDP and Terminal Server clients.
Argument E turns the display of Ethernet addresses on; e turns it off.
Argument N turns the display of Next Hop addresses on; n turns it off.
A sample trace window is shown below:SEE ALSO
The meaning of each field in the trace output is documented in the Help dialog box.
Because trace output is generated and displayed in real time, network throughput will be greatly reduced while a trace is active. Tracing should therefore only be activated for debugging purposes.
The Filters list-box allows a special action to be performed if a line of output contains a specified string. The action is executed on arrival of a packet, before its contents are displayed.
- The default action is to hide entries containing the filter string.
- If the filter string begins with ! then only entries containing the remainder of the string are displayed.
- If the filter string begins with @ then the arrival of a packet that contains the remainder of the string causes a Block action. The entry is displayed.
The Show checkboxes have the following purpose:
- Ethernet: Display Ethernet source and destination addresses.
- Nexthop: Display the Nexthop IP address for outgoing IP packets or the Previous Hop for incoming IP packets. NAT32 obtains this value by looking up the Ethernet destination or source address of the packet in its ARP table.
The Interface check boxes enable/disable tracing for specific interfaces.
The Notes groupbox displays the Port Filter currently in place.
WinPkFilter, Wireshark, WinPcap