netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=<ip> tracefile=<filepath>\<filename>.etl
You have to load the etl file to “Microsoft Network Monitor” and export it to cap.
On the website http://www.tech-wiki.net/index.php?title=How_to_capture_traffic_with_no_Wireshark_using_netsh
I found the following powershell code to convert it:
$s = New-PefTraceSession -Path “C:\temp\OutFile.Cap” -SaveOnStop $s | Add-PefMessageProvider -Provider “C:\temp\capture.etl” $s | Start-PefTraceSession
netsh trace start capture=yes protocol=17
You can make it persistent, e.g. if you want to capture the boot:
netsh trace start persistent=yes capture=yes tracefile=c:\trace.log
To stop enter
netsh trace stop
Capture ICMP traffic:
netsh trace start capture=yes protocol=1 tracefile=c:\temp\trace.etl fileMode=single maxSize=500
More information: https://www.computertechblog.com/capture-network-traffic-with-netsh-trace-windows-command/