Configuring and Modifying a Live Trace Session

This section describes how to create and configure a new Live Trace Session so that you can quickly begin capturing data from your system. This section also discusses how to modify various settings that enable you to focus your Live Trace Session on messages containing specific types of data. Some special capture configurations that use the Microsoft-Windows-NDIS-PacketCapture provider in Remote Network Interfaces Trace Scenarios are also described, as follows:

  • Capturing traffic on remote Windows 8.1, Windows Server 2012 R2, and later hosts.

  • Specifying advanced provider settings when capturing traffic on host and virtual machine (VM) adapters.

  • Specifying advanced provider settings when using Remote Network Interfaces scenarios locally.

This section also describes how to select or specify a trace scenario, parsing level, session filter, additional ETW providers, provider settings, advanced ETW session options, remote tracing settings, and a data viewer in which to display your trace results. The discussions are included in the following subtopics of this section:

    Configuring a Live Trace Session

    Using a Custom Trace Scenario Template

    Selecting a Default Trace Scenario

    Setting the Parsing Level

    Adding a System ETW Provider

    Modifying Provider Settings

    Creating and Applying Session Filters

    Specifying Advanced Session Configuration Settings

    Capturing Data Remotely

    Selecting a Live Trace Session Data Viewer