How do I dump raw data from a TCP port in Windows using the netsh command?
Yes, you can do that with netsh:
Run this command as admin:
netsh trace start capture=yes tracefile=c:\temp\trace.etl
then, stop the capture with netsh trace stop
and grab the .etl
file.
Download etl2pcapng on your computer, and use it to convert the .etl file in the pcapng format: etl2pcapng.exe in.etl out.pcapng
Finally, open the pcapng file with Wireshark or similar.
Note that if the server runs at least Windows Server 2019 Update 2004, you can use pktmon too.