Capture Network Packets on the windows 10 with October 2018 Update or later.

Paths:

c:\windows\system32\pktmon.exe
c:\windows\syswow64\pktmon.exe

Detection: .etl files found on system

Reconnaissance

Will start a packet capture and store log file as PktMon.etl. Use pktmon.exe stop

pktmon.exe start --etw

Select Desired ports for packet capture

pktmon.exe filter add -p 445