Windows 10 offers a built-in packet sniffer that is valuable for security monitoring & forensics.  SANS ISC shares techniques on capture & collection of network “packets” which can also be isolated for key TCP/IP ports to help better home in on potential issues.

Microsoft released with the October 2018 Update a built-in packet sniffer for Windows 10 located in C:\Windows\system32\PktMon.exe. At ISC we like packets and this is one of the multiple ways to capture packets and send us a copy for analysis. Rob previously published another way of capturing packets in Windows here. If Windows 10 was compromised, this application would be a prime target by malicious actors and it need to be monitored, protected or removed in an enterprise.  In order to collect packets you need to launch a Windows 10 command prompt as admin before using PktMon.