THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
André's avatar
176
André
answered 2022-11-18 21:42:52 +0000

Of course the best way to capture initial network activity is from outside the device, using a tap or a monitor port on a switch.

Regarding Windows:
Windows has a build in tool 'netsh trace' that allows to start capturing as soon as an interface starts up. Thus capturing the OS's first DHCP or ARP requests on that interface and incoming traffic.

See also the answer to a similar question: Is there a way for wireshark to start upon computer startup