Step 1: Understand when packet capture is useful

Packet capture helps when:

• Internet disconnects randomly

• VoIP calls drop or sound distorted

• Applications lose connection while Wi-Fi still looks “connected”

If the problem is constant (no internet at all), packet capture is usually not needed.

Step 2: Identify where to capture traffic

Decide where the problem occurs:

• On a PC only → capture on that PC

• On multiple devices → capture on the router or one affected PC

Start simple: capture traffic on one affected computer.

Step 3: Capture packets on Windows using built-in tools

Windows includes pktmon, no extra software required.

1. Open Command Prompt as Administrator

2. Start capture:

   pktmon start --etw


3. Reproduce the problem (wait for a disconnect)

4. Stop capture:

   pktmon stop


5. Convert log to readable format:

   pktmon format PktMon.etl -o capture.txt


Step 4: Capture packets on Linux (basic usage)

On Linux, use tcpdump:

• Let it run while the issue occurs

• Stop with Ctrl + C

Step 5: Look for common indicators

You don’t need deep packet analysis. Look for:

• Retransmissions → unstable connection

• Large time gaps → packet loss

• Repeated connection resets → router or ISP issue

If packets stop entirely → local network problem
If packets continue but responses stop → ISP or upstream issue

Step 6: Act on the findings

• LAN issue → replace cable, switch port, or network card

• Router issue → firmware update, reboot, configuration check

• ISP issue → provide capture evidence to ISP support.