This is our old Q&A Site. Please post any new questions and answers at

Hello, is there a way to monitor Windows Group Policy Client traffic with Wireshark, while a Windows 7 workstation is shutting down?

For the past week or so, my PC has been taking a long time to shut down. A blue screen with a cursor appears after ten minutes or so, then the mysterious "Please wait for the Group Policy Client..." message.

Any help would be much appreciated.


This article on Internet gave me the idea of monitoring Group Policy traffic to try to pinpoint the issue causing the shutdown delay.

asked 27 Aug '15, 01:56

phiroc's gravatar image

accept rate: 0%

Unfortunately when a shutdown is commenced, user space applications get the chop first, so I don't know how long into the shutdown the capture will keep running. Maybe you could try that and report back. There are also other capturing mechanism, e.g. netsh trace that may run a little longer. You'll have to use NetMon or Message Analyzer to convert the netsh captures to a format Wireshark can read.

Maybe you could capture the traffic externally to the machine, maybe on the DC it's communicating with, or via a mirror or span port on a switch.

permanent link

answered 27 Aug '15, 04:04

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Sure, add a sniffer to your network and go ahead. See Capture Setup instructions in the Wiki how to go about it.

permanent link

answered 27 Aug '15, 04:23

Jaap's gravatar image

Jaap ♦
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Aug '15, 01:56

question was seen: 2,825 times

last updated: 27 Aug '15, 04:23

p​o​w​e​r​e​d by O​S​Q​A