This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Monitoring Group Policy Traffic on Windows while PC shuts down

0

Hello, is there a way to monitor Windows Group Policy Client traffic with Wireshark, while a Windows 7 workstation is shutting down?

For the past week or so, my PC has been taking a long time to shut down. A blue screen with a cursor appears after ten minutes or so, then the mysterious "Please wait for the Group Policy Client..." message.

Any help would be much appreciated.

PS

This article on Internet gave me the idea of monitoring Group Policy traffic to try to pinpoint the issue causing the shutdown delay.

http://trentent.blogspot.fr/2013/03/slow-group-policy-client-side.html

asked 27 Aug '15, 01:56

phiroc's gravatar image

phiroc
6112
accept rate: 0%


2 Answers:

0

Unfortunately when a shutdown is commenced, user space applications get the chop first, so I don't know how long into the shutdown the capture will keep running. Maybe you could try that and report back. There are also other capturing mechanism, e.g. netsh trace that may run a little longer. You'll have to use NetMon or Message Analyzer to convert the netsh captures to a format Wireshark can read.

Maybe you could capture the traffic externally to the machine, maybe on the DC it's communicating with, or via a mirror or span port on a switch.

answered 27 Aug '15, 04:04

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

Sure, add a sniffer to your network and go ahead. See Capture Setup instructions in the Wiki how to go about it.

answered 27 Aug '15, 04:23

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%