Powershell - Network Trace (Useful for Citrix disconnects)

Here are three useful powershell commands for helping to diagnose disconnection issues.  Insert the computer name after "-ComputerName".  Run each section separate.

The trace file will grow to 1GB and then repeat until stopped.

Once you have stopped the trace, copy the ETL file to a share and open the file with Microsoft Message Analyser.  Save and export the file in to .cap format and open with Wireshark.

I have been working on a script that allows you to add the computer names to a text file and will create a trace of each of those computers.  It also allows you to add a username and have the script query a Delivery controller for the associated Citrix machine name and then run a trace.  I'll post that version when complete.


  #START THE TRACE
 
   function Disable-ExecutionPolicy {($ctx = $executioncontext.gettype().getfield("_context","nonpublic,instance").getvalue( $executioncontext)).gettype().getfield("_authorizationManager","nonpublic,instance").setvalue($ctx, (new-object System.Management.Automation.AuthorizationManager "Microsoft.PowerShell"))}  Disable-ExecutionPolicy  .runme.ps1
  
   Invoke-Command -ComputerName   {  
            powershell -command{
            $test=test-path C:\NetworkTrace
            if ($test=test-path C:\NetworkTrace) {
            Remove-Item C:\NetworkTrace -Recurse -Force -EA SilentlyContinue -Verbose
            new-item c:\NetworkTrace -itemtype directory
            netsh trace start persistent=yes capture=yes report=yes maxSize=1024 fileMode=circular overwrite=yes  tracefile=c:\NetworkTrace\nettrace-boot.etl
          }
            else {
           new-item c:\NetworkTrace -itemtype directory
           netsh trace start persistent=yes capture=yes report=yes maxSize=1024 fileMode=circular overwrite=yes  tracefile=c:\NetworkTrace\nettrace-boot.etl
           }                  
                               }                         
         }

#STOP THE TRACE
            Invoke-Command -ComputerName {  
            powershell -command{
            $test=test-path C:\NetworkTrace
            if ($test=test-path C:\NetworkTrace) {
            netsh trace stop
           #new-item c:\NetworkTrace -itemtype directory
            #netsh trace start persistent=yes capture=yes report=yes persistent=Yes maxSize=1024 MB fileMode=circular overwrite=yes  tracefile=c:\NetworkTrace\nettrace-boot.etl
          }}}


#REMOVE THE TRACE
            Invoke-Command -ComputerName  {  
            powershell -command{
            $test=test-path C:\NetworkTrace
            if ($test=test-path C:\NetworkTrace) {
            Remove-Item C:\NetworkTrace -Recurse -Force -EA SilentlyContinue -Verbose
            #new-item c:\NetworkTrace -itemtype directory
            #netsh trace start persistent=yes capture=yes report=yes persistent=Yes maxSize=1024 MB fileMode=circular overwrite=yes  tracefile=c:\NetworkTrace\nettrace-boot.etl
          }}}