Windows 7: Network: Windows 7, 2008, R2, 8 - traffic capture during boot

// Start the capture and write it to path specified. (directories in the path must exist already)
// The setting persistent=yes will enable the trace and record during a reboot
netsh trace start capture=yes persistent=yes tracefile=c:\temp\capture.etl

// Stop the trace
netsh trace stop

// Analyze with
open file in message analyzer (or with the old network monitor) change parser to windows.



http://msdn.microsoft.com/en-us/library/windows/desktop/dd569142(v=vs.85).aspx

Another article can be found here:

http://blogs.msdn.com/b/canberrapfe/archive/2012/03/31/capture-a-network-trace-without-installing-anything-works-for-shutdown-and-restart-too.aspx