• 15 May 2024
  • 2 Minutes to read
  • PDF


  • PDF

Article Summary

Traceable provides a Windows mirroring agent. The mirroring agent captures and stitches your application's request and response data and sends it to the Traceable Platform agent. The mirroring agent can be installed on the same machine as your application or on a different virtual machine. The following deployment diagram shows a setup where the application and the mirroring agent are installed on other machines.

Traceable’s Windows mirroring agent uses WinPcap. WinPcap is a network packet capture library designed for Windows operating systems. It provides tools and APIs for capturing and analyzing network traffic, and it is primarily used for network monitoring, packet analysis, and network-related development tasks.

Before you begin

  • Make sure to download the Windows mirroring agent from Traceable’s download site. Navigate to agentmirroring-agent.

  • You must have already downloaded and installed the Traceable Platform agent. For more information, see Platform agent.

  • Make sure that you have admin privileges for PowerShell on Windows.

Extract interface name

To install the Windows mirroring agent, you would need the interface name of the machine where you would like to install the mirroring agent. Complete the following names to extract the interface name:

  1. Run getmac /fo csv /v


    The command getmac is used in Windows operating systems to retrieve information about the MAC (Media Access Control) addresses of network interfaces on a computer.

  2. Note the transport name property, which should be something like - "\Device\Tcpip_{D7F2A7DC-EA23-44EF-8EBE-84GAD862A9D8}"

  3. Replace the word Tcpip with NPF in the above string.

  4. Note the network interface value as the edited string - \Device\NPF_{D7F2A7DC-EA23-44EF-8EBE-84GAD862A9D8}. Your machine’s interface name should be similar to this.


To start the installation process, import the module by entering the following command in an admin PowerShell:

Import-Module .\traceable-install-module.psm1\

Traceable mirroring agent module exports the following six functions:

  • Install-Deps

  • Update-Config

  • Install-Agent

  • Uninstall-Agent

  • Start-Traceable

  • Stop-Traceable

You can install the mirroring agent using either the interactive or silent installation.

Option 1 — Interactive installation

The Install-Agent function places the binary and config file in the C:\Program Files\Traceable MirroringAgent directory. Run Install-Deps from your PowerShell. Install-Deps is an interactive WinPcap installer.

The Install-Agent function asks for the following:

  • Interface — Provide an interface where you wish to attach the mirroring agent to capture the data packet. Select the number corresponding to the interface you want to capture.

  • Remote endpoint of Traceable Platform agent — The endpoint used to communicate with the Traceable Platform agent for platform configurations. Provide the input in <ip/DNS>:5441 or <ip/DNS>:5443 format depending on whether you wish to communicate over TLS or not.

  • Reporting endpoint for Traceable Platform agent — The endpoint used to send spans to the Traceable collector. Provide the input in <ip>:4317 or <ip>:5443 format depending on whether you wish to communicate over TLS or not.

  • (Optional) BPF filter to capture specific traffic — This is used to capture specific traffic. You can leave this empty if you wish to capture all TCP traffic on the machine.

  • (Optional ) Path to certificate file to — Provide the path to the certificate if TLS is configured; otherwise, leave it empty.

Option 2 — Silent installation

You can also perform a silent installation of the mirroring agent by providing all the options in single command, as shown in the example below:

install-Agent -Remote "<ip_address:port>" -Reporting "<ip_address:port>" -Interface "<Interface_Name>" -CertFile "<Cert file if conneciton is on tls>" -BPFfilter "<BPF Filter>"

Start the agent

To start the Traceable mirroring agent, enter the following command. This starts the agent as a Windows service:

PS C:\\traceable-mirroring-windows-amd64> Start-Traceable


To verify a successful deployment, see the Traceable Mirroring Agent under Windows Services, as shown below.

Traceable Mirroring Agent writes logs under C:\Program Files\Traceable MirroringAgent. You can check the logs for any errors.


To uninstall the Traceable Mirroring agent, enter the Uninstall-Agent command in your admin PowerShell.

Was this article helpful?

What's Next