PortMon does not work on modern 64-bit versions of Windows (8, 10, 11) due to driver signing changes. For modern systems, use SerialMon from Sysinternals or a logic analyzer. However, if you maintain legacy manufacturing equipment, POS systems, or embedded devices running older Windows, read on.
Serial ports generate a lot of internal IOCTL chatter (e.g., SERIAL_SET_WAIT_MASK ). To see only actual data: how to use portmon
PortMon (Port Monitor) is a classic, lightweight utility from Microsoft’s Sysinternals suite (written by Mark Russinovich). Although it is legacy software (last updated for Windows XP/7), it remains an indispensable tool for debugging serial (RS-232) and parallel port communication on older systems or within virtual machines. PortMon does not work on modern 64-bit versions
For long-term captures:
By default, Portmon usually starts capturing immediately if it detects the drivers. Serial ports generate a lot of internal IOCTL chatter (e