Wireshark · Wireshark-users: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer

ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-users: [Wireshark-users] Question regarding cap export from netsh etl using message ana

From: Ran Shenhar <ran.shenhar@xxxxxxxxx>

Date: Thu, 17 Oct 2013 23:25:21 -0700

I have a Win machine I can't install Wireshark on.

So I figured I'd use "netsh trace start capture=yes Ethernet.Type=IPv4 traceFile=d:\ip.trace2.etl maxsize=20" to capture, then follow http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspx to export and read in Wireshark.

The problem is that the exported file opens up with all packets marked as TZSP and malformed.

Is there a better way to doing that? Other tools to convert etl to pcap?

Thanks,

Follow-Ups:
- Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
  - From: Ran Shenhar
- Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] SNMP resolution problems
Next by Date: Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
Previous by thread: Re: [Wireshark-users] [Wireshark-announce] Wireshark 1.11.0 is now available
Next by thread: Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
Index(es):
- Date
- Thread

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube