Wireshark mailing list archives
Question regarding cap export from netsh etl using message analyzer
From: Ran Shenhar <ran.shenhar () gmail com>
Date: Thu, 17 Oct 2013 23:25:21 -0700
I have a Win machine I can't install Wireshark on. So I figured I'd use "netsh trace start capture=yes Ethernet.Type=IPv4 traceFile=d:\ip.trace2.etl maxsize=20" to capture, then follow http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspxto export and read in Wireshark. The problem is that the exported file opens up with all packets marked as TZSP and malformed. Is there a better way to doing that? Other tools to convert etl to pcap? Thanks,
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 17)
- Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 17)
- Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 21)
- Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 21)
- Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 21)
- Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 18)
- Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 18)
- Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 17)