Over the holidays, I wanted to look into a packet capture file I created on Windows with a “netsh trace” command. Such an .etl file created with a “netsh trace” command can not be opened with Wireshark, you have to use Microsoft Message Analyzer.
Advertise on IT Security News.
Read the complete article: etl2pcapng: Convert .etl Capture Files To .pcapng Format, (Sun, Jan 5th)