First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Event Tracing for Windows ETW file reader

Regarding the 4.0 Release Notes: "The Event Tracing for Windows (ETW) file reader now supports displaying IP packets from an event trace logfile or an event trace live session."

Is there something I need to do use the file reader for my Event Tracing for Windows .etl capture files?

4.0 gives me "The file "NetTrace.etl isn't a capture file in a format Wireshark understands" when I try to load my .etl file.

The same file can be converted via etl2pcapng successfully.

Thanks

Bushman's avatar
3
Bushman
asked 2022-10-19 18:13:18 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

5876: ETW: Extract IP packets from Windows event trace

There is documentation for adding extcap and man pages for them but probably should add something more user friendly to the WSUG.

Configuration is via the Wireshark welcome screen.

image description
Click on the gear next to the extcap name.

image description

Chuckc's avatar
3k
Chuckc
answered 2022-10-19 21:11:27 +0000, updated 2022-10-19 21:13:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Ahh I forgot to look for an option to download extra components (Tools > Etwdump) during installation.

Thanks!

Bushman's avatar Bushman (2022-10-19 21:58:13 +0000) edit
more
  • delete

Another item for the WSUG section on extcap. :-)

Chuckc's avatar Chuckc (2022-10-19 22:14:16 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer