Ask Your Question
0

Event Tracing for Windows ETW file reader

asked 2022-10-19 18:13:18 +0000

Bushman gravatar image

Regarding the 4.0 Release Notes: "The Event Tracing for Windows (ETW) file reader now supports displaying IP packets from an event trace logfile or an event trace live session."

Is there something I need to do use the file reader for my Event Tracing for Windows .etl capture files?

4.0 gives me "The file "NetTrace.etl isn't a capture file in a format Wireshark understands" when I try to load my .etl file.

The same file can be converted via etl2pcapng successfully.

Thanks

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-10-19 21:11:27 +0000

Chuckc gravatar image

updated 2022-10-19 21:13:29 +0000

5876: ETW: Extract IP packets from Windows event trace

There is documentation for adding extcap and man pages for them but probably should add something more user friendly to the WSUG.

Configuration is via the Wireshark welcome screen.

image description
Click on the gear next to the extcap name.

image description

edit flag offensive delete link more

Comments

Ahh I forgot to look for an option to download extra components (Tools > Etwdump) during installation.

Thanks!

Bushman gravatar imageBushman ( 2022-10-19 21:58:13 +0000 )edit

Another item for the WSUG section on extcap. :-)

Chuckc gravatar imageChuckc ( 2022-10-19 22:14:16 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-10-19 18:13:18 +0000

Seen: 2,550 times

Last updated: Oct 19 '22