How to capture etw.* data by Wireshark?

2023-01-22

Huang

I found that there are 3 etw filter at filter reference page: But how to capture etw data/events by Wireshark? If I can't, what does these filters do?

etw: Event Tracing for Windows (3.6.0 to 4.0.3, 25 fields)

etw.ndis: ETW Ndis (2.6.0 to 4.0.3, 95 fields)

etw.wfp_capture: ETW WFP Capture (2.6.0 to 4.0.3, 10 fields)

1 Answer

2023-01-22

Chuckc

Microsoft example for etwdump external capture interface:
Analyzing Mobile Broadband Logs in Wireshark

A list of providers - logman query providers (e.g. --p=Microsoft-Windows-Kernel-EventTracing) - to make a capture.

Thank you.

Huang ( 2023-01-22 )

Asked: 2023-01-22

Last updated: Jan 22 '23