Missing broadcast UDP traffic in a trace from the sender
I am working with an application that communicates via broadcast UDP on the local subnet. Running a trace on the broadcasting machine, and on another machine on the same subnet, I can see many many broadcast packets from the second machine that I can't see from the sender itself. Huh? Can anyone think of any legitimate cause of this, beyond my traces being incomplete? Details:
Both machines have only the one NIC, and they're definitely on the same subnet.
Traces were taken with netsh trace - customer IT security won't allow me to install Wireshark to take the traces directly - and then converted to pcap with https://github.com/microsoft/etl2pcapng/. So I'm assuming that either netsh trace has failed, or etl2pcap has failed in some way, and that is the cause of my issue. But again, just curious if anyone can think of any other legitimate reason. netsh trace command, on both machines, was:
netsh trace start capture=yes report=no traceFile="\Temp\NetTrace_%COMPUTERNAME%.etl" maxSize=250 fileMode=circular Ethernet.Type=IPv4 persistent=no
Thanks for any insight,
Found a reference to netsh trace convert, which indeed seems to indicate that this is a fault in the original netsh trace, not in etl2pcapng.