Matt Olson

Hi Chad, yes, pktmon packet events are a different format and not compatible with etl2pcapng. Pktmon itself can convert its ETL packet traces to pcapng format. Run "pktmon etl2pcap help"...

Hi, first question: how do you know that packets are missing in the pcapng file? Second question: how do you know that the packets are NOT missing in the original...

@jamescussen, thanks for checking! I'm on the team at Microsoft that maintains the netsh filters too, so I'm still interested in your issue. We might as well keep discussing here...

@jamescussen, you still haven't told me which exact packets are missing from the capture. You mentioned ping and nslookup, so was it ICMP packets that were missing? DNS responses from...

I've addressed this with #74 by printing a helpful message. Actual conversion of pktmon events is, I think, out of scope for etl2pcapng for the time being.

Based on the high-level description, CIRCULAR sounds like just a N=1 case of MULTIPLE. So why have a separate mode?

Thanks for the report Walter. @JamesKehr I switched from the current zipfile-with-two-archs drop format to just dropping the 64-bit binary. How inconvenient is it for your wrapper to deal with...

Good to hear! I'll leave this Issue open until then.

@walter-1, how's it look?

This PR adds an obscure rc file and moves a point of maintenance (the value of VERSION) to a harder-to-notice place. What do we get in return?