BruteShark icon indicating copy to clipboard operation
BruteShark copied to clipboard
verified publisher icon odedshimon

ETL files

Open 89z opened this issue 4 years ago • 2 comments

Windows has two built in tools to capture packets, pktmon and netsh trace. However these tool produce ETL files instead of PCAP files.

It would be helpful if this program was able to read packets from ETL files.

89z avatar Oct 22 '21 19:10 89z

Hi @89z, Thank you for suggesting this - it can be a great feature. I do not know if I will have time to implement it soon. If anyone is interested in imlementing it I would love to guide them.

odedshimon avatar Oct 23 '21 20:10 odedshimon

Thanks. I found this tool:

https://github.com/microsoft/etl2pcapng

but it only works for ETL created by Netsh. Pktmon has a method to convert ETL to PCAP, but only with Windows 10 2004 or higher.

89z avatar Oct 23 '21 20:10 89z