Re: Question regarding cap export from netsh etl using message analyzer

[Ran Shenhar <ran.shenhar () gmail com>]

Forgot to mention - Wireshark 1.10.2 64 bit.
Found https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6694, so also
tried opening on Ubuntu with Wireshark 1.6.7 64 bit.
Installed the 32 bit portable Windows app - same result.


On Thu, Oct 17, 2013 at 11:25 PM, Ran Shenhar <ran.shenhar () gmail com> wrote:

> I have a Win machine I can't install Wireshark on.
> So I figured I'd use "netsh trace start capture=yes Ethernet.Type=IPv4
> traceFile=d:\ip.trace2.etl maxsize=20" to capture, then follow
> http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspxto
>  export and read in Wireshark.
> The problem is that the exported file opens up with all packets marked as
> TZSP and malformed.
> Is there a better way to doing that? Other tools to convert etl to pcap?
>
> Thanks,
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe