Input ETL file does not contain a packet capture.

[spondie]

I recently was asked to view an etl capture file for a friend of mine.

It has been a couple of years since we had done this, but the directions seemed to be the same.

1. Open command prompt on scanner
2. Start capture with command line: netsh trace start persistent=yes capture=yes tracefile=d:\log\networkTrace.etl
3. Recreate issue/exchange on network
4. Stop capture with command line: netsh trace stop
5. Copy networkTrace.etl file to USB stick

I have tried these same instructions and perform a ping to my router to generate some traffic. When I attempt to convert it with etl2pcapng, it gives me "Input ETL file does not contain a packet capture." I can open it in an old version of MS Message Analyzer and it does show data, but nothing that looks like a capture.

Have you heard of MS changing the netsh command or parameters to make this not work?

Thanks, Mark

[spondie]

Interesting. After reading the other threads, I noticed someone state they did not wait long enough. I re-ran my test with a ping to the router with a -t for continuous and it did pick up some packets. I will do some more testing. Sorry for the confusion.