Arp packets to large after conversion

microsoft / etl2pcapng

Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.

MIT License

607 stars 114 forks source link

Arp packets to large after conversion #41

Closed roodec closed 2 years ago

roodec commented 3 years ago

ls,

At the moment of writing the following seems to occur when I convert an elt trace file to an pcapng file there appears to be a problem converting the arp packets. There are represented to be over 2G in size. If i do a live capture on the same server with wireshark or netmon the arp packets are normal size.

maolson-msft commented 3 years ago

@roodec , please share: -an example .etl file that reproduces this problem -the packet number of the problematic ARP -the version of etl2pcapng that you saw this problem with.

Thanks

maolson-msft commented 2 years ago

@roodec, I haven't received a reply so I'm closing this. Feel free to reopen if you have the time to share the necessary debugging data.