not recognized event - Githubissues

microsoft / etl2pcapng

Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.

MIT License

607 stars 114 forks source link

not recognized event #54

Closed idanless closed 2 years ago

idanless commented 2 years ago

Hi i recoded by this commnd (Win 10 Home last update) pktmon start --capture --comp {} --pkt-size 0 -f {} and save the ETL when i use the tool here i go error "Input ETL file does not contain a packet capture"

but when i use "PktMon.exe etl2pcap PktMon.etl -o dd.pcap" [inside the system] Processing...

Packets total: 8 Packet drop count: 0 Packets formatted: 8 Formatted file: dd.pcap

all good

what the difference ?

maolson-msft commented 2 years ago

Hi, see #24 . Etl2pcapng is built for converting packet captures collected with "netsh trace start capture=yes". Pktmon packet captures can only be converted using pktmon.

idanless commented 2 years ago

tnx for the answer!