Need support for multi-event packets

microsoft / etl2pcapng

Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.

MIT License

607 stars 114 forks source link

Need support for multi-event packets #8

Closed maolson-msft closed 4 years ago

maolson-msft commented 4 years ago

See code comment in EventCallback:

    // Supposedly, some packets may be logged across multiple events with the
    // use of these keywords. In that case we'll have to accumulate packet
    // fragments across multiple EventCallback calls. Add that feature if
    // anyone actually turns out to need it.

I've heard reports that people are seeing the warning event on some captures, so that work should be done.