ETL2PCAPNG - convert Windows netsh trace files to PCAP

Alexander Bochmann Saturday 29 of February, 2020
After Microsoft had deprecated the Microsoft Message Analyzer (cache) tool last year, there was no good way to work with network traces generated on Windows systems with the netsh trace ... command.

Microsoft has now released ETL2PCAPNG (cache), a small program that converts ETL files to PCAPNG, see this announcement on the Microsoft Core Infrastructure and Security blog (cache), so trace files can now be processed with standard utilities like Wireshark.