Wireshark-users: [Wireshark-users] Opening a netsh trace capture in Wireshark shows nothing - is
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Kurt Buff <kurt.buff@xxxxxxxxx>
Date: Thu, 22 Mar 2018 17:33:21 -0700
All,

I used the native netsh facility on a Win10 1607 box to capture an .etl file during (wireless) bootup, to see if I could figure out a problem we're having with either DNS or Group Policy (can't figure out which yet)..

I saved it off, and on another box I used MSFT MessageAnalyzer (1.4) to export that to a .cap file so that I could open it in Wireshark (2.4.5), per this article
https://blogs.technet.microsoft.com/yongrhee/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl/

Some STFW indicates that necessary dissectors for wifi aren't available in Wireshark

Is this still true, or am I missing a configuration setting or dissector import that would reveal the packets?

Thanks,

Kurt