SATO Yusuke
Reputation: 2224
Filter the .etl from Microsoft-Windows-WinINet-Capture with source/destination IP
Background
- I have captured HTTPS traffic from some programs with Event Trace Sessions (
Microsoft-Windows-WinINet-Capture) from Performance Monitor. - The traffic is stored in a
.etlfile successfully. You can see the payloads withtracerpt FILE_NAME.etl -o FILE_NAME.csv -of CSV.
Problem
- The
.etlfile contains traffic not only from the target programs but also from other programs like OneNote. So I want to filter the packets with source/destination IP. - Output of
tracerpt FILE_NAME.etl -o FILE_NAME.csv -of CSVdoesn't have the source IP or destination IP field, so I can't filter the result with Excel. - I have tried to convert
.etlto.pcapngwithpktmonto read captured packets with WireShark and filter the result, butpktmoncan't read packets from the.etlfile. The result ofpktmonis like this:
PS C:\tmp\ETW> pktmon etl2pcap _ETW_CAPTURE_TEST.etl
Processing...
Events lost during logging: 1
Packets total: 0
Packet drop count: 0
Packets formatted: 0
Formatted file: _ETW_CAPTURE_TEST.pcapng
PS C:\tmp\ETW>
Question
Is there any way to filter the packets in a .etl file from Microsoft-Windows-WinINet-Capture with the source/destination IP of packets?
Upvotes: 0
Views: 15
Answers (0)
Related Questions
- set a filter of packet length in wireshark
- How to capture only two types of packets using Wireshark
- Capture Filter with Wildcard in IP Address
- Why is my program reporting more captured packets than Wireshark?
- How to capture network traffic by process name in mac?
- tshark capture cookie information
- Measuring Dropped packets in Network through wireshark