Over the holidays, I wanted to look into a packet capture file I created on Windows with a “netsh trace” command. Such an .etl file created with a “netsh trace” command can not be opened with Wireshark, you have to use Microsoft Message Analyzer.
Article Link: https://isc.sans.edu/diary/rss/25674