Microsoft Etl2pcapng Versions Save

-Allow only the input file to be specified (output file will have the same name with a pcapng extension) -Handle pktmon captures more gracefully (warn the user that this tool isn't made for them)

The tool is now 10x faster.

-Support for VPN (Microsoft-Windows-Ras-NdisWanPacketCapture) events. -Includes thread ID in packet comments. -Includes RSS hash in packet comments for VMSwitch packets.

• Signed binaries.
• Enable ControlFlowGuard.
• Include VMSwitch packet info in packet comments.

1. Write iftype and ifindex into interface description blocks.
2. Statically link C runtime so vcredist doesn't need to be installed.

-Fixes a bug in the packet comment feature that caused corrupt pcapng files to be generated. -Adds a helpful message when the tool is run on files that don't contain a packet capture.

Automatically infer original fragment length for truncated fragments (Raw/Ethernet)

Adds packet comments with PID information.

Adds packet direction info

Adds support for multi-event packets (as found in some captures on Win8 and older systems).