I needed to capture packets off a production web server but did not want to add additional unnecessary software to production like wireshark or similar.
I came across some dated articles on Netsh that looked promising. But the tool used to convert to packet capture seemed to be deprecated. Luckily the following tool allows you to convert ETL to packet capture so it can be opened in wireshark.
Here is a basic example.
netsh trace start capture=yes report=disabled
netsh trace stop
Copy the .etl file to a machine with wireshark.
etl2pcapng.exe NetTrace.etl out.pcapng
https://github.com/microsoft/etl2pcapng to convert the file.