I was faced with a difficult situation where I had to find a why a SentinelOne agent will not communicate with the management portal for some reason. I ran the troubleshooting script which generated many files and among them there was a packet captured file as we can see below:

0fad76db3e96df7164af9a12905f0beb.png

We can use the etl2pcapng.exe to convert the log files into the pcap file. The executable for the application is in the reference section a54389c92e244660a84ec0998e4c0d9b.png