Wireshark mailing list archives
Re: network monitor 3.4 traces cannot be read
From: "Stefaan Pouseele" <stefaan.pouseele () skynet be>
Date: Thu, 22 Jul 2010 21:01:51 +0200
Hi Guy, attached you'll find a sample capture taken with Microsoft Network Monitor 3.4. Best Regards, Stefaan -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Guy Harris Sent: donderdag 22 juli 2010 20:38 To: Community support list for Wireshark Subject: Re: [Wireshark-users] network monitor 3.4 traces cannot be read On Jul 22, 2010, at 10:23 AM, DePriest, Jason R. wrote:
Why does the problem only affect the dev versions of Wireshark?
Because in 1.2.x, Wireshark ignored the per-packet encapsulation field in
newer file formats, whereas, in 1.3.x/1.4.x, it doesn't. There are some
files, and some packets, that can't be correctly handled if the per-packet
encapsulation field is ignored (e.g., the frames where NetMon stores
information about the capture).
Microsoft's documentation on the file format doesn't mention the possibility
of a frame type being 0, so either
1) the documentation is incomplete
or
2) there's a bug and the frame type is being fetched from the wrong
location.
We'd need a capture file to distinguish between 1) and 2) to test a fix.
(I'll ask Paul Long of the NetMon group if there's a case where, for
example, the per-packet type will be 0.)
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Attachment:
NetMon34.cap
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark-users Digest, Vol 50, Issue 18 noah davids (Jul 20)
- Re: network monitor 3.3 traces cannot be read Guy Harris (Jul 20)
- network monitor 3.4 traces cannot be read Graham Bloice (Jul 22)
- Re: network monitor 3.4 traces cannot be read DePriest, Jason R. (Jul 22)
- Re: network monitor 3.4 traces cannot be read Guy Harris (Jul 22)
- Re: network monitor 3.4 traces cannot be read Stefaan Pouseele (Jul 22)
- Message not available
- Re: network monitor 3.4 traces cannot be read Guy Harris (Jul 22)
- Re: network monitor 3.4 traces cannot be read Gianluca Varenni (Jul 22)
- Re: network monitor 3.4 traces cannot be read Graham Bloice (Jul 23)
- Re: network monitor 3.4 traces cannot be read Guy Harris (Jul 23)
- Re: network monitor 3.4 traces cannot be read Graham Bloice (Jul 23)
- network monitor 3.4 traces cannot be read Graham Bloice (Jul 22)
- Re: network monitor 3.3 traces cannot be read Guy Harris (Jul 20)
- Re: network monitor 3.4 traces cannot be read Guy Harris (Jul 22)
- Re: network monitor 3.4 traces cannot be read Dave Howe (Jul 23)
- Re: network monitor 3.4 traces cannot be read Graham Bloice (Jul 23)