Wireshark mailing list archives

Re: network monitor 3.3 traces cannot be read

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Mon, 19 Jul 2010 12:25:41 -0500

On Mon, Jul 19, 2010 at 11:02 AM, noah davids <> wrote:

I just tried to read a trace created with Microsoft Network Monitor version
3.3 using Wireshark version 1.4. All the frames have a Protocol of UNKNOWN
and Info of "WTAP_ENCAP = 0". The first two frames appear to be Unicode text
but starting with frame 3 the hex dump shows it to be an IP packet.

"Decode As" is grayed out so I can't even force a decode. Any idea how I can
read this trace?


Noah Davids


Hello,

Can you send an example capture to the list?

I just captured about 30 seconds of traffic using Microsoft Network
Monitor 3.3 and saved it in its default .cap format.  I was able to
open it in Wireshark 1.2.9 without any problems.

-Jason
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

network monitor 3.3 traces cannot be read noah davids (Jul 19)
- Re: network monitor 3.3 traces cannot be read Stig Bjørlykke (Jul 19)
- Re: network monitor 3.3 traces cannot be read DePriest, Jason R. (Jul 19)
  - Message not available
    - Re: network monitor 3.3 traces cannot be read Guy Harris (Jul 20)
  - Re: network monitor 3.3 traces cannot be read Stefaan Pouseele (Jul 20)