Wireshark mailing list archives

Re: Question regarding cap export from netsh etl using message analyzer

From: Guy Harris <guy () alum mit edu>
Date: Fri, 18 Oct 2013 01:53:26 -0700


On Oct 18, 2013, at 1:04 AM, Guy Harris <guy () alum mit edu> wrote:

Either this is a bug in Message Analyzer's code for converting .etl files to Network Monitor .cap files or a bug in 
Wireshark's code for reading Network Monitor .cap files.


It's a deficiency in Wireshark's code for reading .cap files; apparently, when either Network Monitor or Message 
Analyzer converts .etl files to .cap files, it writes out records that Wireshark doesn't understand.

At least when I try to read the .cap files, *no* packets show up - it's not as if they show up as TZSP, but maybe 
different types of files produce different types of records that produce different types of problems.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 17)
- Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 17)
  - Re: Question regarding cap export from netsh etl using message analyzer Ran Shenhar (Oct 21)
    - Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 21)
- Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 18)
  - Re: Question regarding cap export from netsh etl using message analyzer Guy Harris (Oct 18)