Re: Question regarding cap export from netsh etl using message analyzer

[Ran Shenhar <ran.shenhar () gmail com>]

Thanks Guy.
I also posted a similar question on Microsoft's Analyzer forum and got the
following response:
"Was it on a wireless interface?

Wireshark is missing dissectors for the wireless frame we use when the
built-in NDIS driver captures the data.  There might also be some other
kinds of ETL traffic wireshark can't parse, but the TZSP protocol is
something I've seen with wireless data."
(on
http://social.technet.microsoft.com/Forums/en-US/messageanalyzer/thread/25dcf65d-0d18-4d11-b25a-a5d3aa4a81e9/
)

With all that being said, is there a plan to fix this?

Thanks.


On Thu, Oct 17, 2013 at 11:38 PM, Ran Shenhar <ran.shenhar () gmail com> wrote:

> Forgot to mention - Wireshark 1.10.2 64 bit.
> Found https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6694, so also
> tried opening on Ubuntu with Wireshark 1.6.7 64 bit.
> Installed the 32 bit portable Windows app - same result.
>
>
> On Thu, Oct 17, 2013 at 11:25 PM, Ran Shenhar <ran.shenhar () gmail com>wrote:
>
> > I have a Win machine I can't install Wireshark on.
> > So I figured I'd use "netsh trace start capture=yes Ethernet.Type=IPv4
> > traceFile=d:\ip.trace2.etl maxsize=20" to capture, then follow
> > http://blogs.technet.com/b/yongrhee/archive/2013/08/16/so-you-want-to-use-wireshark-to-read-the-netsh-trace-output-etl.aspxto
> >  export and read in Wireshark.
> > The problem is that the exported file opens up with all packets marked as
> > TZSP and malformed.
> > Is there a better way to doing that? Other tools to convert etl to pcap?
> >
> > Thanks,
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe