https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4223
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #5 from Guy Harris <guy@xxxxxxxxxxxx> 2010-07-18 12:52:41 PDT ---
Added support for the per-frame media type in rev 33572 of the trunk and rev
33573 of the 1.4 branch, so this should be in 1.4.0.
Paul, the post-packet-data part of the frame, as documented in the NetMon help
file, is different in versions 2.1, 2.2, and 2.3 of the file format, right?
I'm guessing that:
in 2.1, it has only the MediaType field;
in 2.2, it adds the ProcessInfoIndex field;
in 2.3, it adds the TimeStamp and TimeZoneIndex fields.
I'm also guessing that the fields are not aligned on natural boundaries (given
that the packet data could contain an arbitrary number of bytes, there's no
guarantee that even the MediaType field is on a 2-byte boundary), so there's no
padding between the fields, and that the fields are all in little-endian byte
order.
For now, I'm ignoring the special frame types, and erroring out on the special
network types such as the "Linux cooked" type. I assume I can generate a
NetMon file with that type by reading in a "Linux cooked" pcap file and writing
it out as a NetMon file.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
