Wireshark · Ethereal-users: [Ethereal-users] netmon capture foramt (3)

Ethereal-users: [Ethereal-users] netmon capture foramt (3)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Tue, 26 Jul 2005 09:42:24 +0800 (MYT)

Jnetstream can read the capture file but at the very end of it contain the
"unknown" data(frame table) that can't deocde by jnetstream and it output
as having invalid data in the stream. Below is my capture file that open
in ultraedit

.. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. ..
10 00 09 3A 80 00 01 51 80 80 00 00 00
                        /\
As i know frametableoffset in netmon.c represent how many data (total data
in byte) in the capture file. Mean while frametablelength represent how
many data or "frame table" (in byte)in a capture file and it increase
4byte for each packet in that file. Jnetstream suppose decode until /\ and
the 80 00 00 00 is the "frame table or frametablelength". unfortunely
jnetstream decode 80 00 00 00 as invalid data.

                                                                    thanks

Follow-Ups:
- Re: [Ethereal-users] netmon capture foramt (3)
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] How do I listen to my dial-up connection?
Next by Date: [Ethereal-users] Traffic Reconstruction Plugin (Request)
Previous by thread: Re: [Ethereal-users] Invalid ICMP Checksum
Next by thread: Re: [Ethereal-users] netmon capture foramt (3)
Index(es):
- Date
- Thread