ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4224] New: Process Information Added to netmon2.x capture

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 9 Nov 2009 11:22:44 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4224

           Summary: Process Information Added to netmon2.x capture format
           Product: Wireshark
           Version: unspecified
          Platform: Other
        OS/Version: Windows NT
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: paullo@xxxxxxxxxxxxx


Build Information:
Version 1.2.0 (SVN Rev 28753)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI,
without c-ares, without ADNS, with Lua 5.1, without GnuTLS, without Gcrypt,
without Kerberos, without GeoIP, with PortAudio V19-devel (built Jun 15 2009),
without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Windows Vista, build 7600, without WinPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Starting with Netmon 2.2 capture file format we've added process information
which links each frame to a process table in the capture file.

The process index appended to each frame (after the per frame media type) and
is described in the help file under Network Monitor Overview->Capture File
Format->Network Monitor Capture File Format->Frame Layout.

The Capture File header now uses two DWORDs to determine the offset in the file
of the process information table and another DWORD to indicate the number of
process elements.  These are at offsets 0x30 and 0x34 respectively in the
Capture File Header.  Look at the Capture File Header section in the Network
Monitor 3 help file under Network Monitor Overview->Capture File
Format->Network Monitor Capture File Format.

Each Process Info structure is defined by the help file under Process Info in
the same section as the Capture File header above.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube