Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4229] New: Netmon capture converted PCap file doesn't open

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 9 Nov 2009 13:17:23 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4229

           Summary: Netmon capture converted PCap file doesn't open in
                    Wireshark
           Product: Wireshark
           Version: 1.2.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: paullo@xxxxxxxxxxxxx


Created an attachment (id=3942)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3942)
Original Pcap File

Build Information:
Version 1.2.0 (SVN Rev 28753)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI,
without c-ares, without ADNS, with Lua 5.1, without GnuTLS, without Gcrypt,
without Kerberos, without GeoIP, with PortAudio V19-devel (built Jun 15 2009),
without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Windows Vista, build 7600, without WinPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When a pcap file is openned in Network Monitor we give the user the ability to
save the file in the Network Monitor file format.  To accomdate the pcap media
extended types, we add 0xE000 to the base media type and use this as the per
frame media type (see bug 4223).

So for instance the attached capture talk_bzip2_file_transfer.pcap has been
opened and saved as ConvertedCooked.cap.  In ConvertedCooked.cap, the per frame
media type is now 0xE071.  

When you attempt to open this capture file, it uses the overall media type
which is ethernet and does not interpet the capture correctly.

Incendently, even manually modifying the pcap file type to 0x71 does not
resolve the issue either.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube