Hi Jason,
I've seen that behavior too. Attached you'll find a sample capture taken
with Microsoft Network Monitor 3.4. I've tried to open it with Wireshark
1.4.0rc1 with All the frames having a Protocol of UNKNOWN and Info of
"WTAP_ENCAP = 0".
Best Regards,
Stefaan
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of DePriest, Jason
R.
Sent: maandag 19 juli 2010 19:26
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] network monitor 3.3 traces cannot be read
On Mon, Jul 19, 2010 at 11:02 AM, noah davids <> wrote:
> I just tried to read a trace created with Microsoft Network Monitor
version
> 3.3 using Wireshark version 1.4. All the frames have a Protocol of UNKNOWN
> and Info of "WTAP_ENCAP = 0". The first two frames appear to be Unicode
text
> but starting with frame 3 the hex dump shows it to be an IP packet.
>
> "Decode As" is grayed out so I can't even force a decode. Any idea how I
can
> read this trace?
>
>
> Noah Davids
Hello,
Can you send an example capture to the list?
I just captured about 30 seconds of traffic using Microsoft Network
Monitor 3.3 and saved it in its default .cap format. I was able to
open it in Wireshark 1.2.9 without any problems.
-Jason
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Attachment:
NetMon34.cap
Description: Binary data
