Wireshark-users: Re: [Wireshark-users] network monitor 3.4 traces cannot be read
From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Fri, 23 Jul 2010 12:41:00 +0100
On 23/07/2010 12:15, Dave Howe wrote:
On 22/07/2010 15:59, Graham Bloice wrote:
For what its worth, I just installed NM 3.4 to capture traffic over an 
MS VPN which WinPCap can't handle.  Capture is fine, but NM doesn't 
have the protocol decoder I need (DNP3) so I tried to open the file in 
Wireshark 1.5.0-SVN-33615 (Win7 x64) and got the error dialog "The 
capture file has a packet with a network type that Wireshark doesn't 
support. (netmon: network type 0 unknown or unsupported)".

I can make the capture available if folks want, I'm not in a position 
to look at this myself at the moment.  I presume the issue might be to 
do with the capture being from a VPN adaptor.
My understanding is that the capture format changes if you have more 
than one active and selected network connector in the capture, so it can 
differentiate between which board produced which packet. I could be 
wrong of course :)
Shall I make another capture, this time with my LAN adaptor selected as well as the PPTP one?

-- 
Regards,

Graham Bloice