Wireshark · Wireshark-users: Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer

Wireshark-users: Re: [Wireshark-users] Question regarding cap export from netsh etl using message

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 18 Oct 2013 01:53:26 -0700

On Oct 18, 2013, at 1:04 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

> Either this is a bug in Message Analyzer's code for converting .etl files to Network Monitor .cap files or a bug in Wireshark's code for reading Network Monitor .cap files.

It's a deficiency in Wireshark's code for reading .cap files; apparently, when either Network Monitor or Message Analyzer converts .etl files to .cap files, it writes out records that Wireshark doesn't understand.

At least when I try to read the .cap files, *no* packets show up - it's not as if they show up as TZSP, but maybe different types of files produce different types of records that produce different types of problems.

References:
- [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
  - From: Ran Shenhar
- Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
Next by Date: [Wireshark-users] tshark smb,srt filter error
Previous by thread: Re: [Wireshark-users] Question regarding cap export from netsh etl using message analyzer
Next by thread: [Wireshark-users] tshark smb,srt filter error
Index(es):
- Date
- Thread