Wireshark-bugs: [Wireshark-bugs] [Bug 6694] Error reading some capture files created by "netsh"

Date: Thu, 29 Dec 2011 02:53:35 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6694

--- Comment #8 from Guy Harris <guy@xxxxxxxxxxxx> 2011-12-29 02:53:34 PST ---
OK, when I try to read the test.cap file with the x86-64 version of Wireshark
on Mac OS X, I don't get any error.  Do you get any error, or do you just not
see any packets?  I just don't see any packets.  Do the 32-bit and 64-bit
versions of Wireshark treat that file differently?  If you just don't see any
packets with that file, that's because the packets have a packet type that
Wireshark doesn't understand.

Was that file produced by reading a .etl file with Network Monitor and writing
it out as a .cap file?  From "I have the Problem with file original created
with "netsh trace" command. i have opened this file with the Network Monitor on
a other Station and saved it as .cap file." I infer that's what you did.

The x86-64 Mac OS X version of Wireshark has no problems reading the "Native
Network Monitor file" (other than getting malformed packet errors - it might be
incorrectly determining whether the packets include the FCS or not).  Do you
see any errors reading that file with the 64-bit Wireshark?  I assume from
"with a native created capture file there is no problem with the x86 version"
that you have no errors with the 32-bit Wireshark.

The problem with the .etl file is that it's not a file of a type that Wireshark
knows about; the code to read Mac OS X Bluetooth packetlogger files thinks it
looks enough like a packetlogger file that Wireshark tries to read it as such
and fails to do so.  Is the file format of a .etl file documented somewhere?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.