Wireshark-bugs: [Wireshark-bugs] [Bug 10190] The .cap files generated from Message Analyzer use

Date: Sat, 05 Jul 2014 10:54:14 +0000

changed bug 10190

What Removed Added
Status UNCONFIRMED INCOMPLETE
Ever confirmed   1

Comment # 8 on bug 10190 from
The example .cap file has a major version number of 2 and a minor version
number of 0.  According to the NetMon 3.4 help file, that means that the format
is 2.0, and therefore that it does *not* have a trailer with a TimeStamp field.

Therefore, this file came from a program that writes out NetMon 2.0-format
files, or from a program that writes out some later NetMon 2.x format but that
puts the wrong magic number into the file header.  If that program is Microsoft
Message Analyzer, Microsoft should fix Message Analyzer (and, if that
screenshot came from Message Analyzer, should make sure Message Analyzer
correctly handles NetMon 2.0-format files).

(Note, by the way, that if I have Network Monitor 3.4 read that file, it shows
the same time stamps that Wireshark does.)

I have a fix for this problem (enhancing the code that already processes the
trailer to handle the time stamp in version 2.3 and later), but it won't help
with this file.


You are receiving this mail because:
  • You are watching all bug changes.