Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10556] Wireshark can't open netmon files from Microsoft Message Analyzer using

Wireshark-bugs: [Wireshark-bugs] [Bug 10556] Wireshark can't open netmon files from Microsoft Me

Date: Fri, 10 Oct 2014 17:16:28 +0000

Comment # 6 on bug 10556 from Francesco Pretto

(In reply to Francesco Pretto from comment #5)
>endpoint WFPFrame[binary Address]
>    accepts MessageV4
>    accepts MessageV6
>    accepts Message2V4
>    accepts Message2V6
>    [...]
>

Also this means there are more than one media types used, as confirmed by MA
devs. For example the more common is Message2V4 that is 0xE085. 0xE085 - 
0xE000 = 133.

134 is 0xE086 and is Message2V6: that is described as:

message Message2V6
{
    IPv6Address SourceAddress with Visualization{AliasName = "Address"};
    IPv6Address DestinationAddress with Visualization{AliasName = "Address"};
    byte Protocol;
    long FlowContext;
    short PayloadLength;
    binary Payload;
}

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 10556] New: Wireshark can't open cap file from Microsoft Message Analyzer
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10533] Include support for SMB3.1 parsing
Next by Date: [Wireshark-bugs] [Bug 10539] ad-data and pa-data structures other than IF-RELEVANT are no more decoded with the switch to ASN1 based dissector
Previous by thread: [Wireshark-bugs] [Bug 10556] Wireshark can't open netmon files from Microsoft Message Analyzer using non-standard "reserved for pcap" media types
Next by thread: [Wireshark-bugs] [Bug 10557] New: EAPOL 4-way handshake information wrong
Index(es):
- Date
- Thread