On Mon, Jul 19, 2010 at 11:02 AM, noah davids <> wrote:
> I just tried to read a trace created with Microsoft Network Monitor version
> 3.3 using Wireshark version 1.4. All the frames have a Protocol of UNKNOWN
> and Info of "WTAP_ENCAP = 0". The first two frames appear to be Unicode text
> but starting with frame 3 the hex dump shows it to be an IP packet.
>
> "Decode As" is grayed out so I can't even force a decode. Any idea how I can
> read this trace?
>
>
> Noah Davids
Hello,
Can you send an example capture to the list?
I just captured about 30 seconds of traffic using Microsoft Network
Monitor 3.3 and saved it in its default .cap format. I was able to
open it in Wireshark 1.2.9 without any problems.
-Jason