On Feb 16, 2021, at 2:41 AM, Shai Shapira via Wireshark-dev
wrote:
> I'm researching Microsoft's Network Monitor captures format (.cap files)
Unfortunately, you probably can't download NetMon from Microsoft any more, so
you probably can't get the help file that documents the capture file
Hi all,
I'm researching Microsoft's Network Monitor captures format (.cap files) and I
need a lead in WS's code.
Based on the 'link layer type' parsed from the file header the packets might be
802.11 frames with NM's special header.
This dissector is known as "netmon_802_11" in wireshark.