https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15438
--- Comment #7 from Guy Harris <g...@alum.mit.edu> ---
(In reply to Abed Halabi from comment #6)
> Thanks for looking into it Guy. I retraced my steps and made sure I had TCP
> traffic in the file and still had the same issue but a colleague of mine
> helped me flush it further. What is happening is that the old .etl file
> from the NETSH had other types of records like you pointed out. However the
> old version of Wireshark tolerated them
I suspect "tolerated" meant "discarded at a low level during the read process"
- *and* that the old version also treated the packets as 802.11 frames,
discarding all the "Network Monitor Event" and "ETW Ndis" information, and
indicated that the file was a NetMon file with 802.11 packets, because there
*is* no way to put Network Monitor Event data into a pcap or pcapng file (there
is no LINKTYPE_ value corresponding to Network Monitor Event data).
What old version was that? If I try to read your example file with Wireshark
2.4.x built from the 2.4.x branch in Git, it throws away *all* of the records,
including the packets.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
