Hi all,
I'm researching Microsoft's Network Monitor captures format (.cap files) and I
need a lead in WS's code.
Based on the 'link layer type' parsed from the file header the packets might be
802.11 frames with NM's special header.
This dissector is known as "netmon_802_11" in wireshark.
Hey Avi
The syntax you need to use in TShark’s -e option is the same one you’d use in
the filter in Wireshark.
An easy way to find what that would be is by clicking the field you want to
export and
look in the status bar in Wireshark, the value in the brackets will be the
filter.
Example for a
Hey all
I noticed today I couldn't get Wireshark to show the usbpcap interface in
the latest master build.
I'm quite positive this is because of the new addition to the way extcaps
are interacted with, specificly (from README.extcap):
"
Since Wireshark 2.9 this call is extended with
I believe there's another possible approach here:
Register the dissector once with proto_register_protocol (as usual), which
assumed caller is TCP
register another dissection function (for SMP) using
create_dissector_handle_with_name called something like "smp.tds"
than look for this name when
