https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15482
Guy Harris <ghar...@sonic.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Extras |Capture file support
| |(libwiretap)
Hardware|x86-64 |All
Summary|editcap can't convert a |editcap and Wireshark can't
|NetMon 2.x capture file to |convert a NetMon 2.x
|pcapng, even though |capture file to pcapng
|Wireshark can do it. |
Status|UNCONFIRMED |CONFIRMED
OS|Windows 10 |All
Ever confirmed|0 |1
--- Comment #2 from Guy Harris <ghar...@sonic.net> ---
The underlying problem is that libwiretap doesn't have a good general model of
how capture files work; instead, it has some special-purpose hacks for pcapng.
A model that makes all files like pcapng would help, although one problem is
that, while newer NetMon files can 1) have a list of interfaces and 2) support
multiple link-layer types, it doesn't associate packets with interfaces, so
it's difficult to implement a pcapng-style model. There are some tricks that
could be used to heuristically associate packets with interfaces, based on
interface MAC addresses, but that won't work for non-unicast packet sent from
another machine (you can't match on the destination address) and 2) might not
work for interfaces that don't have MAC addresses.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
