I was sent a wireshark capture from a customer but received the following error when I tried to open it: The file "{network shared drive}CAD.cap" is a capture for a network type that Wireshark doesn't support. (Observer: unsupported file version ObserverPktBufferVersion=15.00) I'm trying to get information on this but not able to find anything yet. If there might be some suggestions, it would be helpful. asked 17 Jan '12, 08:25  Vinnypie |
One Answer:
I suspect that's not a Wireshark capture, but a capture from one of Network Instruments' Observer products. If so, this is probably bug 5869; older versions of Wireshark couldn't handle captures from newer versions of Observer. The fix is in 1.6.0 (and thus all 1.6.x releases); it's not in any 1.4.x release. answered 17 Jan '12, 11:42  Guy Harris ♦♦ |
If it's really a Wireshark capture, I would not expect the error message shown. Could the file have gotten mangled when it was copied/transferred ? For instance, treating the file as ASCII when using FTP will mess up the file...
I appreciate the response and have thought of that but get errors now matter how I try to open it. I will keep trying to get this figured out as I have asked the customer to provide more information. Thank you.