E B wrote: > Thank you for the help with Windump, I couldn't figure out how to print > it to a text file.
The best thing to do, as noted by Sake, is to save the packets as raw data to a file. Use File -> Save As; that would let you select which packets to save (for example, clicking the "Displayed" button and choosing "Selected packet only" would save the currently-selected packet). If you want to "print" to a text file, you can use Export -> as "Plain Text" file; that's similar to "Save As". You'd want to turn on "Packet details", and "All expanded", and you can also choose "Packet summary line" and "Packet bytes". > So instead I used Snagit to make images of the List, Details, and Bytes > from 3 separate captures. > > The link is here: > http://s268.photobucket.com/albums/jj23/eb001-captures/ > > Capture 1 and Capture 2 have the LLC packets I was referring to. The packet you give as an example in Capture 2 appears to be, well, mangled. There appears to be an extra byte with the value hex 02 between the 802.3 header and the 802.2 LLC header. I suspect that packet is an IP packet (with a SNAP header), and would dissect as such without that extra byte in there. Unfortunately, Wireshark has no way of knowing that extra byte is there. The packet in Capture 1 appears to be similarly mangled, but it doesn't appear to be an IP packet. Unfortunately, I can't find anything about an 802.2 DSAP or SSAP value of 52/53, so I don't know what type of packet it is. I infer from the references to WinDump that this is on Windows. Windows drivers for 802.11 adapters don't do a very good job of supplying packets to applications doing packet capture; there's not much of anything that WinPcap or Wireshark can do about that. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
