I know the original author has left Microsoft from previous posts. I also know that there are severe problems with non-tcp data being manipulated that is not fixed with the current version (post below this one). I am working on a perl script instead of waiting for an update.

Hi guys, I would like to know if the team plan to release a new version of log parser especially on netmon files. I am doing a lot of network analysis, and there are some limitations ... because netmon V3 is here now, I wonder if there is a plan to update LogPArser. Thanks fred

We are working on a project to place internal firewalls between very busy segement of our network. We have captured several hundred gb's worth of traffic using ethereal/wireshark. We use editcap to save the file as a netmon v2 file and then use log parser 2.2 to push the converted files into SQL 2000...

If you have etehreal/wireshark you can use editcap to export to netmonv1/v2.

May be this will help c:\>logparser -h -i:NETMON Input format: NETMON (NetMon capture files) Parses NetMon capture files FROM syntax: <filename> [, <filename> ...] Path(s) to NetMon .cap capture file(s) Parameters: -fMode TCPIP|TCPConn : Field mode; TCPIP: each record is a single TCP/IP...

I captured pure L2TP traffic into a cap file (pure means no IPSec stuff to encrypt). I can clearly see the L2TP packets in Netmon. But I cant get the payload via LogParser. My query is LogParser.exe -i:NETMON -binaryFormat HEX "SELECT payload into temp.txt from 'L2TP.cap' " Whats wrong with this query...

I can't get logparser to work with all capture files. Netmon opens them fine though. See below for the error I get. logparser -i:NETMON "select top 1 * from nowork.cap" Task aborted. Statistics: ----------- Elements processed: 0 Elements output: 0 Execution time: 0.01 seconds I've attached a zip with...

Install ethereal and go to the same directory where it's installed. There's a command line tool called mergecap and you can convert the libpcap format to either netmon1, netmon2, or any other format you wish under the following choices: libpcap - libpcap (tcpdump, Ethereal, etc.) rh6_1libpcap - RedHat...

The format is described in the Windows SDK - look at NetMon.h.

any one know netmon file format? discussion ? or other forum please mail me at dylan_angel180@hotmail.com thks dylan