This is our old Q&A Site. Please post any new questions and answers at

I have a pcap of a citrix capture within a citrix network. I am trying to replay this in a not citrix environment to simulate the traffic for test purposes. When i look at the pcap, "citrix" or ICA is not seen in the decode. When I try to decode as, Citrix and ICA are not seen.

What am i missing? Or is a Citrix capture decode not supported?

asked 30 Aug '12, 09:29

lenalbanese's gravatar image

accept rate: 0%

Wireshark cannot decode the Citrix ICA protocol since it is a proprietary protocol. Only a few commercial analyzers like Sniffer Pro or Clearsight can "decode" it after having signed an NDA (as far as I know), but last time I checked their decodes were far from perfect and do not help much anyway.

permanent link

answered 30 Aug '12, 15:32

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Wireshark cannot.

Sniffer Global / A3(A-CUBE) /Netscout Probe /PM from Netscout Systems will decode it

permanent link

answered 04 Sep '12, 01:46

Harsha's gravatar image

accept rate: 0%

edited 04 Sep '12, 01:47

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 30 Aug '12, 09:29

question was seen: 13,585 times

last updated: 04 Sep '12, 01:47

p​o​w​e​r​e​d by O​S​Q​A