This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I did a packet capture of FIX traffic. The traffic is from multiple sources. What I noticed unusual is it decoded FIX for half the traffic and not the other half. The only difference is the port the traffic was running on. The port it did not decode was TCP 5000. How do I tell it port 5000 is FIX

asked 19 Apr '13, 14:34

plnnightsky's gravatar image

plnnightsky
1111
accept rate: 0%


Right click one of those packets and choose: Decode as -> TCP (both ports), then select the FIX protocol.

Regards
Kurt

permanent link

answered 20 Apr '13, 05:45

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks this worked for most of them. some it made no change too

(20 Apr '13, 13:25) plnnightsky

If those packets that are not decoded use a different port, you'll have to repeat the "decode as" steps.

(20 Apr '13, 14:16) Kurt Knochner ♦

The first mistake I made was ports for both it was looking for both ports. Once I changed it to just the destination port (5000) it worked most. There are about 8 which it does not work for. I am thinking there is something wrong either with my copy of Wireshark or more likely something strange with the packets thanks again for taking the time to answer

(21 Apr '13, 12:17) plnnightsky

can you post a sample capture file somewhere (google docs, dropbox, etc.)?

(21 Apr '13, 13:55) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×14

question asked: 19 Apr '13, 14:34

question was seen: 3,754 times

last updated: 21 Apr '13, 13:55

p​o​w​e​r​e​d by O​S​Q​A