I did a packet capture of FIX traffic. The traffic is from multiple sources. What I noticed unusual is it decoded FIX for half the traffic and not the other half. The only difference is the port the traffic was running on. The port it did not decode was TCP 5000. How do I tell it port 5000 is FIX asked 19 Apr '13, 14:34  plnnightsky |
One Answer:
Right click one of those packets and choose: Decode as -> TCP (both ports), then select the FIX protocol. Regards answered 20 Apr '13, 05:45  Kurt Knochner ♦ |
Thanks this worked for most of them. some it made no change too
If those packets that are not decoded use a different port, you'll have to repeat the "decode as" steps.
The first mistake I made was ports for both it was looking for both ports. Once I changed it to just the destination port (5000) it worked most. There are about 8 which it does not work for. I am thinking there is something wrong either with my copy of Wireshark or more likely something strange with the packets thanks again for taking the time to answer
can you post a sample capture file somewhere (google docs, dropbox, etc.)?