Hi guys, Strange one; I've captured a couple of packets from a windows 7 (embedded) machine, using wireshark for windows. Made an export to analyze the data on my mac, but it strangely 'converts' a couple of HTTP packets to TCP and make the /GET unreadable. Is there an explanation for this, or this is this some sort of bug? (googled and searched here, but couldn't find related articles.) Thanks in advance. Regards! asked 16 Feb '14, 01:01  OhNoozz |
One Answer:
Maybe reassembly settings for http? Check the Preferences options for HTTP Reassembly (Edit | Preferences | Protocols | HTTP. answered 16 Feb '14, 08:48  grahamb ♦ |
How did you 'export' the file and how did you transfer the file to your Big Mac?
Saved it as pcapng file and transfered to mac fluffy with usb stick. Edit: It's exactly one package. A http /GET request. All other packets (also other HTTP) are the same. Tried multiple times; same result.
What are the Wireshark versions on both systems? Do you see the same on Win7 and Mac?