This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Export protocol change

0

Hi guys,

Strange one; I've captured a couple of packets from a windows 7 (embedded) machine, using wireshark for windows. Made an export to analyze the data on my mac, but it strangely 'converts' a couple of HTTP packets to TCP and make the /GET unreadable.

Is there an explanation for this, or this is this some sort of bug? (googled and searched here, but couldn't find related articles.)

Thanks in advance.

Regards!

asked 16 Feb '14, 01:01

OhNoozz's gravatar image

OhNoozz
1112
accept rate: 0%

How did you 'export' the file and how did you transfer the file to your Big Mac?

(16 Feb '14, 02:27) Kurt Knochner ♦

Saved it as pcapng file and transfered to mac fluffy with usb stick. Edit: It's exactly one package. A http /GET request. All other packets (also other HTTP) are the same. Tried multiple times; same result.

(16 Feb '14, 06:37) OhNoozz

What are the Wireshark versions on both systems? Do you see the same on Win7 and Mac?

(16 Feb '14, 06:56) Kurt Knochner ♦

One Answer:

0

Maybe reassembly settings for http? Check the Preferences options for HTTP Reassembly (Edit | Preferences | Protocols | HTTP.

answered 16 Feb '14, 08:48

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%