I have a trace file that has http traffic on port 87, even though I add port 87 to http protocol preferences settings and I also tried "decoded as", but still it does not display "source/ destination port = 87" or "http" in the info column. Any suggestions from the experts! asked 31 Jul '14, 16:56  cyverzek showing 5 of 6 show 1 more comments |
2 Answers:
Although "Decode as" should work with 1.8.3, can you please try Kali Linux, the successor of BackTrack? It provides a newer release of Wireshark. Regards answered 03 Aug '14, 13:06  Kurt Knochner ♦ |
you can try to right click on the frame and under protocol preferences verify that "Allow subdissector to reassemble TCP streams" is checked answered 13 May '15, 17:38  johannes |
what is your
Can you please
Wireshark 1.8.3 BT 3.2.6
The trace file is available at http://www.wiresharkbook.com/101_supplements/wireshark101files.zip. It's name is challenge101-1.pcapng
what is BT 3.2.6 ? That does not sound like a standard version of Wireshark.
OS BackTrack 5.3 and kernel 3.2.6, sorry for the confusion.
I am using 1.12.1 on Windows 7 and having the same problem? I am using the example from Wireshark 101 (Challenge101.pcapng)
Have tried both methods (decode as and adding port to http dissector), nothing is working.
There is nothing special you'll have to do. Wireshark detects HTTP on port 87 "automagically". Anyway, even if it would not detect it, the "Decode As" feature should work. I tested it with the mentioned capture file. Here are my results (Wireshark 1.12.1 / Win7 - no change at all).
If your problem persist, please open your own question, as the OP was using a different Wireshark version and OS!