I have a capture that I was looking at in Wireshark 1.10.9 and after upgrading to Wireshark 1.12.0 certain packets that were marked with a protocol of http are now being marked as tcp instead. In both cases I have the tcp preference “Allow sub dissector to reassemble TCP streams” disabled. I have also uploaded this capture to cloudshark.org if anyone would like to download it and view it with reassembly turned off: https://www.cloudshark.org/captures/dd61015908de The packets that have changed from HTTP in version 1.10.9 to TCP in version 1.12.0 are: 7, 8, 11, 12, 14, 15, 17 and 18. I’ve looked through the release notes for Wireshark 1.12.0 and I wasn’t able to find anything that seemed related to this. Does anyone have any insight on what may have changed between versions? asked 26 Aug '14, 11:22  tomp |
One Answer:
This is a known bug. See Bug 10335 on the Wireshark Bugzilla. answered 26 Aug '14, 11:46  Jim Aragon |
