This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.
1
1

I have a capture that I was looking at in Wireshark 1.10.9 and after upgrading to Wireshark 1.12.0 certain packets that were marked with a protocol of http are now being marked as tcp instead.

In both cases I have the tcp preference “Allow sub dissector to reassemble TCP streams” disabled.

I have also uploaded this capture to cloudshark.org if anyone would like to download it and view it with reassembly turned off:

https://www.cloudshark.org/captures/dd61015908de

The packets that have changed from HTTP in version 1.10.9 to TCP in version 1.12.0 are: 7, 8, 11, 12, 14, 15, 17 and 18.

I’ve looked through the release notes for Wireshark 1.12.0 and I wasn’t able to find anything that seemed related to this.

Does anyone have any insight on what may have changed between versions?

asked 26 Aug '14, 11:22

tomp's gravatar image

tomp
31125
accept rate: 0%


This is a known bug. See Bug 10335 on the Wireshark Bugzilla.

permanent link

answered 26 Aug '14, 11:46

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×293

question asked: 26 Aug '14, 11:22

question was seen: 1,051 times

last updated: 26 Aug '14, 11:46

p​o​w​e​r​e​d by O​S​Q​A