This is our old Q&A Site. Please post any new questions and answers at

I have a capture that I was looking at in Wireshark 1.10.9 and after upgrading to Wireshark 1.12.0 certain packets that were marked with a protocol of http are now being marked as tcp instead.

In both cases I have the tcp preference “Allow sub dissector to reassemble TCP streams” disabled.

I have also uploaded this capture to if anyone would like to download it and view it with reassembly turned off:

The packets that have changed from HTTP in version 1.10.9 to TCP in version 1.12.0 are: 7, 8, 11, 12, 14, 15, 17 and 18.

I’ve looked through the release notes for Wireshark 1.12.0 and I wasn’t able to find anything that seemed related to this.

Does anyone have any insight on what may have changed between versions?

asked 26 Aug '14, 11:22

tomp's gravatar image

accept rate: 0%

This is a known bug. See Bug 10335 on the Wireshark Bugzilla.

permanent link

answered 26 Aug '14, 11:46

Jim%20Aragon's gravatar image

Jim Aragon
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 26 Aug '14, 11:22

question was seen: 1,051 times

last updated: 26 Aug '14, 11:46

p​o​w​e​r​e​d by O​S​Q​A