This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packets marked as http on 1.10.9 are marked as tcp on 1.12.0

1
1

I have a capture that I was looking at in Wireshark 1.10.9 and after upgrading to Wireshark 1.12.0 certain packets that were marked with a protocol of http are now being marked as tcp instead.

In both cases I have the tcp preference “Allow sub dissector to reassemble TCP streams” disabled.

I have also uploaded this capture to cloudshark.org if anyone would like to download it and view it with reassembly turned off:

https://www.cloudshark.org/captures/dd61015908de

The packets that have changed from HTTP in version 1.10.9 to TCP in version 1.12.0 are: 7, 8, 11, 12, 14, 15, 17 and 18.

I’ve looked through the release notes for Wireshark 1.12.0 and I wasn’t able to find anything that seemed related to this.

Does anyone have any insight on what may have changed between versions?

asked 26 Aug '14, 11:22

tomp's gravatar image

tomp
31125
accept rate: 0%


One Answer:

2

This is a known bug. See Bug 10335 on the Wireshark Bugzilla.

answered 26 Aug '14, 11:46

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%