Hallo, I was just examining some traffic and I noticed that whether or not the TCP Dissector Reassembles packets, the TCP packets of a HTTP Conversation do not show up as HTTP Traffic. I kinda remembered from WNA Study Guide that this should not be the case so I went back and looked (Chapter 8: Identify Network Protocols and Applications) Even though they are seen as HTTP when disabling the reassembly Setting, they are not listed as HTTP under the Statistics. I am PRETTY (not 100% though) sure that when I went through this with a previous version of Wireshark it worked according to the Study Guide? Can anyone else confirm this? I even loaded the File from the guide that also only shows a maximum of 16% http, not 95% as shown in the book.. Darren asked 12 Nov '14, 01:21  DarrenWright |
One Answer:
Are you using version 1.12.0 or 1.12.1? Those versions have problems with the HTTP dissector and do not always properly identify HTTP. answered 12 Nov '14, 05:05  Jim Aragon |
I Just updated to 1.12.2, It's working again now? Will mark as answered
Just noticed I marked the worng answer..
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.