I am using a mac via thunderbolt display port mirroring on the switch connected to my thunderbolt. For some reason on the 2.0.0 Developer version of wireshark, I will some times get HTTP (rarely) but most of the time I will only get TCP. I try to right click on the stream and click decode as, then choose http, and press okay. Neither when it loads or when I start wireshark again will it show the HTTP stream instead. In fact I don't get http from anything that I should be getting it from even. I would think that it's my switch set up, but I get http every now and then. Any help would be appreciated. ====EDITED==== I also noticed I keep getting this in the packet info [Dissector bug, protocol TCP: /Users/buildslave/Documents/wireshark-2.0/osx106x64/build/epan/dissectors/packet-tcp.c:1969: failed assertion "mptcpd != ((void *)0)"] asked 20 Nov '15, 13:03  Kristaphonie edited 23 Nov '15, 14:43 |
2 Answers:
The assert you a reporting was in 2.0.0 RC1 and was fixed in official release. It prevented any proper dissection of TCP traffic. Please upgrade your Wireshark version to the official 2.0.0 final version. Hopefully it should fix your issue. answered 23 Nov '15, 14:47  Pascal Quantin |
The 'Decode As' setting is not saved be default, unless you click on the Save button. So your setting is not saved between Wireshark instances. Instead of using 'Decode As' functionality, you might double check what are the TCP ports configured in Edit -> Preferences -> Protocols -> HTTP -> TCP ports and add the missing one. answered 20 Nov '15, 14:24 Pascal Quantin @Pascal: I am afraid Kristaphonie may rather be complaining about 2.0.0 Dev not auto-detecting tcp towards port 80 as http automatically. @Kristaphonie: may you clear the doubt and post an example of such capture? (20 Nov '15, 14:59) sindy @sindy: 2.0.0 has port 80 in the list of ports for TCP and it's working perfectly fine for me. (20 Nov '15, 15:13) Pascal Quantin @Pascal So my protocol preferences has 80,3128,3132,5985,8080,8088,11371,1900,2869,2710 as all the TCP ports it's currently looking for, which should be fine. I've also got all three checkboxes for HTTP reassembly checked as well. (23 Nov '15, 13:54) Kristaphonie Could you please share a capture so as to see what the issue could be? You are so far the first one reporting this. Just to remove any doubt: when you talk about a 2.0.0 developer version, are you referring to Wireshark 2.0.0 officially released last week? Or are you using a nightly build prior to this official launch? (23 Nov '15, 14:41) Pascal Quantin |
That was it. The version I was on was breaking it. I hadn't checked for a new version and I couldn't find a bug trail or anything on the specific issue when I looked, so thank you for helping me.