Hello, I'm running Wireshark 2.01 to decode CIP Motion packets. I had this setup working this morning, then suddenly it stopped decoding the UDP port 2222 as CIP Motion. I restarted Wireshark and the computer to no avail. I went back into Decode As and the field I had created disappeared. I went to re-create it, and CIP Motion is not available. I checked the installed and enabled dissectors, and CIP Motion is there and enabled. Any ideas? I'm about to uninstall and go back to 1.12 and hopefully that works. Thanks, Jim asked 02 Feb '16, 10:43  jsmart edited 03 Feb '16, 05:23 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Can you publish the capture (or a few packets of it) and the
preferencesfile from your profile somewhere and put a link to them here?I think it's probably not Wireshark. I had switched from using a managed switch to a basic hub in trying to see if the switch was blocking some packets. However, when on the hub, it seems Wireshark now sometimes decodes properly and sometimes doesn't.
well, it's probably not Wireshark's configuration, but it may still be something about the contents of some of the packets, which prevents Wireshark from decoding valid packets correctly, as well as really invalid (malformed, blocked) packets. The more the captures from both sources (switch and hub) would be interesting to analyse.