I just downloaded version 2.0.1. I have a pcap that works in Wireshark version 1.12.9 but gives me bogus IPv4 in version 2.0.1. I can read other pcaps in 2.0.1 which have both ipv4 and 6, but this one is giving me trouble. I have attached a couple of screenshots. Not sure if the screenshots will work or not since this is the first question I have ever asked. Appreciate any assistance.
Here is a link to a single packet pcap https://drive.google.com/open?id=0B6xDWNlkBv4CTEo3RzdKS2hiYW8.
asked 04 Feb '16, 08:26
edited 04 Feb '16, 10:48
Your capture is using an Ethertype IPv4 (0x0800) while encapsulating an IPv6 packet.
Wireshark versions up to 1.12.X allowed this but Wireshark 2.0.X strengthens the checks and consider this as an error. Your application doing the capture should use an ethertype IPv6 (0x86DD) instead.
In the meantime, you can force the dissection as IPv6 by using 'Decode As' functionality and force dissection of Ethertype 0x0800 as IPv6. But this will break dissection of standard Ethernet packets for example, so use this with caution.
answered 04 Feb '16, 11:32
edited 04 Feb '16, 11:32