Those two are the same Data. When I close that Transmission Control Protocol group that data disappears so it seems its under that. But why is it not under Malformed Packet ? Is it also used by Hypertext Transfer Protocol which is why its under that. Hypertext Transfer Protocol is a subgroup of Transmission Control Protocol here. asked 15 Jan '17, 11:19  Sanan edited 15 Jan '17, 11:22 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Why should it be under Malformed Packet? I think you try to read too much into it.
If you look at the indenting, it is not under Hypertext Transfer Protocol, but instead under TCP. It is data that Wireshark has no dissector for, thus listing it as simply Data.
Is it "unsafe"? That depends.....it could be a legit proprietary protocol, but could also be something unsafe.
This is the data associated with it, it doesn't look suspicious does it?