This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

WebSocket packets not visible in macOS

WebSocket packets are not visible in Wireshark 2.2.7 in macOS Sierra but when i open the same trace file in Windows or Linux version the packets are there and visible by protocol.

Is there any way to enable viewing WebSocket packets in macOS?

websocket bug

asked 09 Jun '17, 22:45

milosr
6●1●1●2
accept rate: 0%

The dissector engine is independent of the OS. Therefore I guess it's more an issue of your preferences.

Is 'Websocket' enabled ('Analyze' -> 'Enabled Protocols' -> 'WebSocket') on your macOS installation?
Any customized profile configured?

(11 Jun '17, 08:45) Uli

WebSocket is enabled in 'Enabled Protocols' settings, and I did a clean reinstallation to see if it has to do anything with settings but there are still no WebSocket frames visible.

(11 Jun '17, 09:03) milosr

Can you share the pcap showing this issue?

(11 Jun '17, 11:08) Uli

https://drive.google.com/file/d/0B32hB5O91KYXQVRVZk5KVDFHcTA/view?usp=sharing

this is an example pcapng

(12 Jun '17, 05:47) milosr

One Answer:

Just tested it with Wireshark 2.2.7 on macOS 10.12.5. Here WebSocket is dissected without any problem.

Therefore I still guess it's an issue of your (user) settings. A reinstallation will not remove these.

For testing you can rename your personal configuration folder (To find the location go to: Wireshark -> About Wireshark -> Folders) and restart Wireshark.

answered 12 Jun '17, 08:36

Uli
903●1●5●15
accept rate: 29%

I deleted the .wireshark personal folder and restarted Wireshark. It now displays the WebSocket packets.

Thank you.

(12 Jun '17, 21:22) milosr

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(13 Jun '17, 00:49) grahamb ♦