I enter "amqp" keyword to filter the request/response in Wireshark on mac, my mac version is macOS version Sierra 10.12.6, while this keyword doesn't work at all after I click "Start capturing packets". while the rabbitmq client does receive the message sent. could someone help to resolve this issue? thanks in advance.
asked 23 Oct '17, 02:22
Are you attempting to use it as a Capture Filter, i.e. in the filter field just above the interface list that is preceded by the text "Capture ...using this filter:"?
If so, then this won't work as amqp is not valid for a capture filter, but is valid for a display filter.
You can try using a capture filter of "port 5672" for regular unencrypted amqp traffic, but your environment may vary
If your amqp traffic is using TCP on the standard port (5672) then it should be automatically dissected, and if running on TLS using the standard port (5671) and if you have decryption correctly configured that should be automatically dissected as well.
answered 23 Oct '17, 05:14
I'm sure that rabbitmq on my mac uses the default port 5672 and I find mongo in display filter doesn't work neither while using the default port 27017. do you use teamViewer so that we can have a screen sharing?
answered 26 Oct '17, 23:50