I have a single pcap file. If I load it in Wireshark version 3.0.5 and search for tftp traffic I get the initial read request and subsequent blocks. If I do the same thing in Wireshark version 4.2.0 I only get the initial read request. The subsequent tftp blocks show up as UDP traffic and not tftp.
As tftp uses port 69 and then subsequently changes to other dynamic ports for block transmission, I'm wondering if Wireshark 4.2.0 is only tracking port 69 and therefore looses the traffic when the port changes. Is this a bug in 4.2.0 or am I missing something? Thanks!