Malformed packets on Linux Wireshark 4.2.2 but not Mac Wireshark 4.2.3 for the same .pcap
I shared a .pcap with my colleague who is running Wireshark 4.2.3 on a Mac. The packet capture showed expected MQTT traffic. However when I looked at the same .pcap using the latest Wireshark available for Ubuntu (4.2.2) I see SOME of the MQTT packets as being malformed.
For example here I see a particular packet as an expected MQTT "Connect Command" on my colleagues machine. However on my machine I see it summarized as a "Publish Received (id=20312), Publish Message[Malformed Packet], Publish Release (id=30796), Publish Message[Malformed Packet], Publish Ack (id=23145), Publish Ack (id=26728)..."
I have verified we are both looking at the same packet by comparing packet numbers, times, stream IDs, Source and Destination IPs, Source and Destination Ports etc.
To add to the confusion, for MOST MQTT clients all appears the same for both of us. The discrepancies are only for ONE MQTT client. So at this moment we are not sure if his machine is erroneously accepting a malformed packet as valid. Or mine is erroneously rejecting a valid packet as malformed.
Thanks for your help!
Can you share a capture file including the suspect packet?
The packet contains a token that an MQTT client uses to connect. I'll see if I can obfuscate the token and share. In the meantime one more bit of information: a 2nd colleague of mine used Wireshark on a Mac and had problems with packets from the same MQTT client. I don't know what version. Then he upgraded Wireshark to the latest (4.2.3) and the problem went away.
So it seems something was resolved with 4.2.3.
I have tried uninstalling and reinstalling Wireshark with the apt package manager and it seems the latest version for my OS is 4.2.2.1. It seems something was resolved with version 4.2.3. I assume version 4.2.3 will be available on the apt package manager in the near future?
That's up to the maintainer of the APT package repository from which you installed Wireshark, not to the Wireshark developers.