I'm conducting a network analysis using the IEC 60870-5-104 protocol. Whenever I try to open the capture file I made with Wireshark, it shows the 104 protocol as SSL. However, if I open it with the same Wireshark that I used for the capture, it displays correctly. Is there a way to fix this issue?
Use the 'Decode As' functionality to force decoding as the protocol of your choice. Useful when the heuristic selection of a dissector happens to be incorrect.
If the port used is always the same, then update the protocol preference via Edit / Preferences / Protocols / IEC 60870-5-104.
See also: Control Protocol Dissection and Protocols
Asked: 2024-08-30 21:26:24 +0000
Seen: 127 times
Last updated: Sep 21
You could try exporting the profile from the working system and importing it on the other system.
11.6. Configuration Profiles
"the same Wireshark"
Are you using different versions of Wireshark? Please share the version information? Are you using different preference settings?