Ask Your Question
0

Packets shown as SSL

asked 2024-08-30 21:26:24 +0000

Sr. Arthur gravatar image

I'm conducting a network analysis using the IEC 60870-5-104 protocol. Whenever I try to open the capture file I made with Wireshark, it shows the 104 protocol as SSL. However, if I open it with the same Wireshark that I used for the capture, it displays correctly. Is there a way to fix this issue?

edit retag flag offensive close merge delete

Comments

You could try exporting the profile from the working system and importing it on the other system.
11.6. Configuration Profiles

Chuckc gravatar imageChuckc ( 2024-08-31 01:11:05 +0000 )edit

"the same Wireshark"

Are you using different versions of Wireshark? Please share the version information? Are you using different preference settings?

johnthacker gravatar imagejohnthacker ( 2024-09-23 16:08:47 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2024-09-21 19:13:18 +0000

André gravatar image

Use the 'Decode As' functionality to force decoding as the protocol of your choice. Useful when the heuristic selection of a dissector happens to be incorrect.

If the port used is always the same, then update the protocol preference via Edit / Preferences / Protocols / IEC 60870-5-104.

See also: Control Protocol Dissection and Protocols

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2024-08-30 21:26:24 +0000

Seen: 104 times

Last updated: Sep 21