Ask Your Question
0

MONGO dissector not applied

asked 2018-09-20 15:19:54 +0000

updated 2018-09-20 17:00:27 +0000

Jaap gravatar image

I'm on windows 7, wireshark build Version 2.6.3 (v2.6.3-0-ga62e6c27) , with npcap, and I'm using the loopback interface to capture some mongodb traffic. I can see the traffic, but the MONGO dissector is not being applied. I've checked under Analyze -> Enabled Protocols and MONGO is clearly enabled. I'm also pretty sure the data is good as I can see records being written to the database. I've seen this work in Linux without any probs too.

Under Help -> about in the plugins tab, these are the plugins:

  • ethercat.dll
  • gryphon.dll
  • irda.dll
  • l16mono.dll
  • mate.dll
  • opcua.dll
  • profinet.dll
  • stats_tree.dll
  • transum.dll
  • unistim.dll
  • usbdump.dll
  • wimax.dll
  • wimaxasncp.dll
  • wimaxmacphy.dll

Am I missing some library? Or some setting?

edit retag flag offensive close merge delete

Comments

Ok, managed to get this working by right clicking and selecting 'decode as ...'. However not sure why this wasn't detected automagically,

lJoublanc gravatar imagelJoublanc ( 2018-09-20 15:26:52 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-09-20 15:56:58 +0000

grahamb gravatar image

The Mongo dissector registers to dissect traffic on tcp port 27017, but has a preference setting to modify that if required. As you have found out you can also use "Decode As ..." to force a temporary override of the port. There is no heuristic port detection for the mongo dissector.

Presumably the mongo traffic you are capturing is NOT running on the default mongo port of 27017, or you have changed the mongo dissector port preference.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-09-20 15:19:54 +0000

Seen: 44 times

Last updated: Sep 20