encapsulated multipart decoding in latest wireshark version
Hi, earlier i was using the wireshark version(Version 1.12.4 (v1.12.4-0-gb4861da from master-1.12)) . in that the encapsulated mulipart is porperly decoded and value are seen. but after i upgraded to latest version it is not decoding(Version 3.0.1 (v3.0.1-0-gea351cd8) ). can you please help to understand the reason.
HEX DUMP of the packet:
0000 74 a2 e6 80 17 ff fa 16 3e 57 d1 5e 08 00 45 00
0010 00 ee bc e8 00 00 40 06 21 df 0a 0a e7 e6 0a 0a
0020 9f 48 2b 2c 1f 9a 55 c4 65 5d 40 12 19 45 80 18
0030 00 d1 8e 6f 00 00 01 01 08 0a 00 7e dc d6 62 92
0040 f9 02 0d 0a 61 3d 61 63 63 65 70 74 2d 77 72 61
0050 70 70 65 64 2d 74 79 70 65 73 3a 74 65 78 74 2f
0060 70 6c 61 69 6e 20 6d 65 73 73 61 67 65 2f 69 6d
0070 64 6e 2b 78 6d 6c 20 61 70 70 6c 69 63 61 74 69
0080 6f 6e 2f 76 6e 64 2e 67 73 6d 61 2e 72 63 73 70
0090 75 73 68 6c 6f 63 61 74 69 6f 6e 2b 78 6d 6c 0d
00a0 0a 61 3d 70 61 74 68 3a 6d 73 72 70 3a 2f 2f 31
00b0 30 2e 31 30 2e 34 36 2e 37 36 3a 39 2f 5a 33 64
00c0 63 62 4a 62 45 32 66 56 76 49 49 65 72 3b 74 63
00d0 70 0d 0a 0d 0a 3c 2f 73 64 70 3e 0d 0a 3c 2f 73
00e0 65 73 73 69 6f 6e 3e 0d 0a 2d 2d 2d 62 6f 75 6e
00f0 64 61 72 79 52 4d 53 31 32 33 2d 2d
What protocol(s) are you expecting to see, i.e. what does 1.12.4 show?
it is HTTP(TCP) .. the encapsulated multipart would be 2 part 1) application/json 2) application/X-CPM-Session
What you've posted appears to be a fragment of http, i.e. it does not include the http request or response that appears at the start of a message.
It would help if you can share the capture file on a public sharing site and post a link to it back here as a comment.
plz find the pcap below, it has 3 HTTP POST req https://drive.google.com/file/d/1mre8...