Ask Your Question

Revision history [back]

Wireshark seems to misinterprete some TCP packets

I am doing some checks on communications between Google Chrome and a Chromecast device. Unfortunately I do not have 60 points so I cannot attach the wireshark file but have to try to write relevant part of the rows here. 192.168.47.68 = Windows PC 192.168.47.75 = Chromecast device

Source Destination Protocol Length Info 192.168.47.68 192.168.47.75 TCP 66 58528 -> 8009 [SYN] 192.168.47.75 192.168.47.68 TCP 66 8009 -> 58528 [SYN, ACK] 192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK] 192.168.47.68 192.168.47.75 TCP 200 58528 -> 8009 [PSH, ACK] 192.168.47.75 192.168.47.68 TCP 60 8009 -> 58528 [ACK] 192.168.47.75 192.168.47.68 AJP13 1214 AJP13 Error? 192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK] 192.168.47.68 192.168.47.75 AJP13 180 AJP13 Error?

It is of course the AJP13 I think is a bad interpretation of the TCP packet as this is a communication with a Chromecast device. AJP13 = Apache Jserv Protocol version 1.3. I am just showing the first lines of the Wireshark output. It continues with several more rows but then it is not showing any AJP13 rows. By the way Apache JServ Protocol also uses port 8009.

Looking in the IP packet with the AJP13 rows it clearly says Protocol = 6 i.e TCP.

My question is thus: What makes Wireshark think this is an AJP13 packet? All the communication is between my computer port and port 8009 but it is only two rows where AJP13 shows up. It seems there is something else than the port number that triggers this.

Any idea where I shall look in the packet besides the IP-packet protocol number?

Wireshark seems to misinterprete some TCP packets

I am doing some checks on communications between Google Chrome and a Chromecast device. Unfortunately I do not have 60 points so I cannot attach the wireshark file but have to try to write relevant part of the rows here. 192.168.47.68 = Windows PC 192.168.47.75 = Chromecast device

Source Destination Protocol Length Info Info

192.168.47.68 192.168.47.75 TCP 66 58528 -> 8009 [SYN]

192.168.47.75 192.168.47.68 TCP 66 8009 -> 58528 [SYN, ACK] ACK]

192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK] [ACK]

192.168.47.68 192.168.47.75 TCP 200 58528 -> 8009 [PSH, ACK] ACK]

192.168.47.75 192.168.47.68 TCP 60 8009 -> 58528 [ACK] [ACK]

192.168.47.75 192.168.47.68 AJP13 1214 AJP13 Error? Error?

192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK] [ACK]

192.168.47.68 192.168.47.75 AJP13 180 AJP13 Error?

It is of course the AJP13 I think is a bad interpretation of the TCP packet as this is a communication with a Chromecast device. AJP13 = Apache Jserv Protocol version 1.3. I am just showing the first lines of the Wireshark output. It continues with several more rows but then it is not showing any AJP13 rows. By the way Apache JServ Protocol also uses port 8009.

Looking in the IP packet with the AJP13 rows it clearly says Protocol = 6 i.e TCP.

My question is thus: What makes Wireshark think this is an AJP13 packet? All the communication is between my computer port and port 8009 but it is only two rows where AJP13 shows up. It seems there is something else than the port number that triggers this.

Any idea where I shall look in the packet besides the IP-packet protocol number?

Wireshark seems to misinterprete some TCP packets

I am doing some checks on communications between Google Chrome and a Chromecast device. Unfortunately I do not have 60 points so I cannot attach the wireshark file but have to try to write relevant part of the rows here. 192.168.47.68 = Windows PC 192.168.47.75 = Chromecast device

Source Destination Protocol  Length Info

Info 192.168.47.68 192.168.47.75 TCP 66 58528 -> 8009 [SYN]

192.168.47.75 192.168.47.68 TCP 66 8009 -> 58528 [SYN, ACK]

ACK] 192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK]

[ACK] 192.168.47.68 192.168.47.75 TCP 200 58528 -> 8009 [PSH, ACK]

ACK] 192.168.47.75 192.168.47.68 TCP 60 8009 -> 58528 [ACK]

[ACK] 192.168.47.75 192.168.47.68 AJP13 1214 AJP13 Error?

Error? 192.168.47.68 192.168.47.75 TCP 54 58528 -> 8009 [ACK]

[ACK] 192.168.47.68 192.168.47.75 AJP13 180 AJP13 Error?

Error?

It is of course the AJP13 I think is a bad interpretation of the TCP packet as this is a communication with a Chromecast device. AJP13 = Apache Jserv Protocol version 1.3. I am just showing the first lines of the Wireshark output. It continues with several more rows but then it is not showing any AJP13 rows. By the way Apache JServ Protocol also uses port 8009.

Looking in the IP packet with the AJP13 rows it clearly says Protocol = 6 i.e TCP.

My question is thus: What makes Wireshark think this is an AJP13 packet? All the communication is between my computer port and port 8009 but it is only two rows where AJP13 shows up. It seems there is something else than the port number that triggers this.

Any idea where I shall look in the packet besides the IP-packet protocol number?