Hi - I'm using Wireshark v2.4.2 to display and decode a RabbitMQ exchange between two systems. I used tcpdump to create a capture; I did not use the '-s' option or anything else to limit the size of the packets that are captured.
Wireshark does display the packets and does not report an error. But it shows the protocol of 'TCP' for all of the packets, instead of decoding them. The exchange is received on the target system on port 5671. Knowing that the default amqp port is 5672, I used the Wireshark Analyze -> Decode As.. menu to set this decode value:
The TCP segment data in a PSH packet begins with: 16 03 01 00 38 01
I've found the amqp spec, but am having trouble figuring out if this is an amqp packet or not.
I tried to upload a screenshot, but I apparently need 'points'??
Suggestions, please!
Thanks tl
