First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

MONGO dissector not applied

  • retag add tags

I'm on windows 7, wireshark build Version 2.6.3 (v2.6.3-0-ga62e6c27) , with npcap, and I'm using the loopback interface to capture some mongodb traffic. I can see the traffic, but the MONGO dissector is not being applied. I've checked under Analyze -> Enabled Protocols and MONGO is clearly enabled. I'm also pretty sure the data is good as I can see records being written to the database. I've seen this work in Linux without any probs too.

Under Help -> about in the plugins tab, these are the plugins:

  • ethercat.dll
  • gryphon.dll
  • irda.dll
  • l16mono.dll
  • mate.dll
  • opcua.dll
  • profinet.dll
  • stats_tree.dll
  • transum.dll
  • unistim.dll
  • usbdump.dll
  • wimax.dll
  • wimaxasncp.dll
  • wimaxmacphy.dll

Am I missing some library? Or some setting?

lJoublanc's avatar
1
lJoublanc
asked 2018-09-20 15:19:54 +0000
Jaap's avatar
13.7k
Jaap
updated 2018-09-20 17:00:27 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Ok, managed to get this working by right clicking and selecting 'decode as ...'. However not sure why this wasn't detected automagically,

lJoublanc's avatar lJoublanc (2018-09-20 15:26:52 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The Mongo dissector registers to dissect traffic on tcp port 27017, but has a preference setting to modify that if required. As you have found out you can also use "Decode As ..." to force a temporary override of the port. There is no heuristic port detection for the mongo dissector.

Presumably the mongo traffic you are capturing is NOT running on the default mongo port of 27017, or you have changed the mongo dissector port preference.

grahamb's avatar
23.8k
grahamb
answered 2018-09-20 15:56:58 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer