Wireshark on macOS does not parse HTTP packets

Question

I installed Wireshark on macOS High Sierra and captured some network trafic while making HTTP calls to a local server using CURL. The traffic captured in wireshark only showed TCP packets. When looking at the data whitin the TCP packets I could see the HTTP packets, but these were not recognized by Wireshark as the packet protocol.

Any way to make it properly parse the HTTP packets?

Here's an example capture:

One guess I had was that Wireshark only recognises a packet as HTTP if it's on port 80. If this is so, is there any way to change this setting?

P.S. No HTTPS involved here, just plane old HTTP from a client to a REST API.

Answer 1

Ok, figured out the issue. My server was exposed on port 5000 (which is the default Flask port). Turns out that port 5000 is conventionally used for IPA packets, which is a GSM over IP protocol. Wireshark aparently used the port number to determine the type of packet, and so it misclasified it as an IPA packet.

Once I moved my server to another port (e.g. 5001) - the problem was gone.

P.S. See https://osqa-ask.wireshark.org/questions/9240/data-which-has-been-sent-over-tcpip-has-been-recognized-by-wireshark-as-ipa-protocol for more details.