Hi, (tested, using Wireshark 4.2.5 (v4.2.5-0-g4aa814ac25a1))
there are AMQP-systems out there sending AMQP-headers encoding the single-byte performative-value as multiple bytes (I can provide a ptrace-file if needed): 0000 0010 0020 0030 0040 [...] 00 00 00 2a 02 00 00 00 00 80 00 00 00 00 ^^^^^^^^^^^^^^ 0050 00 00 00 11 c0 16 05 40 70 00 00 00 01 70 00 00 ^^^^^^^^^^^ 0060 00 32 70 00 00 00 32 70 7f ff ff ff In this particular case "begin" (0x11) is transferred using subcategory 0x8 (eight octets) and the value 0x11 preceded by seven 0x00. Usually you see the use of subcategory 0x5 (single octet) and 0x11 without any preceding zeroes. Both ways are allowed by the specification but the AMQP-parser in Wireshark seems to ignore the subcategory information and instead assumes the performative-value always to be a single byte. This leads to error-messages in the description: Advanced Message Queuing Protocol Length: 42 Doff: 2 Type: AMQP (0) Channel: 0 Performative: Unknown (0) [Expert Info (Error/Protocol): Unknown AMQP performative 0] [Unknown AMQP performative 0] [Severity level: Error] [Group: Protocol] Thanks and cheers, Lothar ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe