I used to be able to filter my wireshark packets to get useful information from them. However, with my current configuration on OSX, all of the HTTP traffic is coming through as the SSDP protocol and is generally being unhelpful. Why is this?
Actually, it seems that packets on my own system that should be HTTP are coming throuhg as HTTP, but packets from other machines that should be HTTP are coming through as this protocol.
Best Answer
Nope, all of your HTTP traffic is still coming over traditional TCP. You are just being flooded with SSDP packets and unable to separate these from real HTTP packets.
Easiest way to filter the "real" HTTP traffic is to type in to the Wireshark filter box:
And likewise if you wish to view (mostly) SSDP HTTP packets use this for filtering: