Hi,
(tested, using Wireshark 4.2.5 (v4.2.5-0-g4aa814ac25a1))
there are AMQP-systems out there sending AMQP-headers encoding the
single-byte performative-value as multiple bytes (I can provide
a ptrace-file if needed):
0000
0010
0020
0030
0040 [...] 00 00 00 2a 02 00 00 00 00 80 00 00 00 00
^^^^^^^^^^^^^^
0050 00 00 00 11 c0 16 05 40 70 00 00 00 01 70 00 00
^^^^^^^^^^^
0060 00 32 70 00 00 00 32 70 7f ff ff ff
In this particular case "begin" (0x11) is transferred using
subcategory 0x8 (eight octets) and the value 0x11 preceded
by seven 0x00. Usually you see the use of subcategory 0x5
(single octet) and 0x11 without any preceding zeroes. Both
ways are allowed by the specification but the AMQP-parser
in Wireshark seems to ignore the subcategory information and
instead assumes the performative-value always to be a single
byte. This leads to error-messages in the description:
Advanced Message Queuing Protocol
Length: 42
Doff: 2
Type: AMQP (0)
Channel: 0
Performative: Unknown (0)
[Expert Info (Error/Protocol): Unknown AMQP performative 0]
[Unknown AMQP performative 0]
[Severity level: Error]
[Group: Protocol]
Thanks and cheers, Lothar