Re: Decode TCP trame cup into different parts

[Guy Harris <guy () alum mit edu>]

On Jan 7, 2010, at 4:17 AM, Lior Zarfati wrote:

> WireShark is behaving perfectly and showing you the exact traffic that is being transferred over the HTTP protocol.
> The part which you are misunderstanding is the one that states “Content-Encoding: gzip”. That means the rest of the 
> content is compressed using gzip compression. What you see as the HTTP packet data is the gzip raw feed.
> Your SOAP client is compressing outgoing data using gzip. If you want to see the content itself, get it to not 
> compress the data.

...or make sure all the HTTP preference settings I mentioned in my earlier message are on; Wireshark should, in that 
case, reassemble the entire HTTP message and unzip the body of the request.

(It won't do that in the "Follow TCP Stream" output - that only displays the raw TCP data stream, without any 
interpretation.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe