Re: HTTP not decoded

[M Holt <m.iostreams () gmail com>]

All this capture contains is a single packet -- a GET request.
If you go into your Wireshark preferences, under Protocols -> TCP, and
uncheck the box that says "Allow subdisector to reassemble TCP streams",
your "info" field will then show that it is a GET request.  You can also
just right click on the packet and choose, "Follow TCP stream" to see the
ascii contents of the packet easily.

 -- Mike

On Wed, Nov 3, 2010 at 8:30 AM, Srivats P <pstavirs () gmail com> wrote:

> Hi,
>
> Wireshark does not seem to decode TCP port 80 as HTTP for the attached
> pcap file - instead it shows the HTTP data as "TCP segment data".
>
> Is this expected behaviour? Is it because the file does not contain
> the TCP handshake packets?
>
> Using Wireshark Version 1.2.1 (SVN Rev 29141) on Windows.
>
> Regards,
> Srivats
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe