Wireshark mailing list archives
Re: HTTP not decoded
From: M Holt <m.iostreams () gmail com>
Date: Wed, 3 Nov 2010 09:26:37 -0700
All this capture contains is a single packet -- a GET request. If you go into your Wireshark preferences, under Protocols -> TCP, and uncheck the box that says "Allow subdisector to reassemble TCP streams", your "info" field will then show that it is a GET request. You can also just right click on the packet and choose, "Follow TCP stream" to see the ascii contents of the packet easily. -- Mike On Wed, Nov 3, 2010 at 8:30 AM, Srivats P <pstavirs () gmail com> wrote:
Hi, Wireshark does not seem to decode TCP port 80 as HTTP for the attached pcap file - instead it shows the HTTP data as "TCP segment data". Is this expected behaviour? Is it because the file does not contain the TCP handshake packets? Using Wireshark Version 1.2.1 (SVN Rev 29141) on Windows. Regards, Srivats ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- HTTP not decoded Srivats P (Nov 03)
- Re: HTTP not decoded Marco Simone Zuppone (Nov 03)
- Re: HTTP not decoded M Holt (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)
- Re: HTTP not decoded M Holt (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)
- Re: HTTP not decoded Prigge Scott (Nov 03)
- Re: HTTP not decoded Prigge Scott (Nov 03)
- Re: HTTP not decoded Sake Blok (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)