Wireshark mailing list archives
Re: HTTP not decoded
From: Prigge Scott <PriggeScottM () JohnDeere com>
Date: Wed, 3 Nov 2010 11:46:41 -0500
I think the reason Wireshark isn't detecting this as HTTP is because the HTTP decoder is smart enough to recognize this isn't a technically valid HTTP request. According to the RFC, there needs to be a blank line separating the final HTTP header and the data, which translates into the sequence 0x0d 0x0a in the bit pattern. Because that string doesn't appear in the place it's supposed to, Wireshark treats this simply as bulk TCP data.
-----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users- bounces () wireshark org] On Behalf Of Srivats P Sent: Wednesday, November 03, 2010 10:31 AM To: wireshark-users () wireshark org Subject: [Wireshark-users] HTTP not decoded Hi, Wireshark does not seem to decode TCP port 80 as HTTP for the attached pcap file - instead it shows the HTTP data as "TCP segment data". Is this expected behaviour? Is it because the file does not contain the TCP handshake packets? Using Wireshark Version 1.2.1 (SVN Rev 29141) on Windows. Regards, Srivats
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- HTTP not decoded Srivats P (Nov 03)
- Re: HTTP not decoded Marco Simone Zuppone (Nov 03)
- Re: HTTP not decoded M Holt (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)
- Re: HTTP not decoded M Holt (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)
- Re: HTTP not decoded Prigge Scott (Nov 03)
- Re: HTTP not decoded Prigge Scott (Nov 03)
- Re: HTTP not decoded Sake Blok (Nov 03)
- Re: HTTP not decoded Srivats P . (Nov 03)