Re: HTTP not decoded

[Prigge Scott <PriggeScottM () JohnDeere com>]

I think the reason Wireshark isn't detecting this as HTTP is because the HTTP decoder is smart enough to recognize this 
isn't a technically valid HTTP request. According to the RFC, there needs to be a blank line separating the final HTTP 
header and the data, which translates into the sequence 0x0d 0x0a in the bit pattern. Because that string doesn't 
appear in the place it's supposed to, Wireshark treats this simply as bulk TCP data.

> -----Original Message-----
> From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-
> bounces () wireshark org] On Behalf Of Srivats P
> Sent: Wednesday, November 03, 2010 10:31 AM
> To: wireshark-users () wireshark org
> Subject: [Wireshark-users] HTTP not decoded
>
> Hi,
>
> Wireshark does not seem to decode TCP port 80 as HTTP for the attached
> pcap file - instead it shows the HTTP data as "TCP segment data".
>
> Is this expected behaviour? Is it because the file does not contain the
> TCP handshake packets?
>
> Using Wireshark Version 1.2.1 (SVN Rev 29141) on Windows.
>
> Regards,
> Srivats
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe