Ethereal-users: Re: [Ethereal-users] http.request display filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 31 Jan 2001 17:29:03 -0800 (PST)
> This ethereal capture file (194078 bytes)
> 
>       http://www.winux.com/ethereal/http.request/trace
> 
> contains a conversation between a Netscape browser, a Guidescope proxy,
> and a few websites. The proxy is listening on localhost port 8000.
> 
> Starting at packet 313 you see that one of the HTTP transactions is on
> localhost between the browser, on port 3677, and the proxy, on port 8000.
> 
> The interactive stream ripper ("Follow TCP Stream") clearly shows the
> HTTP request and response. However, if I use the display filter
> 
>         http.request
> 
> it's not found.

If you use Ethereal, does it show that packet as being HTTP, or just
TCP?  If it shows it as TCP, the packet was never given to the HTTP
dissector, and therefore Ethereal doesn't know it's HTTP.

The HTTP dissector only knows about certain ports being used for HTTP. 
Ethereal will not automagically identify all HTTP traffic as such.

The next release will probably have a UI mechanism to allow you to
specify, on the fly, additional port numbers to be used for particular
protocols.