On Sep 12, 2007, at 12:49 PM, jacob c wrote:
I'm not totally sure I'm following but.. HTTP Reassembly is enabled
(checkmarked) under Edit > Prefrences > HTTP if that is what you mean.
Yes, that's what I mean.
I am attaching a screenshot so you can see the display window.
Unfortunately, we need more information than that to debug the
problem; if you could give us the full capture file or, at minimum,
all the packets in that TCP connection, that'd help (and would
probably take less time to download from a mail server than a
screenshot, as per Luis's mail).
The replies do show up as "HTTP Continuation" in Ethereal 0.99.0
...which means either that you didn't have HTTP reassembly enabled in
0.99.0 or it wasn't working in 0.99.0 (I forget whether it was in
0.99.0 or not; there have been changes to it since then).
but not in Wireshark 0.99.5 which I am currently using
0.99.5 isn't "the current version of Wireshark"; 0.99.6 is. Try that.
so perhaps I don't have an option configured correctly. Also, even
in Ethereal 0.99.0 it does not decode the WSDL information with or
without reassembly enabled.
If it shows up as "HTTP Continuation" in 0.99.0 regardless of whether
HTTP reassembly is enabled, it probably means reassembly isn't
happening for some reason. Without seeing the packets we can't
determine what reason that might have been in 0.99.0 and why the
reassembly doesn't finish in 0.99.5.
It just shows up as HTTP data but perhaps Wireshark could decode it
once I get it configured correctly. -??
Only if getting it configured correctly means making the reassembly
happen correctly. Wireshark doesn't dissect HTTP traffic as anything
other than raw data if that traffic isn't part of the first TCP
segment of a request or reply and isn't reassembled along with the
first segment; that's by design (otherwise, it doesn't know *how* to
dissect it - it has to see the Content-Type header, for example).