Wireshark-users: Re: [Wireshark-users] WSDL / XML support?
From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Thu, 13 Sep 2007 17:13:22 +0200
0.99.0 could decode it (no Content-Length Chunked encoding) but HEAD
fails on this.


On 9/13/07, jacob c <jctx09@xxxxxxxxx> wrote:
> I appreciate the help. I installed v0.99.6a but no luck. I am attaching the
> trace for your review. I do appreciate all the help.
>
> Thank you,
>
> Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Sep 12, 2007, at 12:49 PM, jacob c wrote:
>
> > I'm not totally sure I'm following but.. HTTP Reassembly is enabled
> > (checkmarked) under Edit > Prefrences > HTTP if that is what you mean.
>
> Yes, that's what I mean.
>
> > I am attaching a screenshot so you can see the display window.
>
> Unfortunately, we need more information than that to debug the
> problem; if you could give us the full capture file or, at minimum,
> all the packets in that TCP connection, that'd help (and would
> probably take less time to download from a mail server than a
> screenshot, as per Luis's mail).
>
> > The replies do show up as "HTTP Continuation" in Ethereal 0.99.0
>
> ...which means either that you didn't have HTTP reassembly enabled in
> 0.99.0 or it wasn't working in 0.99.0 (I forget whether it was in
> 0.99.0 or not; there have been changes to it since then).
>
> > but not in Wireshark 0.99.5 which I am currently using
>
> 0.99.5 isn't "the current version of Wireshark"; 0.99.6 is. Try that.
>
> > so perhaps I don't have an option configured correctly. Also, even
> > in Ethereal 0.99.0 it does not decode the WSDL information with or
> > without reassembly enabled.
>
> If it shows up as "HTTP Continuation" in 0.99.0 regardless of whether
> HTTP reassembly is enabled, it probably means reassembly isn't
> happening for some reason. Without seeing the packets we can't
> determine what reason that might have been in 0.99.0 and why the
> reassembly doesn't finish in 0.99.5.
>
> > It just shows up as HTTP data but perhaps Wireshark could decode it
> > once I get it configured correctly. -??
>
> Only if getting it configured correctly means making the reassembly
> happen correctly. Wireshark doesn't dissect HTTP traffic as anything
> other than raw data if that traffic isn't part of the first TCP
> segment of a request or reply and isn't reassembled along with the
> first segment; that's by design (otherwise, it doesn't know *how* to
> dissect it - it has to see the Content-Type header, for example).
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>  ________________________________
> Moody friends. Drama queens. Your life? Nope! - their life, your story.
>  Play Sims Stories at Yahoo! Games.
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan