Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Decode TCP trame cup into different parts
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 7 Jan 2010 04:23:49 -0800
On Jan 7, 2010, at 4:17 AM, Lior Zarfati wrote: > WireShark is behaving perfectly and showing you the exact traffic that is being transferred over the HTTP protocol. > The part which you are misunderstanding is the one that states “Content-Encoding: gzip”. That means the rest of the content is compressed using gzip compression. What you see as the HTTP packet data is the gzip raw feed. > Your SOAP client is compressing outgoing data using gzip. If you want to see the content itself, get it to not compress the data. ...or make sure all the HTTP preference settings I mentioned in my earlier message are on; Wireshark should, in that case, reassemble the entire HTTP message and unzip the body of the request. (It won't do that in the "Follow TCP Stream" output - that only displays the raw TCP data stream, without any interpretation.)
- Follow-Ups:
- Re: [Wireshark-users] Decode TCP trame cup into different parts
- From: Olivier-externe GERAULT
- Re: [Wireshark-users] Decode TCP trame cup into different parts
- References:
- [Wireshark-users] Decode TCP trame cup into different parts
- From: Olivier-externe GERAULT
- Re: [Wireshark-users] Decode TCP trame cup into different parts
- From: Lior Zarfati
- [Wireshark-users] Decode TCP trame cup into different parts
- Prev by Date: Re: [Wireshark-users] Decode TCP trame cup into different parts
- Next by Date: Re: [Wireshark-users] Decode TCP trame cup into different parts
- Previous by thread: Re: [Wireshark-users] Decode TCP trame cup into different parts
- Next by thread: Re: [Wireshark-users] Decode TCP trame cup into different parts
- Index(es):