On Tue, Aug 31, 2004 at 10:50:59AM +0300, Pavel Orchov wrote:
> Hi,
>
> I have found some BUG in ethereal here is description by README:
[snip]
> BUG description:
>
> I am trying to capture HTTP stream when chunked stream arriving:
>
> - Enable capture with filter "tcp port 80"
>
> - Enter www.cnn.com <http://www.cnn.com/> or www.bbc.com
> <http://www.bbc.com/>
>
> - One of the connections should include HTTP stream when response arrive
> in chunked mode, you will see "Transfer-encoding: chunked" in one of the
> streams.
>
> - Open this stream in HEX mode (you can save it or just look in the
> bottom of the Ethereal GUI) and check if chunk offset is correct. I
> found that chunk offset is not correct in all chunks. This means that
> Ethereal does not capture the stream correctly or Ethereal add some
> symbols to the stream that make chunk offset incorrect.
What do you mean by "chunk offset?" Do you mean the chunk size? If so,
then make sure you are converting the hex number to decimal (which is
what should show up in the packet details frame.)
> - You may be sure that server send correct stream, otherwise you were
> not see the web page of cnn or bbc.
>
> BUG occurs with 0.9.* and 0.10.6 versions of Ethereal.
Well, versions before 0.10.4 don't do anything with chunked responses,
which is what makes me suspect that you aren't converting the hex
response to decimal. Version 0.10.4 and higher will reassemble and
decode those responses, if you enable the following preferences:
TCP
Allow subdissector to desegment TCP streams
HTTP
Desegment HTTP headers spanning multiple TCP segments
Desegment HTTP bodies spanning multiple TCP segments
Reassemble chunked transfer-coded bodies
If I'm missing the point of the original report, please elaborate.
