Wireshark · Ethereal-users: Re: [Ethereal-users] Help - GZIP content decoding

[Jerry Talkington <jtalkington@xxxxxxxxxxxxxxxxxxxxx>]

On Thu, Oct 28, 2004 at 06:25:54AM -0600, Nate Howe wrote:
> It is HTTP and I've tried with two versions of Ethereal: 0.10.7 and
> 0.10.6.  When I view a TCP stream I can see in the HTTP headers that
> it's gzip-encoded HTML and I do see the bytestream below the headers. 
> I'm using Windows XP SP1 and I've even booted into Knoppix 3.2 (which
> has Ethereal included, version 0.9.something).  When I open the same
> capture file from there it still won't decode.  This thread:
> 
> http://www.ethereal.com/lists/ethereal-dev/200311/msg00244.html
> 
> shows how one person got it to work, but I was unable to rebuild
> zlib.dll using his version of the makefile.  I did rebuild it myself
> but as I mentioned, but it would not work.

Can you send me a copy of the capture?  Also, what do you see in the
packet details frame (i.e. does it say that the data is gzip encoded?)
 
> Any ideas?  Can anyone else view gzip-encoded text or html from a capture? 

There are a few reasons it won't decode, among them:

Incorrect (or offloaded) checksums, which would cause the packets to not
be reassembled.

Out of order or retransmitted packets.

An incomplete PDU.

TCP and/or HTTP reassembly not enabled via preferences.

-- 
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762