Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1966] New: HTTP not recognised for GET without headers

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 31 Oct 2007 15:57:45 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1966

           Summary: HTTP not recognised for GET without headers
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: nick.lewis@xxxxxxxxxxxxxx


Build Information:
Version 0.99.6a (SVN Rev 22276)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
A packet is not recognised as HTTP. This appears to occur when it is a GET
without headers

e.g.

No.     Time                       Source                Destination          
Protocol Info
      1 2007-10-31 15:44:06.316949 10.10.250.10          69.41.162.148        
TCP      [TCP segment of a reassembled PDU]

Frame 1 (97 bytes on wire, 97 bytes captured)
Ethernet II, Src: ViaTechn_eb:5d:e0 (00:40:63:eb:5d:e0), Dst: Sonicwal_09:d2:90
(00:06:b1:09:d2:90)
Internet Protocol, Src: 10.10.250.10 (10.10.250.10), Dst: 69.41.162.148
(69.41.162.148)
Transmission Control Protocol, Src Port: 33174 (33174), Dst Port: http (80),
Seq: 0, Ack: 0, Len: 31
    Source port: 33174 (33174)
    Destination port: http (80)
    Sequence number: 0    (relative sequence number)
    [Next sequence number: 31    (relative sequence number)]
    Acknowledgement number: 0    (relative ack number)
    Header length: 32 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 1460
    Checksum: 0xc80f [correct]
    Options: (12 bytes)
    TCP segment data (31 bytes)

0000  00 06 b1 09 d2 90 00 40 63 eb 5d e0 08 00 45 00   .......@c.]...E.
0010  00 53 5e b9 40 00 40 06 f0 19 0a 0a fa 0a 45 29   .S^.@[email protected])
0020  a2 94 81 96 00 50 f6 ea 12 6d bc f8 a7 c9 80 18   .....P...m......
0030  05 b4 c8 0f 00 00 01 01 08 0a 05 4f 4d 60 63 c5   ...........OM`c.
0040  da 23 47 45 54 20 2f 6d 6f 64 75 6c 65 73 2d 32   .#GET /modules-2
0050  2e 32 2e 78 6d 6c 20 48 54 54 50 2f 31 2e 30 0d   .2.xml HTTP/1.0.
0060  0a                                                .


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube