Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4715] New: http dissector fails to detect apparent legitim

Date: Mon, 26 Apr 2010 23:42:24 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4715

           Summary: http dissector fails to detect apparent legitimate
                    http response
           Product: Wireshark
           Version: 1.2.6
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: alantu@xxxxxxxx


Created an attachment (id=4576)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4576)
http.pcap contains a HTTP transaction used to demonstrate this bug.

Build Information:
TShark 1.2.6 (SVN Rev 31702)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.3, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with
GeoIP.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729

--
1.  Run
tshark -r http.pcap -T fields -e frame.number -R "http.request"

Result: frame 4 is identified as containing a HTTP request.

2.  Run
tshark -r http.pcap -T fields -e frame.number -R "http.response"

Result: no HTTP response is identified, even though it appears there is one
starting in frame 6.

This is possibly a bug in the http dissector?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.