Bill Meier
changed
bug 9882
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
INCOMPLETE
|
| Ever confirmed |
|
1
|
Comment # 1
on bug 9882
from Bill Meier
> When viewed in the bottom pane it shows "Reassembled TCP (411 bytes)" and
> the start of the request is "GET /test-cgi?* HTTP/1.1" which is incorrect.
>
> When viewed by following the stream, it shows "Entire conversation (410
> bytes)" and the start of the request is "GET /est-cgi?* HTTP/1.1", which is
> correct.
My interpretation is the exact opposite.
I believe the reassembly is correct and the view in "follow TCP stream" ios
incorrect in that the 't' is 'test-cgi' is missing. That is, there really are
411 bytes in the HTTP payload.
For frame 6, if I look at the "frame" pane (not the "reassembled" pane) I do
see that the frame TCP payload does start with "test-cgi...".
Please look again and see if you agree. If yes, please update the title of the
Bug.
The above being said, obviously the "Expert" messages aren't really correct:
"TCP Keep-Alive"
"TCP Retransmission"
"TCP ACKed Unseen Segment"
Interesting; I suspect the data with initial SYN packet confused the SEQ/ACK
Analysis.
You are receiving this mail because:
- You are watching all bug changes.
