We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] WSDL / XML support?

From: jacob c <jctx09@xxxxxxxxx>
Date: Thu, 13 Sep 2007 07:57:09 -0700 (PDT)
I appreciate the help. I installed v0.99.6a but no luck. I am attaching the trace for your review. I do appreciate all the help.
Thank you,

Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Sep 12, 2007, at 12:49 PM, jacob c wrote:

> I'm not totally sure I'm following but.. HTTP Reassembly is enabled
> (checkmarked) under Edit > Prefrences > HTTP if that is what you mean.

Yes, that's what I mean.

> I am attaching a screenshot so you can see the display window.

Unfortunately, we need more information than that to debug the
problem; if you could give us the full capture file or, at minimum,
all the packets in that TCP connection, that'd help (and would
probably take less time to download from a mail server than a
screenshot, as per Luis's mail).

> The replies do show up as "HTTP Continuation" in Ethereal 0.99.0

...which means either that you didn't have HTTP reassembly enabled in
0.99.0 or it wasn't working in 0.99.0 (I forget whether it was in
0.99.0 or not; there have been changes to it since then).

> but not in Wireshark 0.99.5 which I am currently using

0.99.5 isn't "the current version of Wireshark"; 0.99.6 is. Try that.

> so perhaps I don't have an option configured correctly. Also, even
> in Ethereal 0.99.0 it does not decode the WSDL information with or
> without reassembly enabled.

If it shows up as "HTTP Continuation" in 0.99.0 regardless of whether
HTTP reassembly is enabled, it probably means reassembly isn't
happening for some reason. Without seeing the packets we can't
determine what reason that might have been in 0.99.0 and why the
reassembly doesn't finish in 0.99.5.

> It just shows up as HTTP data but perhaps Wireshark could decode it
> once I get it configured correctly. -??

Only if getting it configured correctly means making the reassembly
happen correctly. Wireshark doesn't dissect HTTP traffic as anything
other than raw data if that traffic isn't part of the first TCP
segment of a request or reply and isn't reassembled along with the
first segment; that's by design (otherwise, it doesn't know *how* to
dissect it - it has to see the Content-Type header, for example).
Wireshark-users mailing list

Moody friends. Drama queens. Your life? Nope! - their life, your story.
Play Sims Stories at Yahoo! Games.

Attachment: wsdl port changed to 9081.pcap
Description: 1619725596-wsdl port changed to 9081.pcap