Wireshark-users: [Wireshark-users] http Content-Encoding: gzip not decoding
From: Bob Keyes <keyesbob@xxxxxxxxx>
Date: Fri, 8 Feb 2008 09:41:16 -0800 (PST)
I've been trying to figure out some weirdness with the
Amtrak reservations web site, and have applied
Wireshark to the task. Packets are sniffed, tcp
streams assembled, but when it comes time to decode
gzip encoded content, I get nowhere. I am running
0.99.6 on Ubuntu Gutsy. I have seen referenced to
problems with 0.99.6 and 'chunked' content but this
isn't 'chunked'. What is the proper way to do this
decoding? Can anyone else replicate the problem? Does
anyone have suggestions for workarounds?

p.s. The reason I am investigating this is because I
am getting spam of Chinese origin to an email account
only ever used for Amtrak. Their site seems complex
with a bunch of outsourced functions. I am trying to
figure out where they have an information leak, and
how bad it is.