Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Finding mismatched HTTP Content-Length and the data

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Visser" <martinvisser99@xxxxxxxxx>
Date: Wed, 29 Oct 2008 15:38:13 +1100
You should be able to do this in a tap/dissector written in LUA. I'm working on a similar problem to look for particular HTTP response time patterns.

My impression is that LUA is intended for writing those "one-off" apps that don't warrant complicating the standard distribution.

The problem (at least for me ) is that there aren't enough good published examples. If I get what I want working, I'll try and help remedy that :-)

On Tue, Oct 28, 2008 at 3:03 PM, Ducky <duckyhatezchat@xxxxxxxxx> wrote:
Steve,

Thanks for the information. Some of the network devices tend to reset
the connection when it happens, at least within my environment :)

./D

On Tue, Oct 28, 2008 at 11:16 AM, Stephen Fisher
<stephentfisher@xxxxxxxxx> wrote:
> On Tue, Oct 28, 2008 at 10:59:13AM +0800, Ducky wrote:
>
>> I'm trying to find the web server's response that includes a
>> Content-Length header that indicates a smaller value than the length
>> of the data in the response. For example, if the web server sends a
>> response with a Content-Length header value of 10 bytes, but the data
>> size of the response is more than 10 bytes
>>
>> I am able to find the data length, by clicking on the data part of the
>> packet and manually check against the Content-Length in header. It's
>> too painful for me to look through thousands of packets.
>
> This would be fairly easy to add to the HTTP dissector.  However I am
> wondering what the best way to do it would be and whether this is a
> common enough problem to warrant such a validation in Wireshark?
>
>
> Steve
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>



--
./D
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users



--
Regards, Martin

MartinVisser99@xxxxxxxxx
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube