On Tue, Nov 25, 2003 at 12:25:02PM +0000, Nosnos wrote:
> I notice that for http protocol, tethereal cannot capture all the url
> of a site if this url is too long ....
What do you mean by "cannot capture"? It should be able to capture it;
however, if the URL is so long that the HTTP request or response
containing that URL doesn't fit in one TCP segment, then it won't
display the entire URL.
> This real problem is not that we can't have the entire url, but in
> these case, even the HTTP Version and the CRLF is truncated .... so it
> causes lot of problem for my parser ....
That's probably because the request or response doesn't fit in one
segment.
> I just want to know if it is a bug,
It's a deficiency, not a "bug", strictly speaking - versions of Ethereal
prior to 0.9.16 didn't have code to reassemble requests or responses
that crossed TCP segment boundaries, but they didn't claim to reassemble
them.
> and if there is a way to solve it ....
Upgrade to Ethereal 0.9.16, if you're not already running it.
Then start up Ethereal, select "Preferences" from the "Edit" menu, open
up the "Protocols" list in the Preferences dialog, select "HTTP", turn
on the "Desegment all HTTP headers spanning multiple TCP segments"
option", click "Save", and click "OK".
That will tell Ethereal *AND* Tethereal to reassemble HTTP requests and
responses (method/status line, and headers) if they don't fit in one TCP
segment.
> I notice that for http protocol, sometime when we have a command GET,
> we have no HOST flags ....
Do you mean the "Host:" header is completely absent, or do you mean it
contains no host name?
RFC 2616 says
A client MUST include a Host header field in all HTTP/1.1
request messages . If the requested URI does not include an
Internet host name for the service being requested, then the
Host header field MUST be given with an empty value. An
HTTP/1.1 proxy MUST ensure that any request message it forwards
does contain an appropriate Host header field that identifies
the service being requested by the proxy. All Internet-based
HTTP/1.1 servers MUST respond with a 400 (Bad Request) status
code to any HTTP/1.1 request message which lacks a Host header
field.
so a Host: header is required in requests - but if the URI sent in the
request includes a host name, the Host: header must *not* have a host
name.
> I thought that with HTTP1.1 the host flags was required ....
Just because something is required, that doesn't mean it happens. :-)
That's one reason why programs such as Ethereal exist.