https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6557
Summary: default HTTP dissector fails to detect HTTP bodies
terminated by connection close
Product: Wireshark
Version: 1.7.x (Experimental)
Platform: Other
OS/Version: All
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: ShomeaX@xxxxxxxxx
Created an attachment (id=7394)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7394)
sample capture + screenshots
Build Information:
1.7.0 (rev 39768), windows vista x32
1.6.3 windows vista x32
1.4.6 windows vista x32 / Ubuntu 10.04
--
Precondition:
Preferences/Protocols/TCP/Allow Reassembling - true
Preferences/Protocols/HTTP/Reassemble HTTP bodies - true
When HTTP response has no Content-Length
(e.g. HTTP/1.0 response or Transfer-Encoding: chunked) - the attempt to
reassebmle body fails as dissector does not know where message ends.
However, according to HTTP RFC, Content-Length should be deduced from transport
level properties, e.g. when the underlying stream is closed, the message is
considered closed as well.
When server's dst port HTTP TCP stream receives or sends FIN flag, the http
dissector must suppose that last response is complete and report reassembling
completion.
Attached archive has three files : sample capture file and two screenshots with
"Reassemble HTTP bodies" option turned on and off.
Capture contains complete HTTP/1.0 response at packet #5, however if
"reassemble HTTP bodies" is on, it is marked as 'TCP' protocol and [Reassembled
PDU] info (screen-fail.png). The message is completed with the packet #6 having
FIN + ACK flags set, but http dissector does not detect body end.
When "Reassemble HTTP bodies" is off, packet #5 is shown as 'HTTP' protocol
(screen-expected.png)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.