Wireshark-users: Re: [Wireshark-users] WSDL / XML support?

From: jacob c <jctx09@xxxxxxxxx>
Date: Mon, 17 Sep 2007 11:56:15 -0700 (PDT)
So does this reply mean that Wireshark just doesn't decode it correctly? What do you mean by HEAD fails on this?

Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
0.99.0 could decode it (no Content-Length Chunked encoding) but HEAD
fails on this.


On 9/13/07, jacob c wrote:
> I appreciate the help. I installed v0.99.6a but no luck. I am attaching the
> trace for your review. I do appreciate all the help.
>
> Thank you,
>
> Guy Harris wrote:
>
> On Sep 12, 2007, at 12:49 PM, jacob c wrote:
>
> > I'm not totally sure I'm following but.. HTTP Reassembly is enabled
> > (checkmarked) under Edit > Prefrences > HTTP if that is what you mean.
>
> Yes, that's what I mean.
>
> > I am attaching a screenshot so you can see the display window.
>
> Unfortunately, we need more information than that to debug the
> problem; if you could give us the full capture file or, at minimum,
> all the packets in that TCP connection, that'd help (and would
> probably take less time to download from a mail server than a
> screenshot, as per Luis's mail).
>
> > The replies do show up as "HTTP Continuation" in Ethereal 0.99.0
>
> ...which means either that you didn't have HTTP reassembly enabled in
> 0.99.0 or it wasn't working in 0.99.0 (I forget whether it was in
> 0.99.0 or not; there have been changes to it since then).
>
> > but not in Wireshark 0.99.5 which I am currently using
>
> 0.99.5 isn't "the current version of Wireshark"; 0.99.6 is. Try that.
>
> > so perhaps I don't have an option configured correctly. Also, even
> > in Ethereal 0.99.0 it does not decode the WSDL information with or
> > without reassembly enabled.
>
> If it shows up as "HTTP Continuation" in 0.99.0 regardless of whether
> HTTP reassembly is enabled, it probably means reassembly isn't
> happening for some reason. Without seeing the packets we can't
> determine what reason that might have been in 0.99.0 and why the
> reassembly doesn't finish in 0.99.5.
>
> > It just shows up as HTTP data but perhaps Wireshark could decode it
> > once I get it configured correctly. -??
>
> Only if getting it configured correctly means making the reassembly
> happen correctly. Wireshark doesn't dissect HTTP traffic as anything
> other than raw data if that traffic isn't part of the first TCP
> segment of a request or reply and isn't reassembled along with the
> first segment; that's by design (otherwise, it doesn't know *how* to
> dissect it - it has to see the Content-Type header, for example).
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
> ________________________________
> Moody friends. Drama queens. Your life? Nope! - their life, your story.
> Play Sims Stories at Yahoo! Games.
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


Check out the hottest 2008 models today at Yahoo! Autos.