Wireshark-users: Re: [Wireshark-users] WSDL / XML support?

From: "Luis EG Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Mon, 17 Sep 2007 21:30:53 +0200
That was more a note for other developers, we've broken something
between 0.99.0 and now either in tcp reassembly or in http's way to
use it, and we have to fix it. "HEAD" is the most current version in
the source code repository, and it fails as well as 0.99.6.

I've opened a bug report and attached the capture you gave.

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1851

You should add yourself to the CC: list of the bug so you'll be
notified whenever this is fixed.

Luis

On 9/17/07, jacob c <jctx09@xxxxxxxxx> wrote:
> So does this reply mean that Wireshark just doesn't decode it correctly?
> What do you mean by HEAD fails on this?
>
> Luis EG Ontanon <luis.ontanon@xxxxxxxxx> wrote:
> 0.99.0 could decode it (no Content-Length Chunked encoding) but HEAD
> fails on this.
>
>
> On 9/13/07, jacob c wrote:
> > I appreciate the help. I installed v0.99.6a but no luck. I am attaching
> the
> > trace for your review. I do appreciate all the help.
> >
> > Thank you,
> >
> > Guy Harris wrote:
> >
> > On Sep 12, 2007, at 12:49 PM, jacob c wrote:
> >
> > > I'm not totally sure I'm following but.. HTTP Reassembly is enabled
> > > (checkmarked) under Edit > Prefrences > HTTP if that is what you mean.
> >
> > Yes, that's what I mean.
> >
> > > I am attaching a screenshot so you can see the display window.
> >
> > Unfortunately, we need more information than that to debug the
> > problem; if you could give us the full capture file or, at minimum,
> > all the packets in that TCP connection, that'd help (and would
> > probably take less time to download from a mail server than a
> > screenshot, as per Luis's mail).
> >
> > > The replies do show up as "HTTP Continuation" in Ethereal 0.99.0
> >
> > ...which means either that you didn't have HTTP reassembly enabled in
> > 0.99.0 or it wasn't working in 0.99.0 (I forget whether it was in
> > 0.99.0 or not; there have been changes to it since then).
> >
> > > but not in Wireshark 0.99.5 which I am currently using
> >
> > 0.99.5 isn't "the current version of Wireshark"; 0.99.6 is. Try that.
> >
> > > so perhaps I don't have an option configured correctly. Also, even
> > > in Ethereal 0.99.0 it does not decode the WSDL information with or
> > > without reassembly enabled.
> >
> > If it shows up as "HTTP Continuation" in 0.99.0 regardless of whether
> > HTTP reassembly is enabled, it probably means reassembly isn't
> > happening for some reason. Without seeing the packets we can't
> > determine what reason that might have been in 0.99.0 and why the
> > reassembly doesn't finish in 0.99.5.
> >
> > > It just shows up as HTTP data but perhaps Wireshark could decode it
> > > once I get it configured correctly. -??
> >
> > Only if getting it configured correctly means making the reassembly
> > happen correctly. Wireshark doesn't dissect HTTP traffic as anything
> > other than raw data if that traffic isn't part of the first TCP
> > segment of a request or reply and isn't reassembled along with the
> > first segment; that's by design (otherwise, it doesn't know *how* to
> > dissect it - it has to see the Content-Type header, for example).
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> >
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
> > ________________________________
> > Moody friends. Drama queens. Your life? Nope! - their life, your story.
> > Play Sims Stories at Yahoo! Games.
> >
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> >
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>  ________________________________
>  Check out the hottest 2008 models today at Yahoo! Autos.
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan