Guy Harris wrote:
Yang Zhang wrote:
Hi, I captured some packets with the filter "tcp port 80 and host
www.facebook.com". As a result I see a bunch of individual packets -
some HTTP, some just TCP, with many of the HTTP messages segmented.
I can ignore the TCP-only packets by typing in 'http' in the filter box,
but is there some way to merge the HTTP packets to be whole, unsegmented
requests/responses?
Do you have the HTTP preferences
Reassemble HTTP headers spanning multiple TCP segments
Reassemble HTTP bodies spanning multiple TCP segments
and the TCP preference
Allow subdissector to reassemble TCP streams
turned on? If so, Wireshark should reassemble HTTP requests and responses.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
All of these appear to be enabled.
Here's what I'm seeing:
http://img90.imageshack.us/img90/588/capturingwiresharknw4.png
Follow TCP stream just merges all the HTTP requests/responses together
and doesn't do things like gunzip the contents. Also, I'm actually
doing "... and net 69.63" rather than "and host www.facebook.com".
