Wireshark-users: Re: [Wireshark-users] http Content-Encoding: gzip not decoding

From: "Barry Gould" <mailinglists@xxxxxxxxxxxxxxxxx>
Date: Wed, 23 Jul 2008 17:57:58 -0700 (PDT)
Hi, I too am having problems with Wireshark (1.0.2 from Fedora 9) not
decoding gzip'd http traffic.

I do have libz compiled in, according to -v and about:
"Compiled with GTK+ 2.12.11, with GLib 2.16.4, with libpcap 0.9.8, with libz
1.2.3, without POSIX capabilities, with libpcre 7.3, without SMI, without
ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.4.0, with MIT
Kerberos, without PortAudio, without AirPcap."

I'm trying to view the transcript with the "follow tcp stream" command,
and all the html is compressed.

Is there something else that has to be done to get the decoding active?

Thanks,
Barry



Re: [Wireshark-users] http Content-Encoding: gzip not decoding

Stephen Fisher
Sat, 09 Feb 2008 13:48:25 -0800

On Fri, Feb 08, 2008 at 09:41:16AM -0800, Bob Keyes wrote:

> Packets are sniffed, tcp streams assembled, but when it comes time to
> decode gzip encoded content, I get nowhere. I am running 0.99.6 on
> Ubuntu Gutsy.

I just verified that my copy of Wireshark uncompresses the gzip
compressed html at the Amtrak web site and shows it to me.  Is your copy
of Wireshark compiled with zLib (libz)?  You can check by doing
wireshark -v or going to the Help - About menu in Wiresdhark.  It should
say "Compiled ... with libz x.y.z ..."


Steve