On Jul 27, 2010, at 2:58 PM, george_vandelet@xxxxxxxxx wrote:
> Since there are around 40 different http headers and they seem to be put in different orders by different applications, does the wireshark tool offer a reasonably simple way to put them in some sort of order for analysis (other than the order in which they came on the wire)?
Unfortunately, no.
What do you mean by "analysis"? If it's not just "manually looking at the packets", you might be able to have a tap (which I think can be written in Lua, at least if your Wireshark build includes the Lua interpreter and it's enabled) that looks at the headers Wireshark knows about (a subset of all the possible headers - the top-of tree version knows about
Authorization
Proxy-Authorization
Proxy-Authenticate
WWW-Authenticate
Content-Type
Content-Length
Content-Encoding
Transfer-Encoding
User-Agent
Host
Connection
Cookie
Accept
Referer
Accept-Language
Accept-Encoding
Date
Cache-Control
Server
Location
Set-Cookie
Last-Modified
X-Forwarded-For
as named fields) and not only sorts them but performs other processing to get you the ultimate answer you're looking for.