I applied a filter (host xxxx) and sent a http request to the host using the browser. The site doesn’t force the request to https. I was expecting the response in plain text format. Instead the text I see is garbled? Why is this happening?Below is the link to the file: https://drive.google.com/file/d/1h8N7...
The capture file (when viewed in Wireshark) shows perfectly normal HTTP traffic.
As the capture file was named r1.txt, are you trying to view the capture file in a text editor? If so, then you'll be looking at the binary capture file which is not human readable.
The reassembled tab is not visible in wireshark. How do I view the reassembled packets as normal text? Also how do I save the file as reassembled?
As is usual when a browser is accessing an HTTP site, a number of connections are made and each contains data. To see this open your capture in Wireshark and then open the Conversations dialog from the menu Statistics -> Conversations and as HTTP runs over TCP, select the TCP tab.
You should see 10 conversations, but only 3 are of interest, those with a packet count in double figures. Select the first such conversation (17 packets) and click the "Follow Stream ..." button at the bottom of the dialog.
This opens another dialog that shows the contents of this particular conversation, and you should see some text corresponding to the HTTP conversation followed by random text. This is because the website has responded with gzip compressed data, as can be seen in the HTTP header Content-Encoding: gzip.
To see the decompressed data, close the "Follow Stream" dialog and in the ...
Asked: 2019-06-22 10:00:16 +0000
Seen: 760 times
Last updated: Jun 22 '19
Very difficult to comment on the issue without access to the capture file. Please post the capture file on a public share, e.g. Google Drive, DropBox etc, and post a link back to the share here.
@grahamb Added the link to the file