Ask Your Question
0

Garbled text issue from unencrypted communication.

asked 2019-06-22 10:00:16 +0000

JimmyMcnulty gravatar image

updated 2019-06-22 11:27:31 +0000

I applied a filter (host xxxx) and sent a http request to the host using the browser. The site doesn’t force the request to https. I was expecting the response in plain text format. Instead the text I see is garbled? Why is this happening?Below is the link to the file: https://drive.google.com/file/d/1h8N7...

edit retag flag offensive close merge delete

Comments

Very difficult to comment on the issue without access to the capture file. Please post the capture file on a public share, e.g. Google Drive, DropBox etc, and post a link back to the share here.

grahamb gravatar imagegrahamb ( 2019-06-22 10:30:54 +0000 )edit

@grahamb Added the link to the file

JimmyMcnulty gravatar imageJimmyMcnulty ( 2019-06-22 11:29:16 +0000 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2019-06-22 15:25:10 +0000

grahamb gravatar image

The capture file (when viewed in Wireshark) shows perfectly normal HTTP traffic.

As the capture file was named r1.txt, are you trying to view the capture file in a text editor? If so, then you'll be looking at the binary capture file which is not human readable.

edit flag offensive delete link more

Comments

The reassembled tab is not visible in wireshark. How do I view the reassembled packets as normal text? Also how do I save the file as reassembled?

JimmyMcnulty gravatar imageJimmyMcnulty ( 2019-06-23 05:41:09 +0000 )edit

As is usual when a browser is accessing an HTTP site, a number of connections are made and each contains data. To see this open your capture in Wireshark and then open the Conversations dialog from the menu Statistics -> Conversations and as HTTP runs over TCP, select the TCP tab.

You should see 10 conversations, but only 3 are of interest, those with a packet count in double figures. Select the first such conversation (17 packets) and click the "Follow Stream ..." button at the bottom of the dialog.

This opens another dialog that shows the contents of this particular conversation, and you should see some text corresponding to the HTTP conversation followed by random text. This is because the website has responded with gzip compressed data, as can be seen in the HTTP header Content-Encoding: gzip.

To see the decompressed data, close the "Follow Stream" dialog and in the ...(more)

grahamb gravatar imagegrahamb ( 2019-06-23 10:24:08 +0000 )edit

This works. Thanks a lot.

JimmyMcnulty gravatar imageJimmyMcnulty ( 2019-06-23 13:15:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-06-22 10:00:16 +0000

Seen: 743 times

Last updated: Jun 22 '19