why protocol is not showing as HTTP eventhough we sent http request ?

asked 2017-11-03 10:36:19 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

why protocol is not showing as HTTP eventhough we sent http request ?

This is my scenario : We are sending the HTTP traffic via proxy and capturing the traffic in proxy device. For some reasons, the protocol is showing as TCP for HTTP request and response , eventhough we send the valid http request via curl. After disabling the allow subdissector to reassemble TCP streams in Edit-> Preferences -> TCP protocol , then the HTTP protocol is displaying properly. But in this scenario, we are not able to export HTTP objects , since it is coming it as multiple segments/chunked .

The main requirement is to export HTTP objects with enabling the "allow subdissector to reassemble TCP streams" option and protocol should display as HTTP protocol.

Any pointers are appreciated .

Thanks,

edit retag flag offensive close merge delete

Comments

Wireshark version?

Jaap gravatar imageJaap ( 2017-11-03 10:47:00 +0000 )edit

Seen in wireshark 2.4.0/1/2

Kumaran Shanmugam gravatar imageKumaran Shanmugam ( 2017-11-03 11:02:54 +0000 )edit

If you need an info on pcap, then I can share the pcap file

Kumaran Shanmugam gravatar imageKumaran Shanmugam ( 2017-11-03 11:03:35 +0000 )edit

Yes, a PCAP file would be useful. Actually, given the description, I'd suggest simply opening a bug report at https://bugs.wireshark.org

JeffMorriss gravatar imageJeffMorriss ( 2017-11-03 13:19:52 +0000 )edit